Honeypots
Last modified: 2023-08-06
Network
A honeypot is a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of information systems.
Detecting Honeypot
When entered target system, then if we felt something is wrong. For example,
- Cannot execute common OS commands e.g.
ls,cat, etc. - There are few files under
/home/<user>unnaturally. - There are few users or uncommon users exist in
/etc/passwdunnaturally. - Found either
cowrie-env,cowrie.cfg,tpot.yml,dionaea.cfgin system.
We may be able to suspect the system is a honeypot.
Cowrie
Cowrie is an SSH/Telnet honeypot.
Directories & Files
etc/cowrie.cfg
etc/userdb.txt
var/log/cowrie/
Or we can find the associated files by the following command.
find / -name "*cowrie*" 2>/dev/null
Reconnaissance
# OS
uname -a
cat /etc/issue
# CPU
nproc
cat /proc/cpuinfo
T-Pot
T-Pot is the all in one, optionally distributed, multiarch (amd64, arm64) honeypot platform.
Dionaea
Mailoney
Mailoney is an SMTP honeypot.