Setup a honeypot and catch hackers for FREE | cowrie tutorial
HTML-код
- Опубликовано: 18 сен 2024
- I made a discord server for everyone interested in low level programming and malware.
Check it out:
▶ / discord
I'm gonna show you how to setup a Cowrie honeypot and catch hackers (bots) connecting to it.
Subscribe to follow my cybersecurity journey
Twitter/X: / _screeck
Akamai/Linode: www.linode.com...
--------------------------------------------------------------
COMMANDS
--------------------------------------------------------------
0. Change ssh port
sudo nano /etc/ssh/sshd_config
sudo systemctl restart ssh
sudo systemctl status ssh
1. Install python dependencies
sudo apt update
sudo apt upgrade
sudo apt-get install git python3-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind virtualenv
2. Create user account
sudo adduser --disabled-password cowrie
su - cowrie
3. Download cowrie
git clone http ://github.com/cowrie/cowri
4. Setup virtual environment
virtualenv cowrie-env
source cowrie-env/bin/activate
pip install --upgrade pip
pip install --upgrade -r requirements.txt
5. Enable telnet
cp /etc/cowrie.cfg.dist cowrie.cfg
6.Iptables
sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
sudo iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 2223
6. Start cowrie
bin/cowrie start
7.live logs
tail -f ./var/log/cowrie/cowrie.log
#cybersecurity #cybersecurityawareness #cybersecuritytraining #hacker #programming #linux #cloud #linux_tutorial #honeypot #ubuntu #spy
Hi bro awesome work. I need to ask what should i do to protect myself while doing this ? Or is it enough to use Virtual Server or should i do something extra to make myself safe? Some people say i should place honeypot on DMZ but idk how. Appreciate it if you answer
Well, It depends for what you want this honeypot. If you just wanna do an experiment or collect malware for analysis juse use VPS like I did in the video but if you want to use honeypot in your network as an "allarm system" or something like this then it's a different story. I don't have enought experience to advise you on that.
amazing. thanks for tutorial.👏
Kamerka powinna być nakierowana na twoja twarzą a nie profil, daje like i sub
Jesteś niesamowity! GO MICHAŁ🎉
❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤
When I try and change the port from 22 to any 5 digit like you did with 33333, after changing it and refreshing it to se its status, it keeps showing that it is listening on port 22 and ive tried many different things to change the port but nothing is changing. Any recommendations or should i not worry about this part too much?
when i check the status, the "Loaded:" icon on status says "Loaded: loaded (/usr/lib/systemd/system/ssh.service; disabled; preset: enabled)" how come the ssh.service is showing up as disabled? i think this could be my problem?
Okay nevermind, i was able to fix the part saying disabled but my port is still listening to port 22 instead of the port i changed it to
Wierd, are you sure you rested the service after modifying the config file? sudo systemctl restart ssh. Changing the prot is fairly simple, so I don't really know what went wrong in your case. If nothing is working you can always reset the whole VPS.
@@XxFamousxX uncomment the line. It'll fix the issue.
Audio level is so low i can barely hear you with my headphones maxed out.
Thanks for the commant, I'll fix it
I think your headphones should be screwed cause I can hear everything even on 10% volume
@@jakubsiekiera8098 same here load and clear
I just want to say thank you very much for your guide its really helpfull, but I have a problem, I have successfully install cowrie, but it appears to me that I dont have a log file inside my /var/log/
To be honest I have no idea why you don't have a log file there. I found an issue on github about it, maybe it will help you: github.com/cowrie/cowrie/issues/1061
why do you have to change the defaut ssh port?
Attackers will be attacking port 22 (dafault and will be redirected to honeypot), but we still want to be able to connect to vps somehow so we have to change the "legit" ssh port to something non default
@@screeck but once we change ssh port to a different number wouldnt port 22 not be listening anymore?