Description: TekTip - Ep11 - Kippo Medium interactive SSH Honeypot
http://code.google.com/p/kippo/
Description: Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker
Uses: Alert to potential threats, watch how hackers operate, gather exploits and malware.
Installation
Follow steps @ http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html
http://bruteforce.gr/honeybox Honeybox is a distro that contains numerous honeypot software, all on a single box. Additionally, the distro preconfigures the honeypot to utilize some of the many enhancements Bruteforce Labs have created for these honeypots.
*If at home, to make this accessible from the internet you will need to enable port forwarding at your modem, and potentially your Virtual Machine software.
Usage
kippo/kippo.cfg : Main configuration file
kippo/honeyfs : This is the fake filesystem that will be presented to the user.
kippo/data/userdb.txt : This file allows us to modify the username and password combinations that will work when attackers attempt to log into the honeypot.
kippo/log/tty/ : In this directory you will find the logs for each session established by attackers.
./start.sh - will start kippo
/kippo/utils/playlog.py : Replay an attacker session from the kippo/log/tty directory.
Usage: playlog.py [-bfhi] [-m secs] [-w file]
-f keep trying to read the log until it's closed
-m maximum delay in seconds, to avoid boredom or fast-forward to the end. (default is 3.0)
-i show the input stream instead of output
-b show both input and output streams
-c colorify the output stream based on what streams are being received
-h display this help
i.e. ~/kippo/utils/playlog.py 20121012-115031-8544.log
Fin
Tekdefense.com
1aN0rmus@tekdefense.com
http://www.securitytube.net/user/1aN0rmus
www.youtube.com/user/TekDefense
Tags: 1aN0rmus , TekDefense , Network Security , Cyber , SSH , Kippo , honeypot , Medium Interactive , Bruteforce lab , Honeybox , brute force , shell ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.