What is honeypot and how to set-up honeypot in Kali Linux
Hello guys,
Welcome to MikeyToTech
In this article I will
talk you about honeypot that what is honeypot, how it’s work and how we can
trace hacker’s activity. I will also set-up a basic honeypot system in Kali Linux.
So, read the complete post to know about honeypot and learn to set-up a
honeypot system on your system.
What is honeypot ?
Honeypot
A honeypot is computer system that is set up to attract
as decoy to lure cyber attackers and to detect, deflect or study attempts to
gain unauthorized access to information systems.
Generally, a honeypot consists of data (for example, in a
network site) that appears to be a legitimate part of the site, but is actually
isolated and monitored, and that seems to contain information or a resource of
value to attackers, who are then blocked.
A honeypot is a security resource who's value lies in being probed, attacked or compromised.
Honeypot can be classified based on their deployment
(use/action) and based on their level of involvement. Based on deployment,
honeypots may be classified as
1. Production Honeypots
2. Research honeypots
Production honeypots
Production honeypots are easy to use, capture only
limited information, and are used primarily by corporations. Production honeypots
are placed inside the production servers by an organization to improve their
overall state of security. Normally, production honeypots are love-interaction
honeypots, which are easier to deploy. They give less information about the
attacks or attackers than research honeypot.
Research honeypots
Research honeypots ae run to gather information about the
motives and tactics of the Black hat community targeting different networks. These
honeypots do not add direct value to a specific organization, instead, they are
used to research the threats that organizations ace and to learn how to better
protect against those threats. Research honeypots are complex to deploy and
maintain, capture extensive information, and are used primarily by research,
military, or government organization.
creating a basic honeypot
Here, I will make a basic honeypot in Kali Linux and for it I
will use a tool Pentbox, you can also download it using git clone or zip
file from github.
So, I going to clone pentbox tool on the Desktop, that’s why I
type cd Desktop to change directory and here run command git clone
<pentbox url> it will clone pentbox tool in Desktop directory.
After cloning pentbox tool, you can see a file named pentbox.rb
, you need give executable permission to this file by running command chmod
+x pentbox.rb and now you can run the pentbox tool, so type ./pentbox.rb
to start pentbox tool. As you can see in the following picture –
After starting this tool you can see some options here. I will
use Network tools for honeypots.
Auto configuration honeypot
Let’s start to create a honeypot to trace activities in over
network. So, start pentbox tool by running ./pentbox and press 2 and hit
enter to use Network tools. Now you have to choose Honeypot option, so type 3
and hit enter. Now it will ask you auto configure honeypot or manual
configuration here type 1 and hit enter. Now your honeypot is ready you can
also see HONEYPOT ACTIVATED ON PORT 80 as you can see in the following
picture –
To check it’s working
or not, open browser in your network device and type system’s local IP address
in which honeypot activated (to check local IP run ifconfig). So,
I have opened browser in my windows system and type Kali Linux system local IP.
When you brose it, your activities are traced in Kali Linux system such as
which operating system you are using, which browser you are using and it’s
version and more. As you can see in the following picture -
Manual configuration honeypot
Now, we will configure honeypot manually, so start pentbox
tool again and use network tools and choose honeypot option as we did in auto
configuration honeypot.
Now, it will ask you to select option for configuration, you
have to select manual configuration honeypot so type 2 and hit enter. It
will ask you to open port, type port number here which you want to open. I am
using port number 4444, so I typed 4444 and hit enter.
Now it will ask you to type massage to display to the hacker,
so I have type message YOU CAN’T HACK ME and hit enter.
Now it will ask you to save log file, if you want to save log
file then enter y otherwise enter n, I don’t want save log file
so I typed n and hit enter.
Now, it will ask you to Active beep sound when any
movement traced, if you want it then enter y otherwise enter n.
Now, you can see a message HONEYPOT ACTIVATED ON PORT 4444,
see the following picture –
To check it’s working or not, open browser again and type local
IP and port [for example 192.168.43.11:4444], it will display message to
hacker which you typed and it will also trace hacker activities as traced in auto
configure honeypot.
I hope you liked this article.
If you have any question or suggestion, so please do the
comment.
0 Comments