Description: this video is a simple demo of tool "kippo" to setup and configure honeypot ssh server.
Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
Some interesting features:
Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
Session logs stored in an UML compatible format for easy replay with original timings
Just like Kojoney, Kippo saves files downloaded with wget for later inspection
Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc
source : http://code.google.com/p/kippo/
the steps taken in video are following.
1.untar the kippo package and go to directory.
2.run "./start.sh"
3.run "netstat -lntup" to check the connectivity.
4.in different terminal run "tail -f log/kippo.log"
5.try to connect with default password of kippo as shown in video.
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
one interesting thing about kippo is: session is not closed even after running "exit". so it keeps users logged in.
This tool bypass the loging details ? i dont still understand. anyone explain this ? Please ?
nice
but then after exploiting a vulnerable box how to detect whether that box had such kind of honepot installed ?
i mean is there any way for the attacker to know that yes i am being recorded by honepot i should limit myself ?