Sponsor

Security Videos

Entries in Honeybox (1)

Saturday
Oct132012

TekTip ep11 - Kippo SSH Honeypot

Description: Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker
Uses:  Alert to potiential threats, watch how hackers operate, gather exploits and malware
Installation:
http://bruteforce.gr/honeybox Honeybox is a distro that contains numerous honeypot software, all on a single box.  Additionally, the distro preconfigures the honeypot to utilize some of the many enhancements Brutforce Labs have created for these honeypots.
*If at home, to make this accessible from the internet you will need to enable port forwarding at your modem, and potientially your Virtual Machine software.
Usage:
kippo/kippo.cfg : Main configuration file
kippo/honeyfs :  This is the fake filesystem that wll be presented to the user.
kippo/data/userdb.txt :  This file allows us to modify the username and password combinations that will work when attackers attempt to log into the honeypot.
kippo/log/tty/ : In this directory you will find the logs for each session established by attackers.
./start.sh
- will start kippo
/kippo/utils/playlog.py : Replay an attacker session from the kippo/log/tty directory.
Usage: playlog.py [-bfhi] [-m secs] [-w file] <tty-log-file>
 -f             keep trying to read the log until it's closed
 -m <seconds>   maximum delay in seconds, to avoid boredom or fast-forward to the end. (default is 3.0)
-i             show the input stream instead of output
 -b             show both input and output streams
 -c             colorify the output stream based on what streams are being received
 -h             display this help
i.e.
~/kippo/utils/playlog.py 20121012-115031-8544.log
1aN0rmus@tekdefense.com