Skip to content

Honeypot SSH with MongoDB integration and real time dashboard

Notifications You must be signed in to change notification settings

kalpinus/SSH_honeypot

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SSH_Honeypot

Contents

Description

The development of this honeypot starts with an example provided in the Apache MINA SSHD libraries: ServerMain.java. This script allows the instauration of a server at a port that the user can choose (in our case port 22, dedicated to SSH communications). The program basically gives access to the host operating system, hence giving complete access to the machine once the authentication step in passed. The data that the honeypot will gather during the activity time are then store on a MongoDB database. I chose to use this database since it gives a really nice representation of the data that are stored in the collection. Thanks to the dashboard function that is buit in MongoDB, we can graphically visualise the data we will collect.

Installation Guide

Quick guide on how to use this honeypot. You will find a detailed procedure to get the honeypot working on your device.

  1. Download the source code zip and save it into your desired folder or use the command
git clone https://github.com/marcocampione/SSH_honeypot.git 
  1. Check if you have installed the lates version of java in your system.
  • Open command prompt and type :
$ java -version
java version "17.0.1" 2021-10-19 LTS
Java(TM) SE Runtime Environment (build 17.0.1+12-LTS-39)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.1+12-LTS-39, mixed mode, sharing)

$ javac -version
javac 17.0.1
  • If you don't have java installed check this guide and install it.
  1. To use the honeypot you need to compile and build it first, use the commands
javac -d classes -classpath "lib/*" src/*.java src/util/*.java src/filesystem/*.java
jar -cf sshd.jar -C classes filesystem -C classes util -C classes DummyCommand.class -C classes SshServerMain.class
  • After these steps, you should have created two new files in the folder :
    • A folder named classes
    • Afile named sshd.jar
  1. Create a .env file on the main folder and put the connection string for your MongoDB database in this format :
MONGODB_CONNECTION_STRING=mongodb://myDBReader:D1fficultP%[email protected]/?retryWrites=true&w=majority
  • You can find the connection string by clicking on your database, then on the connect button and finally on connect your application. This is what will appear :

image

  1. The honeypot is configured in a way that it will use the port 22 on the host server/machine as listen port, so before running it we have to change the ssh port in our system to a different one since the port 22 is setted by default.
    • Log on to the server as an administrator.
    • Open the SSH configuration file sshd_config with the text editor :
sudo nano /etc/ssh/sshd_config

Screenshot 2023-01-31 183123

  • Replace port 22 with a port between 1024 and 65536 and uncomment the line
  • Save the file
  • Restart the service
$ service ssh restart
  1. The setup is completed now you can run the honeypot using the command
java -cp "lib/*:sshd.jar" SshServerMain

Server Command

This is a list of all the command that are implemented inside the honeypot server. These are some of the most used linux terminal commands, implemented in a way that accurately emulates the workings on Linux. You can add or modify the command by modifying the DummyCommand.java file located in src folder.

Command Description
1 help Will display all the available commands
2 exit Will close the connection with the honeypot
3 ls This command will list files
4 cd This command allows you to move between directories
5 clear This command will clear the terminal screen
6 mkdir This command creates a directory or subdirectory
6.a mkdir -h / --help This command displays help for the mkdir command
7 rm This command allows removing files and directories
7.a rm -h /--help This command displays help for the rm command
8 pwd This commang writes to standard output the full path name of your current directory
9 whoami This command allows the user to see the currently logged-in user
9.a whoami -h / --help This command displays help for the whoami command
10 echo This command will display lines of text or string which are passed as arguments on the command line
11 passwd This command will show a Permission denied message
12 iptables This command will show a Permission denied message
13 grep This command will show a Permission denied message
14 sudo This command will show a Permission denied message
15 cat This command will show a Permission denied message
16 halt This command will show a Permission denied message

MongoDB Integration

To use this honeypot you need fist to register to MongoDB because we will use their sevices to store the data from our machine. I chose this service for its user-friendly nature, but especially for the ability it offers to have databases hosted directly by them and completely free of charge. Another feature that made me choose this service is the ability to graphically visualize the collection of data being collected by our honeypot.

  • After we register we need to create a new project and then a new cluster that will host our database: Screenshot 2023-02-01 143228

The data that the honeypot will send to our database are in this format

_id : ObjectId('xxxxxxxxxxxxxxxxxxxxxxxx')
time:"yyyy-mm-dd hh:mm:ss"
ip:"127.0.0.1"
status:"success"
continent:"continentName"
continentCode:"XX"
country: "countryName"
countryCode:"XX"
region: "xx"
regionName: "regionName"
city: "cityName"
zip:"xxxx"
location: 
	Object type: "Point"
	coordinates:
	Array 
		0: 00.0000
		1: 11.1111
isp:"ispName"
org: ""
as: "name"
asname: "name"
username: "root"
password: "test"
authentication: "Failed"

All the geolocation information that we have in this file are obtained using an api call thanks to this service, the free api that I am using in this project is rate limited to 45 request per minutes, but from my tests are more than enough for the kind of use we need to perform.

The Dashboard

The choice to use mongoDB over other services that offer the ability to host databases , was to be able to directly create interactive dashboards that update in real time. Here you can find a complete guide on how to create a dashboard. In the folder you will also find a file named Honeypot_Dashboard.charts this is the configuration file of my dashboard that you can import into MondgoDB to get the same dashboard I created.

  • Go on the Charts tab Screenshot 2023-02-02 085042

  • Click on Add Dashboard then on Import dashboard Screenshot 2023-02-02 085206

  • After selecting the Honeypot_dashboard.charts file that you can find on the main folder click on save. Screenshot 2023-02-02 085321

  • You have successfully imported the dashboard. This is the result you will obtain Honeypot Dashboard

About

Honeypot SSH with MongoDB integration and real time dashboard

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%