How to Set Up A Honeypot in 10 Minutes
What is a honeypot you may ask? What is its significance and why is it crucial that we set one up? Honeypots are essentially decoy servers deployed alongside of your actual system in the network. Its purpose is to attract malicious attackers trying to get into your network. Honeypots can misdirect assailants and their constituents from getting into your network. It can also help serve as a great way to add security monitoring opportunities for blue teams.
Here’s how to entice possible attackers into a honeypot trap with Kali Linux.
You’ll need a Kali Linux box and download a tool called pentbox.
Open the terminal and download pentbox with the command.
wget http://downloads.sourceforge.net/project/pentbox18realised/pentbox-1.8.tar.gz
What this command does is point it to this website and download the tool.
Find it in your directory, which ever it may be, mine happens to be at home directory.
tar xvfz pentbox-1.8.tar.gz
Then we run the command to “unload” the tools. The tar command is used to rip a collection of files and directories into a highly compressed archive file commonly called tarball.
Then we execute the following command ./pentbox.rb
And then, following should pop up.
Now the juicy part, the reason why we’re here. To lure the attackers.
From here we select 2 for Network tools and then 3 for Honeypot.
Then select option 1 for Fast Auto Configuration. Once this is selected, it will launch the honey pot and default to port 80.
Now open a web browser on another machine such as your host machine and point it to the IP address on your kali machine. My Kali box IP was 10.0.2.4. You can use the commands ip address or ifconfig | grep inet.
You should get an access denied and if you did that’s right.
You should see the following.
If you would like to dig deeper and have your honeypot listen to a specific port. You would run bentbox as such and select 2 and then 3 followed by 2. When the script prompts you to enter a port type in 22. Port 22 is the for SSH
When I try to SSH in to the IP address I get the following “INTRUSION ATTEMPT DETECTED!”
you can see the attempt was logged and where the IP was originated from.
Congrats! Now you have successfully set up your Honeypot!
