honeyd使用
2024-10-21 04:01:33
honeyd可以同时模仿上千个不同的计算机
官网
honeyd-1.5c.tar.gz:http://www.honeyd.org
依赖包
libevent-1.3a.tar.gz:http://libevent.org/
libdnet-1.11.tar.gz:http://libdnet.sourceforge.net/
libpcap:http://www.tcpdump.org/release/
arpd-0.2.tar.gz:http://www.citi.umich.edu/u/provos/honeyd/arpd-0.2.tar.gz
安装
出现如下错误:
# cd arpd
# make
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include -I/usr/local/include -I/usr/local/include
-I/usr/local/include -c arpd.c
arpd.c: In function ‘arpd_send’:
arpd.c:268: error: expected ‘)’ before string constant
arpd.c: In function ‘arpd_lookup’:
arpd.c:285: error: expected ‘)’ before string constant
arpd.c:294: error: expected ‘)’ before string constant
arpd.c:297: error: expected ‘)’ before string constant
arpd.c: In function ‘arpd_recv_cb’:
arpd.c:426: error: expected ‘)’ before string constant
make: *** [arpd.o] Error 1解决办法:
//在arpd.c文件中添加
#define __FUNCTION__ ""出现如下错误:
# cd honeyd-1.5c
# ./configure
configure: error: need either libedit or libreadline; install one of them解决办法:
# apt-get install libedit-dev帮助
# honeyd -h
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
Usage: honeyd [OPTIONS] [net ...]
where options include:
-d Do not daemonize, be verbose.
-P Enable polling mode.
-l logfile Log packets and connections to logfile.
-s logfile Logs service status output to logfile.
-i interface Listen on interface.
-p file Read nmap-style fingerprints from file.
-x file Read xprobe-style fingerprints from file.
-a assocfile Read nmap-xprobe associations from file.
-0 osfingerprints Read pf-style OS fingerprints from file.
-u uid Set the uid Honeyd should run as.
-g gid Set the gid Honeyd should run as.
-f configfile Read configuration from file.
-c host:port:name:pass Reports starts to collector.
--webserver-address=address Address on which webserver listens.
--webserver-port=port Port on which webserver listens.
--webserver-root=path Root of document tree.
--fix-webserver-permissions Change ownership and permissions.
--rrdtool-path=path Path to rrdtool.
--disable-webserver Disables internal webserver
--disable-update Disables checking for security fixes.
--verify-config Verify configuration file then exit.
-V, --version Print program version and exit.
-h, --help Print this message and exit.
For plugin development:
--include-dir Prints out header files directory and exits.
--data-dir Prints out data/plug-in directory and exits.默认配置文件
# cat /etc/honeypot/honeyd.conf
route entry 10.0.0.1
route 10.0.0.1 link 10.2.0.0/24
route 10.0.0.1 add net 10.3.0.0/16 10.3.0.1 latency 8ms bandwidth 10Mbps
route 10.3.0.1 link 10.3.0.0/24
route 10.3.0.1 add net 10.3.1.0/24 10.3.1.1 latency 7ms loss 0.5
route 10.3.1.1 link 10.3.1.0/24
# Example of a simple host template and its binding
create template
set template personality "Microsoft Windows XP Professional SP1"
set template uptime 1728650
set template maxfds 35
# For a complex IIS server
add template tcp port 80 "sh /usr/share/honeyd/scripts/win32/web.sh"
add template tcp port 22 "/usr/share/honeyd/scripts/test.sh $ipsrc $dport"
add template tcp port 23 proxy $ipsrc:23
add template udp port 53 proxy 141.211.92.141:53
set template default tcp action reset
# Use this if you are not running honeyd as 'honeyd' user:
# Debian-specific (use nobody = 65534 instead of 32767)
# set template uid 65534 gid 65534
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create router
set router personality "Cisco 1601R router running IOS 12.1(5)"
set router default tcp action reset
add router tcp port 22 "/usr/share/honeyd/scripts/test.sh"
add router tcp port 23 "/usr/share/honeyd/scripts/router-telnet.pl"
bind 10.3.0.1 router
bind 10.3.1.1 router
bind 10.3.1.12 template
bind 10.3.1.11 template
bind 10.3.1.10 template
set 10.3.1.11 personality "Microsoft Windows NT 4.0 SP3"
set 10.3.1.10 personality "IBM AIX 4.2"举例
编写一个telnet连接时,使用脚本应答
# vi test.sh
echo SSH-1.5-2.40
while read name
do
echo "$name"
done编写一个honeyd启动时,加载的配置
#vi config.sample
create linux //创建模板名称
set linux personality "Linux 2.4.20" //设置指纹名称
set linux default tcp action reset
add linux tcp port 21 open //打开21端口
add linux tcp port 23 "/home/scripts/test.sh"
bind 192.168.254.131 linux //为虚拟主机绑定ip启动arpd
虚拟出ip地址
# arpd 192.168.254.131
arpd[417]: listening on eth4: arp and (dst 192.168.254.131) and not ether src 00:0c:29:b9:5d:31启动honeyd
# honeyd -d -f /usr/local/share/honeyd/config.sample 192.168.254.131
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[373]: started with -d -f /usr/local/share/honeyd/config.sample 192.168.254.131
honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and
dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31
honeyd[373]: Demoting process privileges to uid 65534, gid 65534启动telnet测试
# telnet 192.168.254.131
Trying 192.168.254.131...
Connected to 192.168.254.131.
Escape character is '^]'.
SSH-1.5-2.40
dir
dir测试成功
honeyd[373]: listening promiscuously on eth4: (arp or ip proto 47 or (udp and src port 67 and
dst port 68) or (ip and (host 192.168.254.131))) and not ether src 00:0c:29:b9:5d:31
honeyd[373]: Demoting process privileges to uid 65534, gid 65534
honeyd[373]: Connection request: tcp (192.168.254.1:50408 - 192.168.254.131:23)
honeyd[373]: Connection established: tcp (192.168.254.1:50408 - 192.168.254.131:23) <->
/home/scripts/test.sh其他命令
为蜜罐动态分配ip
set xxx ethernet "dell"
dhcp xxx on eth1创建动态模版
dynamic xxx最新文章
- No.25
- DotNet Core 1.0 集成 CentOS 开发与运行环境部署
- Oracle、SQL Server、MySQL数据类型对比
- [转]curl_multi 实现准多进程发请求
- extern 修饰符
- uDig介绍
- Spring Security Encryption三种加密方式
- python库tkinter、pygame中几点需要注意的问题
- 完全卸载mysql 停止服务、卸载相关程序、删除注册表
- [Locked] Flip Game I & II
- 使用C#创建自定义背景色/形状的菜单栏与工具栏
- ScrollView属性fillViewport解决android布局不能撑满全屏的问题
- 老帖收藏,留供参考:SpringMvc2.5+Mybatis3.2.7
- electron-vue初始桌面应用
- LeetCode算法题-Number of Boomerangs(Java实现)
- [Visual Studio] NuGet发布自定义包(Library Package)
- MySQL笔记(1)
- [转]Python numpy函数hstack() vstack() stack() dstack() vsplit() concatenate()
- 项目发布脚本-go
- 【字符串】Reverse Words in a String(两个栈)