Set up some Honeypots and a Threat Map

Welcome back my fellow ethical hackers. Remember, the contents in this post is for educational purposes and should only be used for ethical reasons, so with that caveat, let’s get to work.

$199 ENROLLS YOU INTO THE CONTAINERS FOR DEVELOPERS AND QUALITY ASSURANCE COURSE (LFS254)!

We will be using Digital Ocean and Vulture to deploy the honeypots and the project we will be using is from https://github.com/threatstream/mhn.

So, first we will need a server, on Digital Ocean we are going for Ubuntu 16.04 4GB RAM, 4 core, 80GB disc virtual image.

hp2

We just need to name it now. Let’s go with mhn server.

hp3

So that droplet has been created, we can now SSH into it. So the first thing we need to do is create a non-root user, if you try to install as root, it can screw up some permissions. So on the command line type.

adduser dale

Or whatever name you are comfortable with. Then add a password. You can fill in the rest of the details if you like, but we didn’t bother. Next we will open /sudousers.temp file and give dale some permissions, basically root permissions.

SPEND $199 AND ENROLL IN OUR SELF PACED CONTAINERS FUNDAMENTALS COURSE (LFS253)!

hp4

The idea in the image above is just to copy all the permissions a root user can have for dale. CNTRL X, Y and enter will save that and exit. Now we just su dale and we are logged in as dale. Fantastico.

Now that we have that set up, we can now start the installation of the first HoneyPot. So first we need to clone the project now from Github to our Ubuntu server and set that up.

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!

git clone https://github.com/threatstream/mhn.git

Next we will make a folder called mhn on our server.

mkdir mhn

And go into the folder.

cd mhn

Then install in the directory.

sudo ./install.sh


hp5

We are almost finished the installation when we get to here. There are a few details you can optionally fill in, just make sure you use a legitimate email address for that question and remember the password you used, we will need those later.

Towards the end it will ask if you want to install Splunk or ELK, if you feel that you’d like to install those features also, have at it hoss. But for this post we won’t be doing that.

That’s it, the installation should now be complete. So let’s see if it’s working. Let’s grab the IP of the server.

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!

ifconfig

And we just need to open that IP in a web browser. What we get is a login page from the sever.

hp6

We will need to log in with the same email and password that we set up previously. Et Voila we are logged into the server.

hp7

We can see no attacks yet, which is nice, but we have only spawned the server, give it time 😉

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!    $299 now!!

Next we need to deploy the honeypot. In the top menu, choose Deploy and next we just need to name our honeypot and any scripts that we may like to add.

hp8

For the scripts option, we need to choose from the dropdown menu anything we’d like to use. Let’s choose Snort for this post.

hp9

As we can see it populates everything for us. Snort is an Intrusion Detection System that is going to monitor our server.

$299 REGISTERS YOU FOR OUR NEWEST SELF PACED COURSE! LFD201 – INTRODUCTION TO OPEN SOURCE DEVELOPMENT, GIT, AND LINUX!

Next we need to head back to Digital Ocean and create a new droplet, add the SSH keys and give it a name.

hp10

 

To connect to the Snort server from our Ubuntu server we just need to use the command that was given to us when we chose Snort earlier.

hp11

Just copy the command and run it on the Ubuntu command line. Next, in the top menu of the honeypot server, choose Sensors>View Sensors to see if we are connected.

ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!

hp12

We can see there has already been 2 attacks, interesting 🙂 So let’s click on the number 2.

hp13

So we have had 2 random attacks, we can grab the IP and inspect that further if we wish. Also we can find out what type of attacks they are. In the menu again choose the Payloads tab.

hp14

It looks like someone is trying to download blocks or something, and it is advising we block the connection. It’s just a honeypot, so let them work away. Finally, let’s go to the Maps option in the menu.

$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!

hp1

Here we can see the attacks happening in real time and from their location. And we are done!!

Thank you so much for reading, please pass it on to anyone who is interested and don’t forget to subscribe to our blog. Ciao for now 😉

QuBits 2019-09-02

DAL

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.