Saturday, October 13, 2012 at 11:30PM
Description: Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker
Uses: Alert to potiential threats, watch how hackers operate, gather exploits and malware
http://bruteforce.gr/honeybox Honeybox is a distro that contains numerous honeypot software, all on a single box. Additionally, the distro preconfigures the honeypot to utilize some of the many enhancements Brutforce Labs have created for these honeypots.
*If at home, to make this accessible from the internet you will need to enable port forwarding at your modem, and potientially your Virtual Machine software.
kippo/kippo.cfg : Main configuration file
kippo/honeyfs : This is the fake filesystem that wll be presented to the user.
kippo/data/userdb.txt : This file allows us to modify the username and password combinations that will work when attackers attempt to log into the honeypot.
kippo/log/tty/ : In this directory you will find the logs for each session established by attackers.
- will start kippo
/kippo/utils/playlog.py : Replay an attacker session from the kippo/log/tty directory.
Usage: playlog.py [-bfhi] [-m secs] [-w file] <tty-log-file>
-f keep trying to read the log until it's closed
-m <seconds> maximum delay in seconds, to avoid boredom or fast-forward to the end. (default is 3.0)
-i show the input stream instead of output
-b show both input and output streams
-c colorify the output stream based on what streams are being received
-h display this help