A Few Days With Kippo

I set up a kippo honeypot a few days ago. Mostly as a fun project as you can tell if you look around this blog. After a day or so I got hooked on it. I needed it to be better. So I did some reading and checked with the all powerful sysadmin- Google – and I found a few things I could try.

The first suggestion was to remove the default kippo login which was root:0:123456. Apparently this was deemed too easy for the bottom dwelling brute force attackers and would often alert them to the presence of kippo. So I did that and added a few easy password login combos that would seem legit if the admin of my fake server was lazy. Now these losers cannot get in. They hammer and hammer with their brute force attempts, but most fail to get in. I’m not sure if most of the people trying to brute force my SSH are idiots or just have bad wordlists. I find it sad they cannot guess some of these simple login combos. So I made the password login combos a little easier today. Time will tell.

The next thing I did was install a fresh version of Debian 7 on an old box. I added some fake users and open source accounting software. I went on to use the system to browse a few websites, make and delete files, create directories and leave some sensitive looking files in all the right places complete with data. I probably put more effort into this project than was necessary, but it’s fun at the moment.

I backed up my new “fake” linux system using tar and used kippo’s tool for cloning the filesystem- not in the order. I moved the files ystem to kippo’s /honeyfs and put the new pickle file in place and restarted kippo. The process is a bit more complicated than that but this isn’t a tutorial. I may do one soon if there is any interest from my 4 readers.

I tested my new kippo file system and it works. The idea is that most of the hackers looking to crack a SSH are well aware of how kippo acts and the default file system that comes with it. So to get the really good stuff you have to go the extra mile and do what I have done. No fault of the kippo developers- the honeypot is great and one of my favorites so far.

I’ll see where this goes and try to post anything funny or good that happens.

Loser Gets Mad At My Honeypot

This hacker is funny to me. He falls into my honeypot trap then gets mad at it. Toward the end of the first video is is just smashing keys.

Have a look:

Then for some reason he logs in a few minutes later. Same honeypot with the same name. He proceeds to try the same things as before and then gets mad again. Talk about an epic fail. I bet this hackers parents are not very proud of him.

Linux Security Distro

I know, I know- there are already a lot of Linux distros based around security and pentesting. The problem is most of them are junk. If I had to pick a favorite it would be Kali Linux (formerly Backtrack), but even it is loaded with tools that do the same thing. Many don’t work correctly or are patched out.

There are roughly 30 tools I use for pentesting and system monitoring. I have had near perfect success as it is, but I want to roll it all into one system based on Debian 7. I need to quickly respond to clients if they have a breach and be able to leave a virtual version onsite for XXXX amount of time.

I have tried and tried over and over with every security based distro I can find. I finally wound up duct taping a system together in a VM that does most of what I want. I know some of you are going to flame on this and many of you will troll it- but I don’t care. Take that kindergarten loser crap elsewhere.

I know what I need the system to do, what works for my clients and how I want to implement it. There is way someone else can know these things beyond the basics.

So that said, I am pushing forward but I wanted to drop this on the web in case anyone that wasn’t planning on being a jerk or elitist wanted to suggest any tools that are current and known to work. I will test them of course, but community support and input are what make the Linux world go around.

So leave comments with links or send me an email.

Chinese Hacker Caught in My Honeypot

So today I found a kippo log of a chinese hacker stuck in my honeypot. The hacker’s IP resolves as below:

310814-1

He gets all the clues he needs to figure out it is a honeypot, but just cannot seem to catch on. But like most morons this hacker probably gets his tools from iwannabebadasshacker dot com or some other site full of useless software.

Anyway, here is the video- enjoy sheeples.

Script Kiddie Caught in My Honeypot Wants to Add User

This one got me laughing and that’s hard to do. Apparently some script kiddie trying to play hacker from here:

hacker caught in honeypot trap

Was playing with his new port scanner he probably downloaded from iwannabe1337 dot com or some other stupid website. The sad thing is that my honeypot trolled him big time. He really, really wanted to add a new user but this wannabe hacker kept failing. I felt bad for him near the end. I’m not sure if he realized he was trapped in kippo or not, but I know he was frustrated judging from keystroke errors.

Poor little sheeple trying to play with the big dawgs. Anyway, watch and enjoy even though none of you are worthy.

Syrian Electronic Army and Other Losers

I was reading on Hack Read, ironic I suppose, that some degenerates are “helping” the Syrian Electronic Army hack and they have a new weapon or an improved weapon. Fact is, they are using tired old tools with a little new code. None of these morons could have an original idea if you drilled a hole in their head and poured one in.

What I wonder is why we don’t fight fire with fire? The NSA, FBI, CIA and the like are happily spying on us for no reason and without probably cause or a warrant- why can’t they turn their brown eye to the real bad guys?

Everyone is so up in arms over some guy that got shot, who clearly earned it, or about saving the rain forests yet no one is willing to fight a fight that needs fighting. You sheeple amuse me.

So the government(s) don’t feel like protecting the internet so someone should. I don’t know who since you are all cowards, but someone should. Right sheeple?

I’m disgusted with every one of you right now.

You Are Being Watched

Data oozes out of everything these days. From phones to atms to laptops or tablets. Most of it is encrypted (poorly), but only if outside your own network. It is simple, and easy, for any script kiddie moron to sit inside the network of a public wifi hotspot and capture data flopping about in it. And then see what that data is.

Think about all that next time you check your bank balance or order something online and you are using a public wireless hotspot. If not, don’t whine when you get weird charges on your bank statement or when the nude pics you sent to your boyfriend wind up on some coward’s website. It is your own fault for not being more careful.

It is not the government or the internet provider’s responsibility to protect you- it is yours. Stop expecting privacy and take some yourself.

You’re all a bunch of mindless sheep.