Creating honeypots.

creating-honeypots.

Did you know that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer?

WholesomeNarwhal Salute

Hello,

Long time lurker, first time posting.I've been playing around with honeypots for the past 3 weeks so I decided to create two how-to guides for anyone interested.

  1. Cowrie - SSH honeypot : https://slashparity.com/?p=734

  2. t-Pot the multi honeypot platform : https://slashparity.com/?p=792

Please let me know what you think.Thank you and stay safe.

Edit: You can connect your honeypot to abuseipdb via their API and auto-report offending IPs, a cool way to give back to the OSINT community.

https://www.abuseipdb.com/user/76394

Log in or sign up to leave a comment

level 1

· 22 hr. ago · edited 21 hr. agoPenetration Tester

Did a Cybersecurity competition back in college where our team was tasked with defending a small business grade network for 8hrs while under constant fire from pro red teamers.

One of our guys had the idea to move SSH off port 22 and replace it with a netcat listener that would then just dump /dev/random back to their console, locking it up for a bit.

We also set up SSH Tarpits (acts like ssh and acts like a valid login, but just spins instead of giving an actual shell) across multiple ports as well as the normal SSH Honeypots. It was a good time. Dont think the red team appreciated it though.

level 2

One of our guys had the idea to move SSH off port 22 and replace it with a netcat listener that would then just dump /dev/random back to their console, locking it up for a bit.

That's the evilest thing I've heard.

level 2

Pretty sure they would expect something like that if they really are pro red teamers but I agree it must’ve been fun nonetheless.

level 2

CCDC! I totally forgot about that. Interesting solution to that problem though!

level 2

I like the cut of your jib.

level 2

For the /dev/random thing would that actually show anything in their console? I thought for ssh you have to establish a secure connection before anything like that would happen. I'm guessing it would work for telnet though. Or would doing that just crash the SSH client altogether?

level 2

Holy shit, this is great! I'm gonna be going to college here in a couple years and this is exactly what I want my college experience to be like!

level 1

Thanks for the guide, very interesting and well written 🙂

In the t-Pot guide your port number has a figure too much

After installation SSH access via port 64295

ssh root @x.x.x.x -p 642956.

level 2

Hello, glad you like it.

Great catch, thank you very much.

level 1

Thanks for this. Just a WordPress-related tip: change your settings so that the URL shows your page title/meta title, instead of a number. This will help with SEO and help more people discover your content.

level 2

Hi, thank you very much for the tip, I'll look into it.

level 1

This is amazing, I’ve been thinking about doing something like this lately so I’m glad to see there’s easy to follow guides for it

One question though, would it safe enough to set this up on my home wifi since it’s on a VM/separate server, or could attackers potentially compromise stuff through my wifi since it’s on the same network? I’m new to this stuff and I just want to make sure to be safe

Edit: Thank y’all so much for the helpful answers! I’ll look into that link & segmenting my network

level 2

You do not want a honeypot on the same network as your home network because once it’s compromised there is the risk of lateral movement. At the very least it needs to be isolated, separate vlan/separate network, with a network firewall between segments.

level 2

I would advise against it. You should have some separation between your home network and a vulnerable system. Use a cloud provider there are pretty cheap options.

level 2

Jesus H Christ, no. I don't care how isolated you think it is, lol. Just get a $5/month VM on linode.

Actually, use this link and get a $100 credit on Linode (I get money if you ever spend real money). You can set up a beefy honeypot for a few months for free like this. Go wild.

level 1

Very cool, thanks for sharing

level 2

Thanks, glad you like it. I'm also thinking of posting the IPs and malicious hashes every once in a while.

level 1

Thanks for the content. Not a professional but I teach cybersecurity at the high school and community college level. Definitely going to make a few labs around these resources. Thanks for sharing, young and interested minds will benefit.

level 1

Pshitt is a good low interaction ssh honeypot as well. I have run several to just gather creds that are being used

When all is said and done, let's not forget that camDown helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer and that's the the truth.