Results 1 to 5 of 5

Thread: SSH Honeypot

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    3

    Default SSH Honeypot

    I'm looking for a way to monitor the commands they're sending. I know I could use the bash history but theres nothing to stop them from erasing it. Is there a way to monitor what passwords they try?

    I was thinking about setting up the server running using SSH v1 and using dsniff's sshmitm. Any suggestions?

  2. #2
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    You could use SSH v2 with TCPWrappers set up you're host.allow file and write a script that writes the history file to a log and tail -f the log in another terminal for real time monitoring. SSH does not send plain text passwords. Therefore they will need to hook up first, enter their password which will be logged in the history file and then get bounced. Leaving a nice trail. OR, you didnt specify which login they are using. Simply deny shell access for that login and the above should work with SSH v1 without wrappers. Some SSH expert correct me if I'm wrong. Just offering ideas so be gentle.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  3. #3
    Junior Member the_rooster's Avatar
    Join Date
    Apr 2008
    Posts
    25

    Default

    I've used Sebek on windows honetpots to log cmd line to a linux box that was monitoring all the traffic. Worked pretty nice, they have a linux client as well you can get at honeynet.org/tools/sebek/.

  4. #4
    Just burned his ISO
    Join Date
    May 2008
    Posts
    4

    Default

    Kojoney fits the bill.

  5. #5
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Alright, I'll correct myself then. The history file only keeps a history of commands typed. Not login and passwords.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •