0xdf
The video "Creating a SSH Honeypot with Python" demonstrates the process to create an SSH honeypot using Python rather than pre-existing honeypot projects. The presenter demonstrates each step of the process, including creating the necessary elements of the TCP stack, implementing socket level aspects and incorporating the Paramiko library to handle SSH server functionality. They explain how to store the server public key, prevent man-in-the-middle attacks, and handle multiple client connections using threading. Finally, they subclass the paraminko server interface and define the check_password function to create the honeypot server, which logs any attempt to log in with a password. The presenter suggests that there are other functions that can be added to further build the server, such as creating a session and responding to commands.
In this section, the speaker discusses his rationale for creating an SSH honeypot and provides an overview of the process that he will follow in order to accomplish this task. He expresses his preference to build a honeypot from scratch in Python rather than using pre-existing honeypot projects, particularly if focusing on capturing credentials. The speaker then proceeds to open an empty file and create the necessary elements of the TCP stack, including a listening socket and a TCP socket. He also includes an overview of the socket level implementation that he undertakes, including the reuse address option for the socket level, which will allow him to immediately make it available for use after closing it.
In this section, the code is updated to use the accept method which checks the queue of incoming connections and returns a socket object for those connections along with the client’s IP and port. The IP and port are printed, and the code is updated to send and receive messages through the socket. The Paramiko library is introduced as a tool to handle SSH server functionality. The server key is generated and added to the transport object, and the start_server method is used to start the SSH server. However, because the necessary functions are not defined yet, the SSH server is not fully functional.
In this section, the speaker demonstrates the need for storing the server public key to prevent man-in-the-middle attacks. They illustrate how the SSH client would refuse the connection if there was any change in the stored key. They implement quality of life features such as setting a default key and running an infinite loop around the server. Finally, they add threading to handle multiple client connections at the same time.
In this section of the video, the presenter begins to create the SSH honeypot server. They subclass the paraminko server interface and define the check_password function, which will print the username and password. The function always returns paraminko Dot auth failed. The presenter shows that when running the script and attempting to log in with a password, any attempt gets logged, so this creates the honeypot server as desired. They mention that there are other functions specified by the server interface class that can be defined to further build the server, such as creating a session and responding to commands sent over that session. Nevertheless, this is a good start for a honeypot server.
No videos found.
No related videos found.
No music found.