Exploits related to Network

A honeypot is a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of information systems.

Detecting Honeypot

When entered target system, then if we felt something is wrong. For example,

Cannot execute common OS commands e.g. ls, cat, etc.
There are few files under /home/<user> unnaturally.
There are few users or uncommon users exist in /etc/passwd unnaturally.
Found either cowrie-env, cowrie.cfg, tpot.yml, dionaea.cfg in system.

We may be able to suspect the system is a honeypot.

Cowrie

Cowrie is an SSH/Telnet honeypot.

Directories & Files

etc/cowrie.cfg
etc/userdb.txt
var/log/cowrie/

Or we can find the associated files by the following command.

find / -name "*cowrie*" 2>/dev/null

Reconnaissance

# OS
uname -a
cat /etc/issue

# CPU
nproc
cat /proc/cpuinfo

T-Pot

T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot platform.

Dionaea

Mailoney

Mailoney is an SMTP honeypot.

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.