By ro0ted | January 14, 2015 - 20:26 | Posted in /b/ | 7 Comments
#ro0ted #OpNewblood What the Blackhats dont want you to know: How to install Kippo SSH Honeypot on a VPS

Doing two tutorials based on Kippo SSH Honeypot. There’s two ways to set Kippo up. Well three ways but we will only discuss two. The first way use a VPS. The second use the honeydrive distro. This tutorial will be VPS based. I’ve been really busy lately so I didn’t have enough time to post the using part. This is just how to set it up. Post Part 2 Tonight. -https://twitter.com/ro0ted/


 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up+


 

 

What’s used?

Cloud VPS (Ubuntu)

http://tartarus.org/~simon/putty-snapshots/x86/putty-2016-06-03-installer.exe

I’m using an offshore Ubuntu 14.04 Server for example done in this tutorial. 

If you don’t have one…You are going to want to buy one. Yes good shit isn’t free. Check out the link I put for the Cloud VPS it’s 5 bucks a month. Putty’s Free. This is a Windows Tutorial.

Visit https://cloud.digitalocean.com

Download Putty (listed above). 

Open Puttygen>Click Generate>move your mouse around the blank space.

Untitled

Then copy the public key to the clipboard, save the public/private key.

Untitled

Go to digital ocean control panel click SSH Keys.

yt6

Copy n paste the public key from Puttygen to Control Panel.

yt7

Now open Putty.

yt7

Now once you are in Auth,

yt7

In RLogin enter Root. Now you can connect to your server without ever entering a key. Minimize this window go to Create Droplet to make your server.

yt

Edit yours how you want just make sure you don’t enable Ipv6/Private Networking. Pick any Linux Distro Debian is more stable than all of them. Click SSH Key before clicking create droplet. Then go to droplets left side menu.

yt7

Copy n paste ip in droplets to your putty. Click open. Should work flawlessly. If it does ask for a pass phrase ex: Passphrase for RSA-Key”” that means you put phrase in puttygen. If it says password for root, you did something wrong.

yt7

 

yt7

Type:

sudo apt-get dist-upgrade

sudo apt-get upgrade

sudo apt-get update

yt7

Change the default port from 22 to 1984. when Linux uses port 22 it requires Root.

Hit ctrl + X. Select Y.

m

restart the SSH service so it is not bound to port 22 anymore. Type:

service ssh restart

m

Make sure it’s listening for 1984 type:

netstat -ant | grep 1984

m

Next we are going to use UFW to make sure port 22 & port 1984 only get accessed from our own Home network address.

type:

apt-get install ufw

ufw allow ssh

ufw allow from 127.0.0.1 to any port 1984

Replace 127.0.0.1 with your real IP Address of your home network. Not your VPN or Server IP. YOUR REAL ONE.

m

Kippo is python based meaning we gotta get the right libraries.

Type:

apt-get -y install python-dev openssl python-openssl python-pyasn1 python-twisted git python-pip supervisor authbind

m

You know how in IRC there’s bots (not talking about botnets) that do certain things and maintain your server in different ways? Well we need to create a non root user who will run out honeypot, call him kippo, nothing else.

type:

useradd -d /home/kippo -s /bin/bash -m kippo

Password Protect it, type:

passwd kippo

m

Install Kippo SSH Honeypot

type:

cd /opt

git clone https://github.com/threatstream/kippo

cd kippo

m

  Configure Kippo

type:

mv kippo.cfg.dist kippo.cfg

sed -i ‘s/ssh_port = 1984/ssh_port = 22/g’ kippo.cfg

sed -i s/hostname = Putfakenamehere/hostname = db01/g kippo.cfg

sed -i ‘s/ssh_version_string = SSH-2.0-OpenSSH_5.1p1 Debian-5/ssh_version_string = SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5/g’ kippo.cfg

 

m

Fix permissions for kippo

type:

chown -R kippo:users /opt/kippo

touch /etc/authbind/byport/22

chown kippo /etc/authbind/byport/22

chmod 777 /etc/authbind/byport/22

m

Setup HPFeeds

type:

cat >> /opt/kippo/kippo.cfg <<EOF

[database_hpfeeds]
server = $HPF_HOST
port = $HPF_PORT
identifier = $HPF_IDENT
secret = $HPF_SECRET
debug = false
 
EOF

m

Setup kippo to start at boot

type:

sed -i ‘s/twistd -y kippo.tac -l log\/kippo.log –pidfile kippo.pid/su kippo -c “authbind –deep twistd -n -y kippo.tac -l log\/kippo.log –pidfile kippo.pid”/g’ /opt/kippo/start.sh

m

Config for supervisor

type:

cat > /etc/supervisor/conf.d/kippo.conf <<EOF

[program:kippo]

command=/opt/kippo/start.sh

directory=/opt/kippo

stdout_logfile=/opt/kippo/log/kippo.out

stderr_logfile=/opt/kippo/log/kippo.err

autostart=true

autorestart=true

redirect_stderr=true

stopsignal=QUIT

EOF

 

supervisorctl update

 

m

type:

su kippo

./start.sh

m

Now we know how to set it up. Very long process. But it’s not done yet. I’ll show you how deadly it is for the hacker; Tables turn now son gonna wish you never tried to brute force that SSH login. lol Been really busy but I’ll try to post part 2 tonight.

ro0ted

(Visited 693 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

7 Responses to #ro0ted #OpNewblood What the Blackhats dont want you to know: How to install Kippo SSH Honeypot on a VPS

  1. March 23, 2015 at 15:21
    buzzardair says:

    Is part 2 available somewhere? I enjoyed part one.

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know | Packing & Crypting, There’s a difference

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting pt 3 Crypt against AVs

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: Add your own menu

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Analyzing the ZeuS bot Part 2

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]

  6. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know: Meet the Auto Cousin of Volatility Framework

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]

  7. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know BE: think ur drive is really wiped?

    […] Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up […]