切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
326 蜜罐 kippo SSH[复制链接]
发表于 2012-10-14 12:33:46 | 显示全部楼层 |!read_mode!

蜜罐好比是情报收集系统。蜜罐好像是故意让人攻击的目标,引诱黑客前来攻击。所以攻击者入侵后,你就可以知道他是如何得逞的
蜜网是指另外采用了技术的蜜罐,从而以合理方式记录下黑客的行动,同时尽量减小或排除对因特网上其它系统造成的风险。建立在反向防火墙后面的蜜罐就是一个例子。防火墙的目的不是防止入站连接,而是防止蜜罐建立出站连接。不过,虽然这种方法使蜜罐不会破坏其它系统,但同时很容易被黑客发现。

更多:http://baike.baidu.com/view/297230.htm
打开SERVER
安装

  1. root@ubuntu:~# mkdir kippo
  2. root@ubuntu:~# apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted python-mysqldb
复制代码
获得源代码

  1. root@ubuntu:~# cd kippo/
  2. root@ubuntu:~/kippo# svn checkout http://kippo.googlecode.com/svn/trunk/
复制代码
添加一个独立的用户组给KIPPO

  1. root@ubuntu:~/kippo# useradd -s /bin/bash -d /home/kippo -m kippo
复制代码
添加一个独立的MYSQL用户给KIPPO

  1. root@ubuntu:~/kippo# mysql -u root -p
  2. Enter password:
  3. Welcome to the MySQL monitor.  Commands end with ; or \g.
  4. Your MySQL connection id is 34
  5. Server version: 5.1.61-0ubuntu0.10.10.1-log (Ubuntu)

  6. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

  7. Oracle is a registered trademark of Oracle Corporation and/or its
  8. affiliates. Other names may be trademarks of their respective
  9. owners.

  10. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

  11. mysql> CREATE DATABASE kippo;
  12. Query OK, 1 row affected (0.00 sec)
  13. mysql> GRANT ALL ON kippo.* to 'kippo'@'localhost' identified by '123456';
  14. Query OK, 0 rows affected (0.00 sec)

  15. mysql> show databases;
  16. +--------------------+
  17. | Database           |
  18. +--------------------+
  19. | information_schema |
  20. | kippo              |
  21. | mysql              |
  22. | pentest            |
  23. +--------------------+
  24. 4 rows in set (0.01 sec)

  25. mysql>
复制代码

帐号和数据库一样 密码123456导入默认数据库

  1. root@ubuntu:~/kippo# cd doc/sql/
  2. root@ubuntu:~/kippo/doc/sql# ls
  3. mysql.sql  update2.sql  update3.sql  update4.sql  update5.sql  update6.sql
  4. root@ubuntu:~/kippo/doc/sql# mysql -ukippo -p123456 kippo < mysql.sql
复制代码

编辑配置
kippo.cfg.dist
  1. root@ubuntu:~/kippo# mv kippo.cfg.dist kippo.cfg
复制代码
编辑他 我的如下:
  1. root@ubuntu:~/kippo# cat kippo.cfg
  2. #
  3. # Kippo configuration file (kippo.cfg)
  4. #

  5. [honeypot]

  6. # IP addresses to listen for incoming SSH connections.
  7. #
  8. # (default: 0.0.0.0) = any address
  9. ssh_addr = 0.0.0.0

  10. # Port to listen for incoming SSH connections.
  11. #
  12. # (default: 2222)
  13. ssh_port = 2222

  14. # Hostname for the honeypot. Displayed by the shell prompt of the virtual
  15. # environment.
  16. #
  17. # (default: sales)
  18. hostname = ubuntu

  19. # Directory where to save log files in.
  20. #
  21. # (default: log)
  22. log_path = log

  23. # Directory where to save downloaded (malware) files in.
  24. #
  25. # (default: dl)
  26. download_path = dl

  27. # Directory where virtual file contents are kept in.
  28. #
  29. # This is only used by commands like 'cat' to display the contents of files.
  30. # Adding files here is not enough for them to appear in the honeypot - the
  31. # actual virtual filesystem is kept in filesystem_file (see below)
  32. #
  33. # (default: honeyfs)
  34. contents_path = honeyfs

  35. # File in the python pickle format containing the virtual filesystem.
  36. #
  37. # This includes the filenames, paths, permissions for the whole filesystem,
  38. # but not the file contents. This is created by the createfs.py utility from
  39. # a real template linux installation.
  40. #
  41. # (default: fs.pickle)
  42. filesystem_file = fs.pickle

  43. # Directory for miscellaneous data files, such as the password database.
  44. #
  45. # (default: data_path)
  46. data_path = data

  47. # Directory for creating simple commands that only output text.
  48. #
  49. # The command must be placed under this directory with the proper path, such
  50. # as:
  51. #   txtcmds/usr/bin/vi
  52. # The contents of the file will be the output of the command when run inside
  53. # the honeypot.
  54. #
  55. # In addition to this, the file must exist in the virtual
  56. # filesystem {filesystem_file}
  57. #
  58. # (default: txtcmds)
  59. txtcmds_path = txtcmds

  60. # Public and private SSH key files. If these don't exist, they are created
  61. # automatically.
  62. #
  63. # (defaults: public.key and private.key)
  64. public_key = public.key
  65. private_key = private.key

  66. # Initial root password. NO LONGER USED!
  67. # Instead, see {data_path}/userdb.txt
  68. password = 123456

  69. # IP address to bind to when opening outgoing connections. Used exclusively by
  70. # the wget command.
  71. #
  72. # (default: not specified)
  73. out_addr = 0.0.0.0

  74. # Sensor name use to identify this honeypot instance. Used by the database
  75. # logging modules such as mysql.
  76. #
  77. # If not specified, the logging modules will instead use the IP address of the
  78. # connection as the sensor name.
  79. #
  80. # (default: not specified)
  81. #sensor_name=myhostname

  82. # Fake address displayed as the address of the incoming connection.
  83. # This doesn't affect logging, and is only used by honeypot commands such as
  84. # 'w' and 'last'
  85. #
  86. # If not specified, the actual IP address is displayed instead (default
  87. # behaviour).
  88. #
  89. # (default: not specified)
  90. #fake_addr = 192.168.66.254

  91. # Banner file to be displayed before the first login attempt.
  92. #
  93. # (default: not specified)
  94. #banner_file =

  95. # Session management interface.
  96. #
  97. # This is a telnet based service that can be used to interact with active
  98. # sessions. Disabled by default.
  99. #
  100. # (default: false)
  101. interact_enabled = false
  102. # (default: 5123)
  103. interact_port = 5123

  104. # MySQL logging module
  105. #
  106. # Database structure for this module is supplied in doc/sql/mysql.sql
  107. #
  108. # To enable this module, remove the comments below, including the
  109. # [database_mysql] line.

  110. [database_mysql]
  111. host = localhost
  112. database = kippo
  113. username = kippo
  114. password = 123456

  115. # XMPP Logging
  116. #
  117. # Log to an xmpp server.
  118. # For a detailed explanation on how this works, see: <add url here>
  119. #
  120. # To enable this module, remove the comments below, including the
  121. # [database_xmpp] line.

  122. #[database_xmpp]
  123. #server = sensors.carnivore.it
  124. #user = anonymous@sensors.carnivore.it
  125. #password = anonymous
  126. #muc = dionaea.sensors.carnivore.it
  127. #signal_createsession = kippo-events
  128. #signal_connectionlost = kippo-events
  129. #signal_loginfailed = kippo-events
  130. #signal_loginsucceeded = kippo-events
  131. #signal_command = kippo-events
  132. #signal_clientversion = kippo-events
  133. #debug=true
  134. root@ubuntu:~/kippo#
复制代码

安装监听工具
  1. root@ubuntu:~/kippo# apt-get install authbind
复制代码

配置
  1. root@ubuntu:~/kippo# chown kippo:kippo /etc/authbind/byport/22
  2. root@ubuntu:~/kippo# chmod 777 /etc/authbind/byport/22
  3. root@ubuntu:~/kippo# chown -R kippo:kippo /root/kippo/
复制代码
创建一个启动脚本
  1. root@ubuntu:~/kippo# echo "twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid" > 1.sh
  2. root@ubuntu:~/kippo# cat 1.sh
  3. twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid
  4. root@ubuntu:~/kippo#
复制代码

移动工具位置
  1. root@ubuntu:~# mv kippo/ /opt/
  2. root@ubuntu:~# cd /opt/
  3. root@ubuntu:/opt# ls
  4. kippo
  5. root@ubuntu:/opt# cd kippo/
复制代码

更改下KIPPO用户密码 切换到KIPPO
  1. root@ubuntu:~/kippo# passwd kippo
  2. Enter new UNIX password:
  3. Retype new UNIX password:
  4. passwd: password updated successfully
  5. root@ubuntu:~/kippo# su kippo
  6. kippo@ubuntu:/root/kippo$ id
  7. uid=1002(kippo) gid=1002(kippo) groups=1002(kippo)
  8. kippo@ubuntu:/root/kippo$
复制代码

启动
  1. kippo@ubuntu:/opt/kippo$ pwd
  2. /opt/kippo
  3. kippo@ubuntu:/opt/kippo$ ./start.sh
  4. Starting kippo in background...Loading dblog engine: mysql
  5. Generating RSA keypair...
  6. done.
复制代码

查看监听:
  1. kippo@ubuntu:/opt/kippo$ netstat -antp
  2. (Not all processes could be identified, non-owned process info
  3. will not be shown, you would have to be root to see it all.)
  4. Active Internet connections (servers and established)
  5. Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
  6. tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -               
  7. tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      -               
  8. tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      4615/python     
  9. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -               
  10. tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -               
  11. tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -               
  12. tcp        0      0 192.168.71.130:22       192.168.71.129:44874    ESTABLISHED -               
  13. tcp6       0      0 :::22                   :::*                    LISTEN      -               
  14. kippo@ubuntu:/opt/kippo$
复制代码

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 4615/python
查找进程:
  1. kippo@ubuntu:/opt/kippo$ ps -ef | grep 4615
  2. kippo     4615     1  0 13:47 ?        00:00:00 /usr/bin/python /usr/bin/twistd -y kippo.tac -l log/kippo.log --pidfile kippo.pid
  3. kippo     4626  4588  0 13:48 pts/0    00:00:00 grep --color=auto 4615
  4. kippo@ubuntu:/opt/kippo$
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-11-26 02:50

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部