PoiNtEr->: Install Honeyd on Ubuntu

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Thursday, May 17, 2012

Install Honeyd on Ubuntu



                       
Firstly, open up your terminal. Then update your package listings as shown below:

Eva@Vishal~$ sudo apt-get update

Next, install honeyd and its dependencies using apt-get.

Eva@Vishal~$ sudo apt-get install honeyd honeyd-common

The package “honeyd” contains the actual honeyd service, and “honeyd-common” contains various scripts and extra components that will emulate all of the port services on the virtual honeypots, such as SSH, HTTP, rsh, etc.
My configuration files in /etc/honeypot/

1:honeyd.conf

create default
set default default tcp action block
set default default udp action block
set default default icmp action block

create windows
set windows personality "Microsoft Windows XP Professional SP1"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open

set windows ethernet "00:00:24:ab:8c:12"
dhcp windows on eth1

2:fakemachine.conf

create windows
set windows personality "Microsoft Windows XP Professional"
add windows tcp port 80 "sh scripts/web.sh"
add windows tcp port 25 "perl scripts/snmp/fake-snmp.pl"
add windows tcp port 23 "perl scripts/telnet/faketelnet.pl"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows default tcp action reset
set windows default udp action reset
set windows ethernet "00:00:24:ab:8c:12"
bind 192.168.2.50 windows


To load the honeypot(s) into honeyd and deploy them, simply enter the appropriate commands.
Eva@Vishal~$ honeyd -d -f honeypots.conf

The -d parameter forces honeyd not to run in the background as a daemon and dumps any and all output information into the terminal. If you wish to log the data  into a file, simply use the -l option.
Eva@Vishal~$ honeyd -d -f honeypots.conf -l log.out

Starting Nmap 5.21 ( http://nmap.org ) at 2012-05-26 21:48 IDT

Interesting ports on 192.168.1.50:

PORT     STATE  SERVICE
23/tcp     open        telnet
25/tcp     open        smtp
80/tcp     open        http
.
.
.
Now with some Magic commands you can create fakemachines on all empty ip's.
Well you can use this technique to capture ipv4 address , using farpd with honeyd.
Remember No one will be able to connect to your network if you run honeyd on whole network using following command:
honeyd -d -i wlan0 -f /etc/honeypot/myfakemachine.conf 192.168.2.0/24 &
with farpd actively running. 
I things thats enough i have already told you just try to figure out by your self and Go and hack Your network before some other guy hack it.

Have Any Question feel free to Comment Below:-)



1 comment:

  1. hey you haven't opened port 110 but how come nmap's scanning port 110 and what about other ports or nmap doesn't scan more than 2 ports at a time.
    it just seems you copied someone else work.
    http://nullpwd.wordpress.com/2011/08/26/honeyd-your-own-virtual-honeypot/

    ReplyDelete