Wednesday, September 9, 2015

How to setup a honeypot in the cloud. Part 1:2 Using putty with EC2

In part one I talked about how to setup your ec2 instance. Now I will teach you how to logon to your instance. If you followed my instructions in step one you have installed the putty suite. Now what putty takes is a different kind of key. So you will have to use puttygen (it comes with putty) to convert your instance key to something that putty can recognize. Here are the steps:
  •         Fire up puttygen.
  •         Click on the load button or use the file menu
  •         You will have to select to show all files
  •         Select the *.pem key file you got from the instance.
  •         You will see a popup. Push OK.
  •         Push save private key. And you are done.

Now open putty or Extraputty and your AWS console. If you followed the tutorial and chose a Ubuntu instance then in the host name field of putty enter Ubuntu as your username, in this format ubuntu@yourec2host. Of course you will replace the second half with your ip address to the instance, which you will find by going to the ec2 tab and clicking on the instance. All the info will be in the bottom pane.

Now this is important, in putty on the right side expand the ssh list item and then click on the auth tab. Now click browse and select the *.ppk key file you just generated. The only way into an amazon instance is with public/private key encryption. So it should be pretty secure as long as you don’t release or lose your public key. You can retrieve it, but that is for another post (Note to self).

OK now go ahead and mess with the appearance tab. If you like to have your shell display in a certain way. Not many settings though. I would love to have a color selector. But anyway back to hacking.

To connect simply push the open button on the bottom of the application. This will pop up a command window, and authenticate with your username which is Ubuntu and for your password it will use your private key that you supplied. This is a very secure way of connecting to a server, I recommend it if you use ssh to log into any box you own (You do have a box with linux on it) Someday I will get around to writing how to do that. Well I think I will end here and call this Part 1.2.

Posted by at No comments :

How to setup a honeypot in the cloud. Part 1: Setup

In this series of articles I will be showing you how to setup your own honeypot on an Amazon EC2 instance. I have experimented and read a lot about how malware works but nothing beats seeing it in action, and trapping malware that’s in the wild.

Well the first thing that you have to do is get an AWS account. Simply go to http://aws.amazon.com  and sign up, unfortunately you have to input a credit card. But they offer a free tier, so go ahead and put it in and make sure you select free tier options. In this article I will be using nothing but free tier services. So you can setup a honeypot in the cloud that runs 24/7 for free!

OK I will show you how to setup your instance. First you will need a few things. First of all the AWS account. But you can modify my process for use in a virtual machine or a main rig, but I recommend AWS.

Go ahead and get putty, the url is:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Ok lets setup your instance, its very simple. First you want to select your region, because malware is different and more rampant in different regions. You can select this in the upper right corner of the AWS site. The selections are:
  •    US East (North Virginia)
  •     US West (Oregon)
  •     EU (Ireland)
  •     EU (Frankfurt)
  •     Asia Pacific (Singapore)
  •     Asia Pacific (Tokyo)
  •     Asia Pacific (Sydney)
  •     South America (Sao Paulo)

Ok now that you have picked your location lets setup your instance. Choose the EC2 tab in AWS, and choose launch instance. Click on the Community AMI’s tab. Search for Ubuntu ubuntu-trusty-14.04-amd64-server-20150325 (ami-d05e75b8). If this distro is not available in your region just search for Ubuntu 14.04 with a root store of “EBS”.

We want the most updated distro we can find. We are going to be messing with hackers, and you never know who might be pissed you got ahold of their malwares. (Fair warning)

Make sure you select the instance type to micro, there will be Free Tier Eligible under it.
Continue until you reach the prompt to create a key pair, choose a name for your instance. For example honeypot, no one will see this but you. Ok, now download that key and save it for later in this tutorial, this is the only way to connect to your instance so don’t lose it!

Now to create the security group, make sure you create new and choose all traffic, and source 0.0.0.0. This will open you up to the world, but that is what we want right? OK, push continue and then Launch. Give your new instance time to startup, and there we go!

In the next installment of this I will show how to login to your new instance and setup Kippo!


Posted by at No comments :

Thursday, September 3, 2015

Septembers Two Hacking Challenges (Postponed for a few days)

I am sorry to everyone that started the hacking challenge. I had some personal issues that interfered with me setting up the test servers.

I will get them up and running and repost the challenges. Stay turned, if you haven't already follow my blog for up to the minute updates.

I plan to update this blog at least once a week with some good Linux information and tutorials!
Posted by at No comments :
Subscribe to: Posts ( Atom )