Saturday, September 17, 2016

setup ssh honeypot to collect ssh password using modified kojoney

1- download kojoney
$ git clone https://github.com/madirish/kojoney2.git

2- install prerequisites
$ sudo pip install -Iv twisted==15.2.0
$ sudo pip install pycrypto
$ pip install pyasn1

3-  by default kojoney does not record the wrong attempt, (don't know it is a feature or error with my setup), so to enable it to record all the password attempt, go to line 123 of file ~/kojoney2/lib/kojoney_db.py change it as below

cursor.execute(sql , (ip, 33, username, password, SENSOR_ID))


this will no record the ip address as int but record 33 instead.

4- run it
$ cd ~/kojoney2
$ sudo ./kojoney.py

-snapshot of kojoney loggin while we attempt ssh login


5- all the username/password is recorded in kojoney.sqlite3 , so use the following commands to view them

$ sqlite3 kojoney.sqlite3
SQLite version 3.11.0 2016-02-15 17:29:24
Enter ".help" for usage hints.
sqlite> .table
downloads          executed_commands  login_attempts     nmap_scans      
sqlite> select * from login_attempts;
1|2016-09-17 02:24:44|-|root|psss|33|1
2|2016-09-17 02:24:47|-|root|neekd|33|1
3|2016-09-17 02:24:49|-|root|skldfd|33|1
4|2016-09-17 02:24:51|-|root|kjdf|33|1
5|2016-09-17 02:24:53|-|root|kfd|33|1
sqlite>


No comments:

Post a Comment