Introduction
Hello to all of the Hackers ! I’m back for a new Tutorial. I’m sorry for the long delays of this tutorial to come.
But let’s get started !
What is a Honey pot ?
Before we start to delve into the Tutorial here some informations about what is Honeypot
Honey Pot Systems are decoy servers or systems setup to gather information regarding an attacker or intruder into your system. It is important to remember that Honey Pots do not replace other traditional Internet security systems; they are an additional level or system.
Source : What is a Honeypot SANS.org
So with a Honey pot we can trap Hackers ( and script kiddies ) and learn more about how they try to hack your server and what kind of automated hack they do.
If you want to analyse how hackers do their hacks, I hope you have a little server on the internet
Setup the Honey Pot : SSH Honey pot a.k.a Kippo
Now that you know what is an Honey pot , time to start your installation !
Install your Honeypot
update and upgrade your system
apt-get update
apt-get upgrade
Download the dependencies needed
apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted
download kippo
git clone https://github.com/desaster/kippo
Create a new user
useradd kippo
kippo won’t run if you try to launch it with a root account
move your the kippo folder to your new user home directory
The installation is done.
Configure your Honey Pot !
Configure your SSH access
Before you configure kippo, let’s configure your ssh port
sed -e 's/^Port.*/Port 443/' /etc/ssh/sshd_config
service ssh restart
Here I use the port 443 to connect to my ssh server so I can access to my server behind a firewall
Configure kippo
the file kippo.cfg.dist contains the basic configuration of the honeypot
Here you can change the name of your server and more option.
Here the fake ssh server run on port 2222
add an iptables rule to redirect 22 to 2222
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222
Create Fake file system
Create a fake filesystem with createfs.py and put the file fs.pickle in your kippo directory
./createfs.py > fs.pickle
You can start your honey pot ./start.sh
More Thing to do !
Add password for fake authentication
Now your honeypot is configured. You can add password in the folder
data/userdb.txt
Download a wordlist and run this command
sed -e 's/^/root:0:/' rockyou.txt > userdb.txt
You will have some good password to your list.
Create fake command output
You can create fake command output in
kippo/txtcmds/bin/
for exemple
ps -ef > ps
or you can write your own output
All the attempts will be log to kippo.log in the log folder
This was a little tutorial on how to setup a SSH honey pot, Hope you enjoy !