Kippo on Slackware 13

''[[Assuming: /usr/local/src/ will hold the code]]''

Change into the directory cd /usr/local/src/

download: wget http://kippo.googlecode.com/files/kippo-0.4.tar.gz unpack it. tar xf kippo-0.4.tar.gz

This is a Python program there is no ./configure, make, make install needed.

Create a simple config file by copying and editing the included example: cp kippo.cfg.dist kippo.cfg

contents look like this:

[honeypot]
ssh_port = 2222
hostname = sales
log_path = log
download_path = dl
contents_path = honeyfs
filesystem_file = fs.pickle
public_key = public.key
private_key = private.key

On top of the base Python, which was already installed on my base Slackware13, I needed to install the following python modules:

python-twisted python-zopeinterface pycrypto

The process for installing these is simple as each module comes with a simple setup.py script:

Download to suitable directory untar, cd into untarr'd directory and run 'python setup.py install'

I found the modules at these respective links: http://tmrc.mit.edu/mirror/twisted/Twisted/8.2/Twisted-8.2.0.tar.bz2#md5=c85f151999df3ecf04c49a781b4438d2

http://pypi.python.org/packages/source/z/zope.interface/zope.interface-3.5.0.zip

http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.1.0.tar.gz

RUNNING KIPPO

As a normal (not root) user CD to the directory holding kippo: cd /usr/local/src/kippo-0.4 Then run with ./start.sh

Kippo will start, and after a few seconds will drop back to a prompt. Running Kippo this way results in activity being written to a log file: /usr/local/src/kippo-0.4/log/kippo.log

Kill it by looking for the pid with top/ps or: less /usr/local/src/kippo-0.4/kippo.pid

To start it in the foreground so you can see what is happening whizz by: twistd -y kippo.tac -n

Test it on the localhost with ssh -p 2222 anything@localhost

Ubuntu:

sudo apt-get install python-dev openssl python-openssl python-pyasn1 python-twisted

Sweet honeypot - attacker trap, love it. There is a real lack of GTK based honeypots on linux, something along the lines of Specter would be even more awesome, something that could take an attackers spawned shell and reverse it back onto themselves so they hack into their own system would be even more hilarious. But I'll settle for KiPpO! It does what it says on the tin.

Thanks adnan.shukor... its helps

Thanks for this..

For centos install don't forget to:

install pyasn http://sourceforge.net/projects/pyasn1/ add a user chown the kippo dir to that user

i'm having trouble finding a solution to this as I'm not well versed with python: <..snip>

globals(), locals(), ['commands'])

File "/home/jyadmin/kippo-0.5/kippo/commands/apt.py", line 5, in ?

from twisted.internet.defer import inlineCallbacks

exceptions.ImportError?: cannot import name inlineCallbacks

Failed to load application: cannot import name inlineCallbacks 2011/02/04 15:36 PST [-] $ twistd -y kippo.tac -n

I've done tons of google searches and can't seem to find much help. any ideas or hints?

jy.jason...@gmail.com, since the error is about inlineCallbacks, it means your version of twisted is probably too old

my bad, i realized I was trying to run it on a debian etch machine... got it installed onto a debian lenny machine and its working fine now. thanks for the help!

Installing Kippo SSH Honeypot on Ubuntu http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html

Logging Kippo events using MySQL DB http://bruteforce.gr/logging-kippo-events-using-mysql-db.html