SlideShare a Scribd company logo
1 of 34
Download to read offline
HoneyPots
Hands-on session
By :
(1)Rushikesh Kulkarni
(2)Samarth Suresh
General understanding :
Honeypots are network connected
devices that look very vulnerable and
attractive in the eyes of a hacker but the
sole reason for their existence is that they
are meant to be hacked. The honeypot
can also be referred as a computer
security mechanism.
So basically, the system is designed to
intentionally have vulnerabilities.
(1)A group of such Honeypots are called Honeynets. They
are multiple systems that are present on a network all of
which are vulnerable and can be hacked
(2)Honeynets can also contain real time applications and
services in order to attract the hacker to exploit the
system.
(3)These applications are given attractive names like
finance or important documents,etc.
Why do they exist?
(1)Leaves a vulnerable system
on your network.
(2)Designing a system for the
task is tedious.
(3)Expensive while building
commercial honeypots.
Main reasons for existence :
(1) You realise the different types of attacks that can be implemented
and hence develop more secure and reliable networks.
(1) Develop an alert system during the process of breaching the
network.
(1) To have an in depth study of the activities of the hackers.
(1) Diverting the user from the original application, hence giving the
hacker the misconception that he/she managed to hack the system.
Types of honeypots:
(1)Database Honeypots
Databases are most vulnerable to sqli attacks. So the most
databases today include the honeypot architecture.Intruder
runs through a trap database while the web application still
remains functional.
(1)Email traps also called Spam-traps
Used for collecting spam messages.
The honeypot detects a message is spam and hence further
blocks that email address from sending it to another user on
the same network.
Types of honeypots:
(3) Malware Honeypot :
Make a copy of the existing malware and test it by running
the existing malware vectors. This can be used for scanning
of USB’s to test for malware.
(4) Pure honeypot :
Full copy of a production system. For example : Make an
instance of a working application and redirect the attacker to
a fake database.
Based on interaction with an attacker :
(1)Low interaction Honeypot :
Simulate only the services frequently requested by the
attackers. Is mainly used to just alert.
(2) Medium interaction Honeypot :
Offers more activity than low interaction honeypots and less
than high.
(3) High interaction Honeypot :
Imitates the activities of a real system. Offers a wide variety of
services to the attacker. Lets the user interact as much as
possible with the OS. Commercially expensive.
Hands on Session
(1)Working with
HoneyDrive
(2)Working with
Pentbox.
PentBox
Penetration Testing Tool
Programmed in Ruby , it is a
security kit that will help ethical
hackers to perform their job more
easily.
Compatible with Windows,Linux ,
MacOS.
Open source.
Installation in
Linux:
(1)Download the file in
browser. Url is :
https://sourceforge.net/proje
cts/pentbox18realised/files/l
atest/download
(2)Extract the zipped file using
Tar -xvf filename
(3) Go to the folder and start
Pentbox. (pentbox.rb)
Honeypots
Honeypots
(1)Select Auto Configuration starts the honeypot service
on Port 80 which is the Web Service port.
Honeypots
Question :
Access Denied but are we missing
something ?
(1)Get statement specifies what the user is trying to extract from during the request. The default is
favicon.ico
(2)Host is the IP address
(3)User-Agent : Name of the Browser followed by the Linux OS. Gecko is the browser engine used
by Mozilla
(4)Accept : The type of the data the user wants to receive.
(5)Accept language - Language in which the data will be received.
(6)Connection : Type of connection . Persistent or Non-persistent. If persistent then connection is not
closed after every request.
Question :
(1)What if the user tries to insert a query while pinging?
(1)Will the request be seen at the admin side?
Answer :
Yes. It will be.
This helps us to track the user’s activity .
Step 2 : Manual Configuration
Question :
What is port 23 used for ?
How do you ping to port 23?
Honeypots
Task :
Setup a Honeypot service on port 22.
HoneyDrive
(1) Linux distro.
(2) Virtual appliance with Xubuntu
(3)It is the premier honeypot OS, it has about 10 pre configured
honeypot software packages such as Kippo SSH, Dionaea malware
honeypots,Honeyd,etc.
(4) More than 90 tools present for malware analysis,forensics and
network monitoring tools.
The most importants file, the README file on desktop
contains all the details to the configurations of the various
honeypots and the malware scanning tools.
The paths, passwords,etc are all stored in the README
file.
Kippo
Kippo is a medium interaction SSH Honeypot written in
Python.
The main job of Kippo is to log brute force attacks on the
system, collect the entire information about the entire shell
interaction made by the attacker.
Kippo consists of a fake filesystem, tricking the attacker into
thinking that it is a legitimate one.
Interesting features of Kippo :
(1)Fake filesystem with ability to add/remove files. The
system resembles a Debian 5.0 installed
(2)Adding contents to important files like
passwords,databases,etc.
(3)Session logs are stored and complete analysis of the
user is done using kippo-graph.
To start Kippo :
(1)Browser to your /honeydrive/kippo folder.
(2)Start kippo using the command ./start.sh
(3)You will receive a message which says kippo running in
background.
(4)Kippo successfully started.
To test Kippo :
(1)Open another terminal and try to ssh your localhost.
(2)Once you ping it , it asks for a password.
(3)Default password is ‘123456’.
(4)On entering password the symbol root@svr03 shows you
have successfully entered the fake filesystem.
(5)Browse through the fake file system and explore the files.
(6)Check nmap to see port 22 running.
Task 1 : CHANGE THE PASSWORD FOR AN
ATTACKER
Description : The default password was
‘123456’, add another password as
‘anonymousclub’ and ssh into your localhost.
Clue : Where do you think passwords would be
stored?!
Answer :
Browse to /honeydrive/kippo/data/userdb.txt
Add another line to the file
root:0:anonymousclub
Save and exit. Now ssh back to check if
working.
Where do you think the details of the entire
configuration for the honeypot are stored?
Just browse to kippo.cfg in the same kippo
folder. It contains all the details to configure the
honeypot.
Kippo-Graph - The tool for analysing the attacker.
(1)Go to your web browser and type in
http://localhost/kippo-graph/
(2) Select on Kippo-graph.
(3) Select on Kippo-input.
(4) Select on Kippo-playlog.
(5) Select on Kippo-IP.
Based on the understanding of the filesystem, complete the
following task.
Task : Modify the fake filesystem to add a new file or directory
to the system such that every time an attacker tries to ssh
into the system, it will show your created file system.
Clue: Recall how the fake filesystem is actually built using
python script and pickle.

More Related Content

What's hot

Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deceptionmilad saber
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 

What's hot (20)

Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deception
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
 
Honeypot
HoneypotHoneypot
Honeypot
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
 

Similar to Honeypots

Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzDeepanshu Gajbhiye
 
Unix, Linux, And Windows Server Critique Essay
Unix, Linux, And Windows Server Critique EssayUnix, Linux, And Windows Server Critique Essay
Unix, Linux, And Windows Server Critique EssaySarah Michalak
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in TeluguSravani Reddy
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?HackIT Ukraine
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 

Similar to Honeypots (20)

Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
Playing with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritzPlaying with fuzz bunch and danderspritz
Playing with fuzz bunch and danderspritz
 
Linux
LinuxLinux
Linux
 
Unix, Linux, And Windows Server Critique Essay
Unix, Linux, And Windows Server Critique EssayUnix, Linux, And Windows Server Critique Essay
Unix, Linux, And Windows Server Critique Essay
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in Telugu
 
Introduction to FOSS
Introduction to FOSSIntroduction to FOSS
Introduction to FOSS
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
App armor structure
App armor structureApp armor structure
App armor structure
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkit
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 

Recently uploaded

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 

Recently uploaded (20)

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 

Honeypots

  • 1. HoneyPots Hands-on session By : (1)Rushikesh Kulkarni (2)Samarth Suresh
  • 2. General understanding : Honeypots are network connected devices that look very vulnerable and attractive in the eyes of a hacker but the sole reason for their existence is that they are meant to be hacked. The honeypot can also be referred as a computer security mechanism. So basically, the system is designed to intentionally have vulnerabilities.
  • 3. (1)A group of such Honeypots are called Honeynets. They are multiple systems that are present on a network all of which are vulnerable and can be hacked (2)Honeynets can also contain real time applications and services in order to attract the hacker to exploit the system. (3)These applications are given attractive names like finance or important documents,etc.
  • 4. Why do they exist? (1)Leaves a vulnerable system on your network. (2)Designing a system for the task is tedious. (3)Expensive while building commercial honeypots.
  • 5. Main reasons for existence : (1) You realise the different types of attacks that can be implemented and hence develop more secure and reliable networks. (1) Develop an alert system during the process of breaching the network. (1) To have an in depth study of the activities of the hackers. (1) Diverting the user from the original application, hence giving the hacker the misconception that he/she managed to hack the system.
  • 6. Types of honeypots: (1)Database Honeypots Databases are most vulnerable to sqli attacks. So the most databases today include the honeypot architecture.Intruder runs through a trap database while the web application still remains functional. (1)Email traps also called Spam-traps Used for collecting spam messages. The honeypot detects a message is spam and hence further blocks that email address from sending it to another user on the same network.
  • 7. Types of honeypots: (3) Malware Honeypot : Make a copy of the existing malware and test it by running the existing malware vectors. This can be used for scanning of USB’s to test for malware. (4) Pure honeypot : Full copy of a production system. For example : Make an instance of a working application and redirect the attacker to a fake database.
  • 8. Based on interaction with an attacker : (1)Low interaction Honeypot : Simulate only the services frequently requested by the attackers. Is mainly used to just alert. (2) Medium interaction Honeypot : Offers more activity than low interaction honeypots and less than high. (3) High interaction Honeypot : Imitates the activities of a real system. Offers a wide variety of services to the attacker. Lets the user interact as much as possible with the OS. Commercially expensive.
  • 9. Hands on Session (1)Working with HoneyDrive (2)Working with Pentbox.
  • 10. PentBox Penetration Testing Tool Programmed in Ruby , it is a security kit that will help ethical hackers to perform their job more easily. Compatible with Windows,Linux , MacOS. Open source.
  • 11. Installation in Linux: (1)Download the file in browser. Url is : https://sourceforge.net/proje cts/pentbox18realised/files/l atest/download (2)Extract the zipped file using Tar -xvf filename (3) Go to the folder and start Pentbox. (pentbox.rb)
  • 14. (1)Select Auto Configuration starts the honeypot service on Port 80 which is the Web Service port.
  • 16. Question : Access Denied but are we missing something ?
  • 17. (1)Get statement specifies what the user is trying to extract from during the request. The default is favicon.ico (2)Host is the IP address (3)User-Agent : Name of the Browser followed by the Linux OS. Gecko is the browser engine used by Mozilla (4)Accept : The type of the data the user wants to receive. (5)Accept language - Language in which the data will be received. (6)Connection : Type of connection . Persistent or Non-persistent. If persistent then connection is not closed after every request.
  • 18. Question : (1)What if the user tries to insert a query while pinging? (1)Will the request be seen at the admin side?
  • 19. Answer : Yes. It will be. This helps us to track the user’s activity .
  • 20. Step 2 : Manual Configuration
  • 21. Question : What is port 23 used for ? How do you ping to port 23?
  • 23. Task : Setup a Honeypot service on port 22.
  • 24. HoneyDrive (1) Linux distro. (2) Virtual appliance with Xubuntu (3)It is the premier honeypot OS, it has about 10 pre configured honeypot software packages such as Kippo SSH, Dionaea malware honeypots,Honeyd,etc. (4) More than 90 tools present for malware analysis,forensics and network monitoring tools.
  • 25. The most importants file, the README file on desktop contains all the details to the configurations of the various honeypots and the malware scanning tools. The paths, passwords,etc are all stored in the README file.
  • 26. Kippo Kippo is a medium interaction SSH Honeypot written in Python. The main job of Kippo is to log brute force attacks on the system, collect the entire information about the entire shell interaction made by the attacker. Kippo consists of a fake filesystem, tricking the attacker into thinking that it is a legitimate one.
  • 27. Interesting features of Kippo : (1)Fake filesystem with ability to add/remove files. The system resembles a Debian 5.0 installed (2)Adding contents to important files like passwords,databases,etc. (3)Session logs are stored and complete analysis of the user is done using kippo-graph.
  • 28. To start Kippo : (1)Browser to your /honeydrive/kippo folder. (2)Start kippo using the command ./start.sh (3)You will receive a message which says kippo running in background. (4)Kippo successfully started.
  • 29. To test Kippo : (1)Open another terminal and try to ssh your localhost. (2)Once you ping it , it asks for a password. (3)Default password is ‘123456’. (4)On entering password the symbol root@svr03 shows you have successfully entered the fake filesystem. (5)Browse through the fake file system and explore the files. (6)Check nmap to see port 22 running.
  • 30. Task 1 : CHANGE THE PASSWORD FOR AN ATTACKER Description : The default password was ‘123456’, add another password as ‘anonymousclub’ and ssh into your localhost. Clue : Where do you think passwords would be stored?!
  • 31. Answer : Browse to /honeydrive/kippo/data/userdb.txt Add another line to the file root:0:anonymousclub Save and exit. Now ssh back to check if working.
  • 32. Where do you think the details of the entire configuration for the honeypot are stored? Just browse to kippo.cfg in the same kippo folder. It contains all the details to configure the honeypot.
  • 33. Kippo-Graph - The tool for analysing the attacker. (1)Go to your web browser and type in http://localhost/kippo-graph/ (2) Select on Kippo-graph. (3) Select on Kippo-input. (4) Select on Kippo-playlog. (5) Select on Kippo-IP.
  • 34. Based on the understanding of the filesystem, complete the following task. Task : Modify the fake filesystem to add a new file or directory to the system such that every time an attacker tries to ssh into the system, it will show your created file system. Clue: Recall how the fake filesystem is actually built using python script and pickle.