ENG ITA

# Ethical Hacker & ICT Security Specialist

Honeypot

In informatica, una honeypot (letteralmente: "barattolo di miele") è un sistema o componente hardware/software usato come esca al fine di studiare ed analizzare gli attacchi informatici in tempo reale.

Solitamente consiste in uno o più siti o servizi che sembrano essere parte della rete e che contengono informazioni preziose per un attaccante, ma che in realtà sono ben isolati e non contegono dati reali, ma forniscono a chi li amministra tutti i dettagli degli attacchi informatici subiti.

Il valore primario di una honeypot è quindi l'informazione che essa dà sulla natura e la frequenza di eventuali attacchi subiti.

Se sei curioso di scoprire questo mondo, guarda le statistiche degli attacchi in tempo reale che ora dopo ora vengono rilevati dalla mia rete di honeypot:

Dizionari live

E' possibile scaricare dizionari di password, nomi utente e coppie user/pass estrapolati dagli attacchi verso il servizio SSH:

Tutte le statistiche della honeypot di seguito:

SSH

×
Last 50 commands executed
DateCommandSource
2019-01-15 19:08:57uname -a45.119.212.105 Vietnam
2019-01-15 18:52:44cat /proc/cpuinfo | grep name | wc -l95.78.171.197 Russian Federation
2019-01-15 18:52:43cat /proc/cpuinfo | grep name | wc -l95.78.171.197 Russian Federation
2019-01-15 18:52:29cat /proc/cpuinfo | grep name | wc -l91.64.18.15 Germany
2019-01-15 18:52:29cat /proc/cpuinfo | grep name | wc -l91.64.18.15 Germany
2019-01-15 18:52:20cat /proc/cpuinfo | grep name | wc -l92.42.108.115 Germany
2019-01-15 18:52:20cat /proc/cpuinfo | grep name | wc -l92.42.108.115 Germany
2019-01-15 18:35:08 cat /bin/echo ;/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:35:08/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:35:08185.234.217.217 Ireland
2019-01-15 18:35:01 echo -e '\\x47\\x72\\x6f\\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:01 echo -e '\\x47\\x72\\x6f\\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:01 echo -e '\\x47\\x72\\x6f\\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:01 echo -e '\\x47\\x72\\x6f\\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:01 echo -e '\\x47\\x72\\x6f\\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:01/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:35:01/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:35:01185.234.217.217 Ireland
2019-01-15 18:35:00 echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon185.234.217.217 Ireland
2019-01-15 18:35:00185.234.217.217 Ireland
2019-01-15 18:35:00 echo -e '\\x47\\x72\\x6f\\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon185.234.217.217 Ireland
2019-01-15 18:35:00185.234.217.217 Ireland
2019-01-15 18:35:00 echo -e '\\x47\\x72\\x6f\\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon185.234.217.217 Ireland
2019-01-15 18:35:00185.234.217.217 Ireland
2019-01-15 18:35:00 echo -e '\\x47\\x72\\x6f\\x70/' > //.nippon; cat //.nippon; rm -f //.nippon185.234.217.217 Ireland
2019-01-15 18:35:00185.234.217.217 Ireland
2019-01-15 18:35:00 echo -e '\\x47\\x72\\x6f\\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon185.234.217.217 Ireland
2019-01-15 18:35:00185.234.217.217 Ireland
2019-01-15 18:34:59/bin/busybox cp; /gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:59/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:59185.234.217.217 Ireland
2019-01-15 18:34:59 mount ;/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:59/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:59185.234.217.217 Ireland
2019-01-15 18:34:58/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:58/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 18:34:58185.234.217.217 Ireland
2019-01-15 18:33:44cat /proc/cpuinfo | grep name | wc -l51.38.134.197 France
2019-01-15 18:33:43cat /proc/cpuinfo | grep name | wc -l51.38.134.197 France
2019-01-15 17:39:08uname -a45.119.212.105 Vietnam
2019-01-15 17:17:39uname -a45.119.212.105 Vietnam
2019-01-15 16:49:41cat /proc/cpuinfo | grep name | wc -l80.211.245.65 Poland
2019-01-15 16:49:41cat /proc/cpuinfo | grep name | wc -l80.211.245.65 Poland
2019-01-15 15:48:11 cat /bin/echo ;/gisdfoewrsfdf185.234.217.217 Ireland
2019-01-15 15:48:11/gisdfoewrsfdf185.234.217.217 Ireland
×
Last 20 sessions
DateSource
2019-01-15 19:28:28181.123.77.230 Paraguay
2019-01-15 19:26:13117.6.58.98 Vietnam
2019-01-15 19:25:38193.201.224.206 Ukraine
2019-01-15 19:22:455.101.40.166 Russian Federation
2019-01-15 19:11:435.101.40.166 Russian Federation
2019-01-15 19:11:17202.106.93.46 China
2019-01-15 19:10:46141.144.120.163 Denmark
2019-01-15 19:10:22129.21.34.14 United States
2019-01-15 19:09:57123.207.79.36 China
2019-01-15 19:08:4945.119.212.105 Vietnam
2019-01-15 19:08:24193.201.224.206 Ukraine
2019-01-15 19:08:11195.3.147.49 Latvia
2019-01-15 19:07:2389.218.14.61 Kazakhstan
2019-01-15 19:04:35123.207.74.24 China
2019-01-15 19:00:435.101.40.166 Russian Federation
2019-01-15 18:53:195.160.80.34 Iran, Islamic Republic of
2019-01-15 18:52:48222.124.12.57 Indonesia
2019-01-15 18:52:3895.78.171.197 Russian Federation
2019-01-15 18:52:2491.64.18.15 Germany
2019-01-15 18:52:1592.42.108.115 Germany
×
TOP 15 USER+PASS
CountUsernamePassword
21125 adminadmin123
3321 admin
1234 ubntubnt
1114 adminaerohive
524 adminadmin
457 supportsupport
321 rootadmin
270 useruser
257 root!@
251 piraspberry
246 serviceservice
243 guestguest
179 rootroot
176 usuariousuario
156 piraspberryraspberry993311
×
TOP 20 SUCCESSFUL LOGIN IPs
CountSource
2655195.3.147.49 Latvia
1304193.201.224.206 Ukraine
30931.30.120.136 Czech Republic
279109.236.91.85 Netherlands
2545.188.10.76 Croatia
217185.234.217.217 Ireland
200178.19.130.191 France
195176.121.2.13 Ukraine
186185.141.60.46 Bulgaria
1785.196.76.41 France
17338.84.132.236 United States
16745.225.35.253 Brazil
141159.203.36.38 Canada
106128.199.157.152 Singapore
10254.37.235.210 Poland
98167.114.210.108 Canada
96194.63.141.141 Russian Federation
80222.112.82.68 Korea, Republic of
79116.31.116.28 China
79117.4.114.178 Vietnam
×
TOP 20 attackers
ConnectionsSource
7004150.138.183.254 China
50815.101.40.100 Russian Federation
47785.101.40.166 Russian Federation
2766195.3.147.49 Latvia
23855.101.40.150 Russian Federation
18265.101.40.172 Russian Federation
16165.101.40.149 Russian Federation
150895.110.201.243 Italy
140154.175.87.142 United States
1361193.201.224.206 Ukraine
1174182.61.56.5 China
11465.101.40.101 Russian Federation
1064111.231.66.173 China
957171.231.51.180 Vietnam
953146.0.77.128 Netherlands
913146.0.77.173 Netherlands
8305.101.40.106 Russian Federation
790192.187.103.6 United States
759192.187.103.5 United States
758192.187.103.3 United States

Se vuoi guardare il codice che genera questa pagina, vai al sito del mio progetto HoneyStats! (github)

Vuoi ancora di più? Seguimi all'interno del laboratorio!