Before we begin

Change standard ssh Port =Install some packets

• apt-get install python-dev openssl python-openssl python-pyasn1 git authbind

Adduser and change visudo that kippo can list users

• adduser kippo
• visudo

add

kippo ALL=(ALL:ALL) ALL

under the “root” user. =create fil and change some rights?

• touch /etc/authbind/byport/22
• chown kippo:kippo /etc/authbind/byport/22
• chmod 777 /etc/authbind/byport/22

We have to install an older version of Python Twisted

manually because of issues with the current version of Twisted and Kippo. I can’t recall the error at the moment, but I’ll see if I can find it in the logs later.

• apt-get install python-dev
• cd /tmp
• wget https://github.com/twisted/twisted/archive/twisted-14.0.2.tar.gz
• tar -zxvf twisted-14.0.2.tar.gz
• cd twisted-twisted-14.0.2/
• ./setup.py install

At this point we enter the system as ‘kippo’ user and go to the /home directory.

• sudo - kippo

Download the latest Kippo version from GitHub

• git clone https://github.com/desaster/kippo.git

change port

• cd kippo
• sed -e "/ssh_port =/s/2222/22/" kippo.cfg.dist > kippo.cfg

Finally, change the Kippo start script

• sed -i.bak -e "/kippo.tac/s/twistd/authbind --deep &/" start.sh

start

• ./start.sh

log

• tail -f log/kippo.log

2016-08-27 17:51:55+0200 [-] Log opened.
2016-08-27 17:51:55+0200 [-] twistd 14.0.2 (/usr/bin/python 2.7.12) starting up.
2016-08-27 17:51:55+0200 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2016-08-27 17:51:55+0200 [-] HoneyPotSSHFactory starting on 22
2016-08-27 17:51:55+0200 [-] Starting factory <kippo.core.ssh.HoneyPotSSHFactory instance at 0x7f2d3e6b1f38>
2016-08-27 17:54:04+0200 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 87.128.42.65:58374 (136.243.187.69:22) [session: 0]
2016-08-27 17:54:04+0200 [HoneyPotTransport,0,87.128.42.65] Remote SSH version: SSH-2.0-OpenSSH_6.2
2016-08-27 17:54:04+0200 [HoneyPotTransport,0,87.128.42.65] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa
2016-08-27 17:54:04+0200 [HoneyPotTransport,0,87.128.42.65] outgoing: aes128-ctr hmac-md5 none
2016-08-27 17:54:04+0200 [HoneyPotTransport,0,87.128.42.65] incoming: aes128-ctr hmac-md5 none
2016-08-27 17:54:10+0200 [HoneyPotTransport,0,87.128.42.65] NEW KEYS
2016-08-27 17:54:10+0200 [HoneyPotTransport,0,87.128.42.65] starting service ssh-userauth
2016-08-27 17:54:10+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] boeserbube trying auth none
2016-08-27 17:54:10+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] boeserbube trying auth keyboard-interactive
2016-08-27 17:54:21+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] login attempt [boeserbube/gehiem] failed
2016-08-27 17:54:21+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] boeserbube failed auth keyboard-interactive
2016-08-27 17:54:21+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] unauthorized login:
2016-08-27 17:54:21+0200 [SSHService ssh-userauth on HoneyPotTransport,0,87.128.42.65] boeserbube trying auth keyboard-interactive

netstat

• netstat -lntp

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 22627/python

Links

• https://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html
• https://thelosingedgeblog.wordpress.com/2016/02/15/kippo-kali-pi/