Trap the Hackers! Kippo SSH Honeypot

honeypot
kippo
ssh
hacking

#1

Introduction


Hello to all of the Hackers ! I’m back for a new Tutorial. I’m sorry for the long delays of this tutorial to come.
But let’s get started !

What is a Honey pot ?

Before we start to delve into the Tutorial here some informations about what is Honeypot

Honey Pot Systems are decoy servers or systems setup to gather information regarding an attacker or intruder into your system. It is important to remember that Honey Pots do not replace other traditional Internet security systems; they are an additional level or system.

Source : What is a Honeypot SANS.org

So with a Honey pot we can trap Hackers ( and script kiddies ) and learn more about how they try to hack your server and what kind of automated hack they do.

If you want to analyse how hackers do their hacks, I hope you have a little server on the internet :slight_smile:

Setup the Honey Pot : SSH Honey pot a.k.a Kippo


Now that you know what is an Honey pot , time to start your installation !

Install your Honeypot

update and upgrade your system

apt-get update
apt-get upgrade

Download the dependencies needed

apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted 

download kippo

git clone https://github.com/desaster/kippo

Create a new user

useradd kippo

kippo won’t run if you try to launch it with a root account

move your the kippo folder to your new user home directory

The installation is done.

Configure your Honey Pot !


Configure your SSH access

Before you configure kippo, let’s configure your ssh port

sed -e 's/^Port.*/Port 443/' /etc/ssh/sshd_config
service ssh restart

Here I use the port 443 to connect to my ssh server so I can access to my server behind a firewall

Configure kippo

the file kippo.cfg.dist contains the basic configuration of the honeypot

Here you can change the name of your server and more option.

Here the fake ssh server run on port 2222

add an iptables rule to redirect 22 to 2222

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-port 2222

Create Fake file system

Create a fake filesystem with createfs.py and put the file fs.pickle in your kippo directory

./createfs.py > fs.pickle

You can start your honey pot ./start.sh

More Thing to do !


Add password for fake authentication

Now your honeypot is configured. You can add password in the folder

data/userdb.txt

Download a wordlist and run this command

sed -e 's/^/root:0:/' rockyou.txt > userdb.txt

You will have some good password to your list.

Create fake command output

You can create fake command output in

kippo/txtcmds/bin/

for exemple

ps -ef > ps

or you can write your own output :slight_smile:

All the attempts will be log to kippo.log in the log folder

This was a little tutorial on how to setup a SSH honey pot, Hope you enjoy !

@L3akM3-0day


(Command-Line Ninja) #2

NICE. I was actually considering looking into something like this but never got around to it! Awesome article @L3akM3-0day, Bookmarked and Liked!

I am so exited to see what else you will share :slight_smile:


#3

I have a lot of free time now , I will be a lot more active ! I was thinking about making a Youtube channel about Security and hacking ( in french and maybe english ). Now I will work on malware, assembly programing and scripting :slight_smile: Hope I can share my knowledge with the community and improve my english :stuck_out_tongue:


#4

Nice article mate! I have actually considered starting a honey pot, although me and my ignorant self decided that it might not work out as planned due to honey pots being common now! Props on the article!


(Command-Line Ninja) #5

You’d be very surprised at the results. There are a lot of automated bots that scan for ‘vulnerable’ servers; mainly from China & Russia.


#6

Yeah mainly China for me and sometime they upload malware/rootkit to stay on your server !


#7

Ah thanks for the info!


(system) #8

This topic was automatically closed after 30 days. New replies are no longer allowed.