NetworkHoney -B-L-O-G-


	08/15/2023 Been a bit. I have been working on getting cowrie working, but not only that, but figuring out all it's quarks to install on an RPI02. You see there are some extra things you need to do to get it to work. Like getting Rust compiler to compile and install. There is an issue with the amount of ram needed to install rust. It needs 500mb of free mem to compile. Anyway, the RPI02 only has 500mbs, and after the system and what not, there is just over 400mbs free. That causes the compiler to fail install. The solution was simple. Increase the size of the swap file. Because the pi only has 99mbs of a swap. and more than half of that was in use. So I made it 256mbs, and that solved it. I am basically making sure I have the install proceedure seamless so I can post it on the site. I also got kippo-graph working, which is a web program that gives you a visual graph of the honeypot activity. It uses mysql. Which is nice because not only will it keep physical logs in cowrie, but they will also be stored in a db now. What I want to do is get it set up so you can see the stats on the website as well. But that will take a bit of creativity to get it going. 08/10/2023 So I know I said that I got my old honssh working, and indeed I did get it working. However I ran into a new issue. All sorts of dumb issues happen when you are trying to setup old outdated software in a more currently secured climate. At some point, specific encryption algarythms in SSH were deprechiated. And so, unless you specified the specific outdated algarythm to use, it would not connect. Kinda pointless if the dumb attacker has to know to do that just to connect. I am still going to work on getting it to work. In the mean time I got Cowrie working. It is beasically Kippo on steriods. All the same kind of features, only more customizable, and with a bunch of interfaces. I am going to play with that for a bit. 08/08/2023 networkhoney@networkhoney:~/honssh $ sudo ./honsshctrl.sh start honsshctrl.sh[10965]: Starting honssh in background... [VALIDATION] - [honeypot-static][honey_port] must not be blank. [VALIDATION] - [honeypot][ssh_addr] must not be blank. [VALIDATION] - [honeypot][client_addr] must not be blank. networkhoney@networkhoney:~/honssh $ Hot digity, I got it working. It was a trip. I have to do a how to video on how to get this thing going But as you can see above it ran, but faulted because I haven't edited the config file. As soon as I do that, this bitch will work. What did I have to do. Well, I started out by saying to my self, " I should update and upgrade before setting up. And I started out not doing that. Well, it was partly that, but also the other thing I considered in my head. I though that I should just go and download an older verion of raspbian, that way the software will be running on what it was written for. I didn't start out that way. I tried to make it work on the current version, which really meant I would be porting the entire collection of python scripts, which is not something I wanted to do. Finally I gave in and downloaded the last version of buster, which comes native with python2.7, which is what honssh needs. After that I just had to install a few dependancies, and make one change to one of the scripts, and bam! 08/06/2023 Damn... It will only work on RPI2, and the only available one is sitting in front of me dead. Likely one of the original pi's that I used on the honeypot in 2016. That's not gonna work. Well I am chaning tact's. I am trying another honeypot right now, that kind of like kippo only more feature rich called cowrie. Is the name based off of cowrie from Akira?? Cool... I went through a setup, and I am getting the same damn error. I guess I have to start with a fresh pi install. I probably messed that one all up trying to get honssh working. I will keep you posted. 08/06/2023 Happy dance... happy dance.... When you save a lot files over time, it get's to be hard to find things... Yeah.. that's just how it is.... So I blew up the video card in my laptop. I don't have the money to replace the card yet, But I have it running so I can access my crap when I need it via my desktop. I had to search through everything, but I finally found my backup of my honssh image that I used in 2016. I can just write that to the SDcard and pop it in, and it should work.. Well... Maybey famous last words... This originally was on an RPI2. And it will now run on a RPI0w. I believe it should work just fine. But there is that chance it will not. I guess we will see. Right now I am downloading the 8 gigs of the image to my desktop, and we will see. 08/02/2023 Time to decide how bad I want to run Honssh. As with all older software, things change, and that software ends up broken. This is the case with HONssh. It has not been maintained for so long, that it's broke with current softwares. I spent a few hours trying to get it to work. I got so far as to get to the point where I could just about run honssh, and it would die due to differences in the current version of tiwsted, and the version honssh was written for. So do I keep hacking away, and install an older version of python, and twisted to get this thing working, or do I skip it and just use Bifrozt? I guess I will see how I feel tomorrow. 07/27/2023 Hi Microsoft ;) just saw an IP address from Microsoft hit this site. I suspected Bing crawling it. And indeed, i find my updated meta info on bing. Goole has nothing. Maybe i should start using bing. 07/26/2023 Okay okay... It's been a minute yo... Yes, I have been lacking on working on the website. It's a hobby. But tonight while watching the replay of the congressional meeting on UAP's and possible aquired non human origin craft on youtube, I was able to get some work on the site done. I worked on the honeypot page, which is a page with resources. External links are working. Internal just are not built yet. But yeah, I got some work done. Oh yeah, and it's interesting, but I get a good amount of traffic from china which is strange. But I have also gotten traffic from security organizations. They are either interested in my domain name, or looking to see if I have any juicy info.. which as of yet I do not. Sorry. But if you offer the right price, I will set the Domain. 07/22/2023 Here is the plan... I am going to be implimenting a few honeypots in a specific ways. First, I am going to setup HonSSH, because I have the original disk image of the instance I used to run back in 2016. It is all set up specifically to frustrate attakers. You can find a few videos of this one in action in the Videos section. I will also be implementing an instance of BiFrozt. I full featured high interaction honeypot based on HonSSH. It has some useful features like stopping outgoing traffic. This way an attacker who has gained access cannot then start port scanning or launch brute force dictionary attacks on other machines. It will basically just waste their time. Which is good. I would also like to setup a way to see the logs real time on the website. However this may be tricky. I am trying to keep the site as pure HTML as possible, without server side scripts. We will see if we can manage. Lastly, I would to setup another honeypot, that will run on several non standard ports. although, I don't think I will see hits on any other ports but the lowest numrical port. The reason is I want to see other attackes that may be searching a bit higher than the lowest fruit. Maybe get some more advanced attackers. 07/19/2023 Some times I do things that make me chuckle. What exactly? Right now is not time to say. But I think it is funny. Eventually I will post about it. I got the tracker working half way on PHP7.4. Right now enough for me. For some reason I can't get it to record the IP address of the visitor. But that's okay. I just want to know if anyone is visiting at all. Right now the site is getting hits. Today it got over 10. But probably robots. Crawlers or something. 07/18/2023 Foiled again Batman!! Well, when I changed to PHP 8, it broke wordpress. Apparantly the Wordpress dev's are content on keeping on with 7.4. Oh.. Wordpress you say. Oh yeah uh, I have another stie on this host that uses wordpress. So I had to go ahead and switch back to 7.4. Yes this breaks the counter script, but it makes more sence to me to let that not work than to let an entire site not work. 07/16/2023 This is a new entry for today. It is late in the evening. Almost 12 midnight. I just got done implimenting a site counter. It tracks how many hits to the main page, and all of the IP address of machines that have visited. I really just want to know if anyone else is actually checking out the site. I had to do some creative tricks. I could have written my own PHP counter. I have done it in the past. But I chose for simplicity and the sake of time, to use one that someone else made. Its pretty simple. About what I would have come up with as well. But the issue is that, I want to keep the site HTML. I wanted the extensions to be HTML. And rather then edit the htaccess file or apache config to handle html like php, I chose to trick it. What I did was to create a simple PHP file with the php include. Then on the HTML index page, I used an iframe, with a size of 0px by 0px, and no border, so that nothing shows up on the index page, but it calls the php file and runs the script. Works good, and I keep the page HTML. 07/16/2023 I have done a bit of work. I have added an about me page. And added some about this site info. I think I am keeping within the theme so far. And so far I think it looks good. My opinion my be biased however ;) I have decided to remove the info blipit that I had at the bottom of each page, as now I have an about section which can explain what is going on, as well as this blog page. I am not to concerned about people know the site is under construction. Although, every site in the 90's had some banner saying under construction lol. Somthing else that I did is create a page for pages I haven't made yet that basically just says, "nothing here yet" Just so there are no dead links. Something I need to do is come up with the page footer. This way the bottome doesn't look so empty. 07/12/2023 Here is where we are at. I want to get the honeypot up and running again. I would like to make more vids, and post up all of my findings on a website. This was my original domain name back when I started the honeypot. I used to keep track of everything on there. I used a wordpress system to keep track of it. however, this time around I want to give the site, a retro late 90's / early 2000's hacker site vibe. I also want to make it super simple. No wordpress. No site nukes, or any other ocntent management system. I am doing this one old school. HTML and pages. I think it will look hot. So far I have made the main page. Or at least a good start. I think it looks awesome. I may be partial however. I did that a couple of days ago. Tonight I worked on the Honssh page. That too also came out awesome. I am also starting this blog. Right now it is just my progress on the site. And this right now is bare bones. I make keep it bare bones, or I may dress it up. Not sure yet. But that is all for now.

08/15/2023

Been a bit. I have been working on getting cowrie working, but not only that, but figuring out all it's quarks to install on an RPI02. You see there are some extra things you need to do to get it to work. Like getting Rust compiler to compile and install. There is an issue with the amount of ram needed to install rust. It needs 500mb of free mem to compile.

Anyway, the RPI02 only has 500mbs, and after the system and what not, there is just over 400mbs free. That causes the compiler to fail install. The solution was simple. Increase the size of the swap file. Because the pi only has 99mbs of a swap. and more than half of that was in use. So I made it 256mbs, and that solved it.

I am basically making sure I have the install proceedure seamless so I can post it on the site.

I also got kippo-graph working, which is a web program that gives you a visual graph of the honeypot activity. It uses mysql. Which is nice because not only will it keep physical logs in cowrie, but they will also be stored in a db now.

What I want to do is get it set up so you can see the stats on the website as well. But that will take a bit of creativity to get it going.

08/10/2023

So I know I said that I got my old honssh working, and indeed I did get it working. However I ran into a new issue. All sorts of dumb issues happen when you are trying to setup old outdated software in a more currently secured climate.

At some point, specific encryption algarythms in SSH were deprechiated. And so, unless you specified the specific outdated algarythm to use, it would not connect. Kinda pointless if the dumb attacker has to know to do that just to connect.

I am still going to work on getting it to work. In the mean time I got Cowrie working. It is beasically Kippo on steriods. All the same kind of features, only more customizable, and with a bunch of interfaces.

I am going to play with that for a bit.

08/08/2023

networkhoney@networkhoney:~/honssh $ sudo ./honsshctrl.sh start

honsshctrl.sh[10965]: Starting honssh in background...

[VALIDATION] - [honeypot-static][honey_port] must not be blank.

[VALIDATION] - [honeypot][ssh_addr] must not be blank.

[VALIDATION] - [honeypot][client_addr] must not be blank.

networkhoney@networkhoney:~/honssh $

Hot digity, I got it working. It was a trip. I have to do a how to video on how to get this thing going But as you can see above it ran, but faulted because I haven't edited the config file. As soon as I do that, this bitch will work.

What did I have to do. Well, I started out by saying to my self, " I should update and upgrade before setting up. And I started out not doing that. Well, it was partly that, but also the other thing I considered in my head.

I though that I should just go and download an older verion of raspbian, that way the software will be running on what it was written for.

I didn't start out that way. I tried to make it work on the current version, which really meant I would be porting the entire collection of python scripts, which is not something I wanted to do.

Finally I gave in and downloaded the last version of buster, which comes native with python2.7, which is what honssh needs.

After that I just had to install a few dependancies, and make one change to one of the scripts, and bam!

08/06/2023

Damn... It will only work on RPI2, and the only available one is sitting in front of me dead. Likely one of the original pi's that I used on the honeypot in 2016. That's not gonna work.

Well I am chaning tact's. I am trying another honeypot right now, that kind of like kippo only more feature rich called cowrie. Is the name based off of cowrie from Akira?? Cool...

I went through a setup, and I am getting the same damn error. I guess I have to start with a fresh pi install. I probably messed that one all up trying to get honssh working.

I will keep you posted.

08/06/2023

Happy dance... happy dance....

When you save a lot files over time, it get's to be hard to find things... Yeah.. that's just how it is....

So I blew up the video card in my laptop. I don't have the money to replace the card yet, But I have it running so I can access my crap when I need it via my desktop. I had to search through everything, but I finally found my backup of my honssh image that I used in 2016. I can just write that to the SDcard and pop it in, and it should work..

Well...

Maybey famous last words... This originally was on an RPI2. And it will now run on a RPI0w. I believe it should work just fine. But there is that chance it will not. I guess we will see.

Right now I am downloading the 8 gigs of the image to my desktop, and we will see.

08/02/2023

Time to decide how bad I want to run Honssh. As with all older software, things change, and that software ends up broken. This is the case with HONssh. It has not been maintained for so long, that it's broke with current softwares.

I spent a few hours trying to get it to work. I got so far as to get to the point where I could just about run honssh, and it would die due to differences in the current version of tiwsted, and the version honssh was written for.

So do I keep hacking away, and install an older version of python, and twisted to get this thing working, or do I skip it and just use Bifrozt?

I guess I will see how I feel tomorrow.

07/27/2023

Hi Microsoft ;)

just saw an IP address from Microsoft hit this site. I suspected Bing crawling it. And indeed, i find my updated meta info on bing. Goole has nothing. Maybe i should start using bing.

07/26/2023

Okay okay... It's been a minute yo... Yes, I have been lacking on working on the website. It's a hobby. But tonight while watching the replay of the congressional meeting on UAP's and possible aquired non human origin craft on youtube, I was able to get some work on the site done. I worked on the honeypot page, which is a page with resources. External links are working. Internal just are not built yet. But yeah, I got some work done.

Oh yeah, and it's interesting, but I get a good amount of traffic from china which is strange. But I have also gotten traffic from security organizations. They are either interested in my domain name, or looking to see if I have any juicy info.. which as of yet I do not. Sorry. But if you offer the right price, I will set the Domain.

07/22/2023

Here is the plan...

I am going to be implimenting a few honeypots in a specific ways. First, I am going to setup HonSSH, because I have the original disk image of the instance I used to run back in 2016. It is all set up specifically to frustrate attakers. You can find a few videos of this one in action in the Videos section.

I will also be implementing an instance of BiFrozt. I full featured high interaction honeypot based on HonSSH. It has some useful features like stopping outgoing traffic. This way an attacker who has gained access cannot then start port scanning or launch brute force dictionary attacks on other machines. It will basically just waste their time. Which is good.

I would also like to setup a way to see the logs real time on the website. However this may be tricky. I am trying to keep the site as pure HTML as possible, without server side scripts. We will see if we can manage.

Lastly, I would to setup another honeypot, that will run on several non standard ports. although, I don't think I will see hits on any other ports but the lowest numrical port. The reason is I want to see other attackes that may be searching a bit higher than the lowest fruit. Maybe get some more advanced attackers.

07/19/2023

Some times I do things that make me chuckle. What exactly? Right now is not time to say. But I think it is funny. Eventually I will post about it.

I got the tracker working half way on PHP7.4. Right now enough for me. For some reason I can't get it to record the IP address of the visitor. But that's okay. I just want to know if anyone is visiting at all. Right now the site is getting hits. Today it got over 10. But probably robots. Crawlers or something.

07/18/2023

Foiled again Batman!!

Well, when I changed to PHP 8, it broke wordpress. Apparantly the Wordpress dev's are content on keeping on with 7.4. Oh.. Wordpress you say. Oh yeah uh, I have another stie on this host that uses wordpress. So I had to go ahead and switch back to 7.4.

Yes this breaks the counter script, but it makes more sence to me to let that not work than to let an entire site not work.

07/16/2023

This is a new entry for today. It is late in the evening. Almost 12 midnight. I just got done implimenting a site counter. It tracks how many hits to the main page, and all of the IP address of machines that have visited. I really just want to know if anyone else is actually checking out the site.

I had to do some creative tricks. I could have written my own PHP counter. I have done it in the past. But I chose for simplicity and the sake of time, to use one that someone else made. Its pretty simple. About what I would have come up with as well. But the issue is that, I want to keep the site HTML. I wanted the extensions to be HTML. And rather then edit the htaccess file or apache config to handle html like php, I chose to trick it.

What I did was to create a simple PHP file with the php include. Then on the HTML index page, I used an iframe, with a size of 0px by 0px, and no border, so that nothing shows up on the index page, but it calls the php file and runs the script. Works good, and I keep the page HTML.

07/16/2023

I have done a bit of work. I have added an about me page. And added some about this site info. I think I am keeping within the theme so far. And so far I think it looks good. My opinion my be biased however ;)

I have decided to remove the info blipit that I had at the bottom of each page, as now I have an about section which can explain what is going on, as well as this blog page. I am not to concerned about people know the site is under construction. Although, every site in the 90's had some banner saying under construction lol.

Somthing else that I did is create a page for pages I haven't made yet that basically just says, "nothing here yet" Just so there are no dead links.

Something I need to do is come up with the page footer. This way the bottome doesn't look so empty.

07/12/2023

Here is where we are at. I want to get the honeypot up and running again. I would like to make more vids, and post up all of my findings on a website. This was my original domain name back when I started the honeypot. I used to keep track of everything on there. I used a wordpress system to keep track of it. however, this time around I want to give the site, a retro late 90's / early 2000's hacker site vibe. I also want to make it super simple. No wordpress. No site nukes, or any other ocntent management system. I am doing this one old school. HTML and pages. I think it will look hot.

So far I have made the main page. Or at least a good start. I think it looks awesome. I may be partial however. I did that a couple of days ago. Tonight I worked on the Honssh page. That too also came out awesome. I am also starting this blog. Right now it is just my progress on the site. And this right now is bare bones. I make keep it bare bones, or I may dress it up. Not sure yet. But that is all for now.