Skip to content

iotac-eu/honeypot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 

Repository files navigation

IoTAC Honeypot

Honeypot component by Technische Universität Berlin.

Version

3.0.1

install and manage the docker

sudo docker pull jlnftk/honeypot:latest
sudo docker run -p 2000-3000:22 --name iotac_honeypot -d -t jlnftk/honeypot:latest
sudo docker ps
sudo docker exec -it iotac_honeypot /bin/bash

running the honeypot

su honeypot
cd $HOME/honeypot/code/modules/
git pull
set kafka_topic and systemID in config.json via:
nano $HOME/honeypot/code/modules/config.json
bash start_honeypot.sh

observe the log

tail -f /home/honeypot/cowrie/var/log/cowrie/cowrie.log

testing the honeypot from the outside

docker exec -it honeypot_attacker /bin/sh

get honeypot IP

sudo docker inspect -f '{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(sudo docker ps -aq)

run a portscan

nmap -v 172.17.0.2 -p 1-5000

service login examples

ssh root@172.17.0.3 -p 22 telnet 172.17.0.2 2223 ftp ...

DoS

gcc synflood.c -o synflood sudo ./synflood 172.17.0.2 22

track activiy in the log

ssh root@172.17.0.2 -p 22 execute commands

trigger advanced detection (this will hit the entire network and will be detected by all honeypots as a shared threat)

docker exec -it honeypot_container1 /bin/sh su honeypot cd $HOME/honeypot/code/modules/

setup IP of remote HP in config.json

bash start_honeypot.sh

docker exec -it honeypot_container2 /bin/sh su honeypot cd $HOME/honeypot/code/modules/

setup IP of remote HP in config.json

bash start_honeypot.sh

e.g. execute single port portscan across the network

nmap -v 172.17.0.0/24 -p 22

read the API

curl -k https://172.17.0.2:5000/getall --header "apikey: iotacAPIkey1-s56JkyKbk4WrSBaXt9M99PC9XpGtUKZu9T"

update the honeypot

su honeypot
cd $HOME/honeypot/
git pull

CREDs for honeypot user

thisisasecurepasswordforthehoneypotwithmanyletters