切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
332 honeyd[复制链接]
发表于 2012-10-21 23:25:55 | 显示全部楼层 |!read_mode!

http://kreatures.wordpress.com/2010/12/26/honeyd-a-simple-honeypot-experience/

http://nullpwd.wordpress.com/2011/08/26/honeyd-your-own-virtual-honeypot/

http://blog.csdn.net/jack237/article/details/6828771 #CENTOS下的
打开SERVER 安装

  1. root@ubuntu:~# apt-get install honeyd honeyd-common
复制代码
Honeyd是一个小的防护程序,它能够产生虚拟的主机,这些主机能够被配置以提供任意的服务,系统特征也是与之相适应,以至于使之看起来像真实的系统在运行。在一个局域网的网络仿真中,Honeyd能够使单个主机拥有许多IP(多达65536个)。通过提供对威胁探测和评估的机制,增强了计算机的安全性,通过隐藏真实的系统在虚拟的系统中,也达到了阻止敌手的目的。默认配置:看一个伪装
  1. root@ubuntu:/usr/share/honeyd/scripts/win32/win2k# cat iis.sh
  2. #!/bin/sh
  3. #
  4. # by Fabian Bieker <fabian.bieker@web.de>
  5. #

  6. . scripts/misc/base.sh

  7. SRCIP=$1
  8. SRCPORT=$2
  9. DSTIP=$3
  10. DSTPORT=$4

  11. SERVICE="IIS/HTTP"
  12. HOST="bps-pc9"
  13. LOG="/var/log/honeyd/web.log"

  14. VERSION="Microsoft-IIS/5.0"

  15. REQUEST=""

  16. rand1=`head -c 100 /dev/urandom | hexdump | sed -e 's/[0-9 ]//g' | awk '{print toupper($0);}' | head -c 8 | head -n 1`
  17. rand2=`head -c 300 /dev/urandom | hexdump | sed -e 's/[0-9 ]//g' | awk '{print toupper($0);}' | head -c 20 | head -n 1`

  18. my_start

  19. read req1

  20. # remove control-characters
  21. name=`echo $req1 | sed s/[[:cntrl:]]//g`

  22. echo "$req1" >> $LOG

  23. NEWREQUEST=`echo "$req1" | grep -E "GET .* HTTP/1.(0|1)"`
  24. if [ -n "$NEWREQUEST" ] ; then
  25.         REQUEST="GET"
  26. fi

  27. NEWREQUEST=`echo "$req1" | grep -E "GET (/|/?index.html?|/?index.(a|j)sp) HTTP/1.(0|1)"`
  28. if [ -n "$NEWREQUEST" ] ; then
  29.         REQUEST="GET_/"
  30. fi

  31. NEWREQUEST=`echo "$req1" | grep -E "GET .scripts.*cmd.exe.*dir.* HTTP/1.(0|1)"`
  32. if [ -n "$NEWREQUEST" ] ; then
  33.         REQUEST="cmd_dir"
  34. fi

  35. NEWREQUEST=`echo "$req1" | grep -E "HEAD .* HTTP/1.(0|1)"`
  36. if [ -n "$NEWREQUEST" ] ; then
  37.         REQUEST="HEAD"
  38. fi

  39. while read name
  40. do
  41.        
  42.         # remove control-characters
  43.         name=`echo $name | sed s/[[:cntrl:]]//g`

  44.         LINE=`echo "$name" | egrep -i "[a-z:]"`
  45.         if [ -z "$LINE" ]
  46.         then
  47.                 break
  48.         fi

  49.         echo "$name" >> $LOG

  50. done

  51. case $REQUEST in
  52.   GET_/)
  53.         cat << _eof_
  54. HTTP/1.1 200 OK
  55. Server: $VERSION
  56. P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
  57. Date: $DATE
  58. Content-Type: text/html
  59. Connection: close
  60. Accept-Ranges: bytes
  61. Set-Cookie: isHuman=Y; path=/
  62. Set-Cookie: visits=1; expires=$date; path=/
  63. Set-Cookie: ASPSESSIONID$rand1=$rand2; path=/
  64. Expires: $DATE
  65. Cache-control: private

  66. <html>
  67. <body>
  68. <br /><br />
  69. <h1 id="toc-site-is-under-heavy-construction">Site is under Heavy Construction</h1>
  70. <b>coming soon...<b>
  71. </body>
  72. </html>
  73. _eof_
  74.   ;;
  75.   GET)
  76.         cat << _eof_
  77. HTTP/1.1 302 Object moved
  78. Server: $VERSION
  79. P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
  80. Date: $DATE
  81. Content-Type: text/html
  82. Connection: close
  83. Accept-Ranges: bytes
  84. Set-Cookie: isHuman=Y; path=/
  85. Set-Cookie: visits=1; expires=$date; path=/
  86. Set-Cookie: ASPSESSIONID$rand1=$rand2; path=/
  87. Expires: $DATE
  88. Cache-control: private

  89. <head></head>
  90. <body><h1 id="toc-object-moved">Object Moved</h1>This object may be found <a HREF="http://$HOST.$DOMAIN/">here</a>.</body>
  91. _eof_
  92.   ;;
  93.   HEAD)
  94.         cat << _eof_
  95. HTTP/1.1 200 OK
  96. Server: $VERSION
  97. P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
  98. Date: $DATE
  99. Content-Type: text/html
  100. Connection: close
  101. Content-Length: 31675
  102. Content-Type: text/html
  103. Expires: $DATE
  104. Accept-Ranges: bytes

  105. _eof_
  106.   ;;

  107.   cmd_dir)
  108.         cat << _eof_
  109. HTTP/1.0 200 OK
  110. Server: $VERSION
  111. P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
  112. Date: $DATE
  113. Connection: close
  114. Content-Type: text/plain
  115. Expires: $DATE
  116. Cache-control: private


  117. Volume in drive C is Webserver      
  118. Volume Serial Number is 3421-07F5
  119. Directory of C:\inetpub

  120. 01-20-02   3:58a      <DIR>          .
  121. 08-21-01   9:12a      <DIR>          ..
  122. 08-21-01  11:28a      <DIR>          AdminScripts
  123. 08-21-01   6:43p      <DIR>          ftproot
  124. 07-09-00  12:04a      <DIR>          iissamples
  125. 07-03-00   2:09a      <DIR>          mailroot
  126. 07-16-00   3:49p      <DIR>          Scripts
  127. 07-09-00   3:10p      <DIR>          webpub
  128. 07-16-00   4:43p      <DIR>          wwwroot
  129.              0 file(s)              0 bytes
  130.             20 dir(s)     290,897,920 bytes free
  131. _eof_
  132.   ;;
  133.   *)
  134.         cat << _eof_
  135. HTTP/1.1 400 Bad Request
  136. Server: $VERSION
  137. Date: $DATE
  138. Content-Type: text/html
  139. Content-Length: 87

  140. <html><head></head><body>The parameter is incorrect. </body></html>Connection closed by foreign host.
  141. _eof_
  142.   ;;
  143. esac

  144. my_stop
  145. root@ubuntu:/usr/share/honeyd/scripts/win32/win2k#
复制代码

伪装的很不错 如何使用?例如一个配置:
  1. create default
  2. set default default tcp action block
  3. set default default udp action block
  4. set default default icmp action block
  5. create windows
  6. add windows tcp port 80 open
  7. add windows tcp port 80 "sh /usr/share/honeyd/scripts/win32/win2k/iis.sh $ipsrc $sport $ipdst $dport"
复制代码
我用的是GOOGLE搜到的一个配置
  1. root@ubuntu:/tmp# cat xp.conf
  2. create default
  3. set default personality "Microsoft Windows XP Home Edition"
  4. set default default tcp action reset
  5. set default default udp action reset
  6. set default default icmp action open
  7. add default tcp port 139 open
  8. add default tcp port 137 open
  9. add default udp port 137 open
  10. add default udp port 135 open
  11. bind 192.168.1.104 default
复制代码

先要ARCP一下网卡
  1. arpd 192.168.1.0/24
复制代码

启动 虚拟网卡不行 必须真是网卡
  1. root@ubuntu:/tmp# honeyd -d -f xp.conf
  2. Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
  3. honeyd[3090]: started with -d -f xp.conf
  4. honeyd[3090]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:0c:29:9e:3f:14
  5. honeyd[3090]: Demoting process privileges to uid 65534, gid 65534
复制代码
  1. 如果要防止NMAP还可以用-p /usr/share/honeyd/nmap.prints
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-31 21:25

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部