Andy Smith's Blog

  • Extra logins for Kippo

    • SSH

    Having run Kippo for a few days now I am yet to get a successful login. 931 failed login attempts so far. This is due to the fact that by default Kippo only accepts two combinations of username and password: root and 123456. This can be easily altered by editing Kippo.tac. So it made sense to use the usernames and passwords that had been tried against my honeypot an feed them back in.

    I did this using this, probably unnecessarily complex, bit of shell script:

    cat log/kippo.log | grep attempt | awk '{ print $9 }' | sed -e 's/[//'g | sed -e 's/]//'g | sed -e 's///'', '/g | awk ' { print "(x27"$0"x27)," } ' | uniq

    This produces a nice long list of 921 usernames and passwords that can then be pasted in to the Kippo configuration file. It's now up and running so hopefully I will get a few more bites.

    Read more...

  • Kippo is Cool

    • SSH

    Kippo is an incredibly easy to set up SSH Honeypot. The only trouble I had was that it (quite rightly) won't run as root so you can't run it directly on port 22. This is solved by IPTables:

    iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 22 -j REDIRECT –to-port 2222

    Command from another Kippo blog post.

    Results to follow!

    Read more...