seculabs ebook - honeypots - installation and usage in backtrack os
TRANSCRIPT
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 1/11
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 2/11
SECUGENIUS SECURITY SOLUTIONS
--------------------------------------------------------------------------------------
(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)
Company Profile:
Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student
Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS
are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius
Security Solutions are providing training in Information Security and various professional courses.
Secugenius Security Solutions is an organization which believes in inventing and implementing newideas to influence the technological minds of the youngsters
Looking at the number of Cyber Crimes since last many years, We at Secugenius Security
Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank
Employees, Police officials.
Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the
benefit of the students & making them aware of the latest trends in technological era of the
Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the
nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime
Investigation & Forensic Sciences
Secugenius provides various security solutions to its clients by securing their websites from cyber
attacks. We provide training to college students, graduates and professionals in various fields.
Education is delivered to students through two modes i.e. Regular mode and Distance mode which
are available as short term and long term courses.
In the workshops conducted by Secugenius, participants can claim to be trained by the highly
experienced & skilled corporate trainers from different parts of the nation. We believe in making
the base of students to be as strong as possible. All the modules have been designed in order to
provide students with specialized knowledge by specialized trainers.
This library was furnished, managed and funded by the Founders and Directors of Secugenius
Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of
the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security
Solutions.
This Online Digital Library has been initiated as a free resource & permanent
resource on specialization basis for every student of Team Secugenius.
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 3/11
Honeypots - Installation and Usage in Backtrack OS
Product ID No: SG/ODL/13045
Founder & Director: Harpreet Khattar & Kshitij Adhlakha
Resource Person: Chetan Soni, Ranjan Raja and Annu Raj
Secugenius Security Solutions
SCO-13A, Model Town Extn, Near Krishna Mandir,
Ludhiana-141002, Punjab – India
[email protected], [email protected]
www.secugenius.com , www.seculabs.in
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 4/11
REQUIREMENTS:-
1. Backtrack Operating System
2. Any Windows Machine PURPOSE:-
Honey pots are useful to gather information about attackers, and to distractthem. The Linux program honeyd is very easy to use and powerful.
STEPS:-Start Backtrack Operating System or you can also use any Linux Distro.Open a Terminal window.
In a Terminal window, enter this command, and then press Enter:
root@bt:~# ping google.com
Make sure you are getting replies, and then press Ctrl+c to stop the pings.
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 5/11
In a Terminal window, enter this command, and then press Enter:
root@bt:~# Ifconfig
(Find the interface that goes to the Internet and make a note of it” eth0” )
Installing honeyd:-
If you are using Backtrack 5 R3, honeyd is already installed. If not, you mayneed to install it with this command:
root@bt:~# apt-get install honeyd
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 6/11
To Run Honeyd, go here,
After clicking the honeyd from menu, it shows this terminal,
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 7/11
Creating the Config File
Case 1(IP through DHCP) –
In Terminal window, enter this command, and then press Enter:
root@bt:~# nano secugenius.conf
Type this code as shown below.
This tells honeyd to emulate a Windows XP machine.
create defaultset default default tcp action block set default default udp action block set default default icmp action block
create windowsset windows personality "Microsoft Windows XP Professional SP1"set windows default tcp action resetadd windows tcp port 133 openadd windows tcp port 126 open
add windows tcp port 444 open
set windows ethernet "00:11:22:33:44:55"dhcp windows on eth0
(In the last line, specify the interface that goes to your network--in my case it was eth0 .)
Save the file with Ctrl+X , Y , Enter.
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 8/11
Case 2 (Manually IP) –
If you don’t want to use DHCP IP, then you can use any IP so now we useGedit editor,
root@bt:~# gedit honeyd.conf
create windowsset windows personality “Microsoft Windows XP Professional SPI” add windows tcp port 23 openadd windows tcp port 25 openadd windows tcp port 80 open
set windows ethernet “aa:bb:cc:dd:ee:ff ”
bind 192.168.176.132 windows
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 9/11
Running honeyd
For Case 1 –
In a Terminal window, enter this command, and then press Enter:
root@bt:~# honeyd – d – I eth0 – f secugenius.conf
The -d switch tells honeyd not to run as a daemon, so you can see what it’s doing.
The -i specifies which interface to use.
The -f switch tells honeyd what Config file to use.
Honeyd should start, with the usual unimportant warning messages, andget an IP address from DHCP, as shown below:
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 10/11
For Case 2 –
In a Terminal window, enter this command, and then press Enter:
root@bt:~# honeyd – d – f honeyd.conf
Here you can see that, when someone pings your IP then you receive ICMPEcho Requests,
7/29/2019 Seculabs eBook - Honeypots - Installation and Usage in Backtrack OS
http://slidepdf.com/reader/full/seculabs-ebook-honeypots-installation-and-usage-in-backtrack-os 11/11
Now you also use nmap scanner, just installed nmap in windows and scanthat DHCP or Manually IP and you got the message that someone scansyour IP through nmap.
.