切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
330 低交互蜜罐 dionaea 2[复制链接]
发表于 2012-10-20 16:37:38 | 显示全部楼层 |!read_mode!

http://netsec.ccert.edu.cn/zhugejw/tag/honeypot/

http://juliayccheng.blogspot.com/2011/05/honeypot-technology-dionaea.html

http://sample.ctust.edu.tw/%E6%9E%97%E8%80%80%E4%BB%81/ietac2012/2012%E8%B3%87%20%E8%A8%8A%E6%95%99%E8%82%B2%E8%88%87%E7%A7%91%E6%8A%80%E6%87%89%E7%94%A8%E5%B0%88%E9%A1%8C%E7%AB%B6%E8%B3%BD_%E6%B1%BA%E8%B3%BD%E5%A0%B1%E5%91%8A/%E6%87%89%E7%94%A8%E7%B3%BB%E7%B5%B1%E6%95%B4%E5%90%88%E9%A1%9E/110.pdf

dionaea的服务都是模拟的 如:
FTP

  1. root@Dis9Team:~# ftp 127.0.0.1
  2. Connected to 127.0.0.1.
  3. 220 ---freeFTPd 1.0---warFTPd 1.65---
  4. Name (127.0.0.1:root): dis9
  5. 331 User OK, Password required
  6. Password:
  7. 530 Authentication failed, sorry
  8. Login failed.
  9. ftp> exit
  10. root@Dis9Team:~#
复制代码
MYSQL

  1. root@Dis9Team:~# mysql -u root -p
  2. Enter password:
  3. ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
  4. root@Dis9Team:~#
复制代码
他的主运日志在这里:

  1. root@Dis9Team:/var/dionaea/log# cat dionaea-errors.log | grep attack
  2. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  3. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  4. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  5. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  6. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  7. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  8. [14102012 04:00:09] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  9. [14102012 04:00:13] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
  10. [14102012 04:00:28] logsql dionaea/logsql.py:691-warning: no attackid for 127.0.0.1:5061
复制代码

储存方式通过数据库

  1. root@Dis9Team:/var/dionaea# sqlite3 logsql.sqlite
  2. SQLite version 3.7.4
  3. Enter ".help" for instructions
  4. Enter SQL statements terminated with a ";"
  5. sqlite> .databases
  6. seq  name             file                                                      
  7. ---  ---------------  ----------------------------------------------------------
  8. 0    main             /var/dionaea/logsql.sqlite                                
  9. sqlite>
复制代码
可以查看

  1. sqlite> .tables
  2. connections              mssql_commands           sip_commands           
  3. dcerpcbinds              mssql_fingerprints       sip_sdp_connectiondatas
  4. dcerpcrequests           mysql_command_args       sip_sdp_medias         
  5. dcerpcserviceops         mysql_command_ops        sip_sdp_origins        
  6. dcerpcservices           mysql_commands           sip_vias               
  7. downloads                offers                   virustotals            
  8. emu_profiles             p0fs                     virustotalscans        
  9. emu_services             resolves               
  10. logins                   sip_addrs              
  11. sqlite>
复制代码

查看记录

  1. sqlite> .mode list
  2. sqlite> select * from connections;
  3. 2974|accept|tcp|mssqld|1350212816.02612|2974||127.0.0.1|1433|127.0.0.1||33354
  4. 2975|accept|tcp|mssqld|1350212821.03106|2975||127.0.0.1|1433|127.0.0.1||33356
  5. 2976|reject|tcp|pcap|1350212824.03541|2976||127.0.0.1|4713|127.0.0.1||39355
  6. 2977|accept|tcp|mssqld|1350212826.03534|2977||127.0.0.1|1433|127.0.0.1||33360
  7. 2978|accept|tcp|mssqld|1350212831.03586|2978||127.0.0.1|1433|127.0.0.1||33361
  8. 2979|accept|tcp|mssqld|1350212836.03664|2979||127.0.0.1|1433|127.0.0.1||33362
  9. 2980|accept|tcp|mssqld|1350212841.0422|2980||127.0.0.1|1433|127.0.0.1||33363
  10. 2981|accept|tcp|mssqld|1350212848.54764|2981||127.0.0.1|1433|127.0.0.1||33364
  11. 2982|accept|tcp|mssqld|1350212853.5481|2982||127.0.0.1|1433|127.0.0.1||33365
  12. 2983|accept|tcp|mssqld|1350212858.55421|2983||127.0.0.1|1433|127.0.0.1||33366
  13. 2984|accept|tcp|mssqld|1350212863.5555|2984||127.0.0.1|1433|127.0.0.1||33367
  14. 2985|accept|tcp|mssqld|1350212868.56075|2985||127.0.0.1|1433|127.0.0.1||33368
  15. 2986|accept|tcp|mssqld|1350212873.56684|2986||127.0.0.1|1433|127.0.0.1||33369
  16. 2987|accept|tcp|mssqld|1350212878.57219|2987||127.0.0.1|1433|127.0.0.1||33370
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 19:37

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部