As promised in the previous review of HoneyDrive, here is the video review/tutorial video on HoneyDrive. To see a txt version of what I cover in this video please go to that article
Description: Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker
Uses: Alert to potiential threats, watch how hackers operate, gather exploits and malware
http://bruteforce.gr/honeybox Honeybox is a distro that contains numerous honeypot software, all on a single box. Additionally, the distro preconfigures the honeypot to utilize some of the many enhancements Brutforce Labs have created for these honeypots.
*If at home, to make this accessible from the internet you will need to enable port forwarding at your modem, and potientially your Virtual Machine software.
Usage:
kippo/kippo.cfg : Main configuration file
kippo/honeyfs : This is the fake filesystem that wll be presented to the user.
kippo/data/userdb.txt : This file allows us to modify the username and password combinations that will work when attackers attempt to log into the honeypot.
kippo/log/tty/ : In this directory you will find the logs for each session established by attackers.
./start.sh
- will start kippo
/kippo/utils/playlog.py : Replay an attacker session from the kippo/log/tty directory.
Sunday, December 30, 2012 at 12:21PM