I say honeypot but really it isn’t a honeypot… but it is something I am using to log/capture data from malicious individuals….so thus the reason I say honeypot. I want to edit sshd to log all user/password attempts. Cent7 yum install git make zlib-devel openssl-devel openssh-devel pam-devel screen autoconf gcc vim-enhanced lsof git clone https://github.com/openssh/openssh-portable.git cd openssh-portable/ autoreconf ./configure vim auth-passwd.c (add in my little log code in the auth_password function) //for Lanix logit(“sshd credentials:%s:%s”,authctxt->user,password); make we are going to use the built-in sshd_config and the current ssh_host_keys to prevent anyone remote being able to easily identify the trap. cp /etc/ssh/sshd_config /root/ (modify this as there are multiple parts we didn’t complile into our ssh and errors will be thrown, also to test I run it first on a different port) cp /etc/ssh/ssh_host_* /root/ chmod 0600 /root/ssh_host_* /root/openssh-portable/sshd -f sshd_config -D (I test with the -D so that I can easily […]
I have found that some of the tools I am utilizing and need to compile require zlib.h… and that is in the zlib1g-dev package… so: apt install zlib1g-dev
Just a quick note wile performing recon on a customer I struggled with the dns-names.txt issue on kali, basically thehavester is looking for a file named dns-names.txt in the current directory when you are requesting to perform a dns brute force. The good news is the file exists in two spots on a kali box: yourname@kali:~/Desktop$ locate dns-names.txt /usr/share/golismero/tools/theHarvester/dns-names.txt /usr/share/golismero/tools/theHarvester/discovery/dns-names.txt this is used when you pass the “-c” option, so the easiest work around until this gets updated is to copy one of these files into your current directory. On my box both were the exact same file.
Funny thing about people and passwords… just about anything really, we get comfortable with certain things, for example, you probably know of a family where all the kids first names start with the same letter. Kids tend to be a little more creative, but adults tend to hold onto things, similar things. Lets look at passwords, now keep in mind I am not saying everyone is like this, you may not be, but chances are….the majority of people will have a password that is similar in structure. Lets say this is your password: Cathat89! Your original password was probably something similar to you, say you liked cat in the hat, and you were born in the year 1989. But the content of the password will change over time… but the structure could stay the same. You see how the first character is a capitol, then there are several lower case […]