HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment.
Documentation:
Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default
root:123456
to some arbitrary values (options AUTH_USERNAME
and AUTH_PASSWORD
), custom Welcome message can be changed from default (option WELCOME
), custom hostname (option FAKE_HOSTNAME
), architecture (option FAKE_ARCHITECTURE
), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH
), location of downloaded binary files dropped by connected users (option SAMPLES_DIR
), etc.
Note: Some botnets tend to delete the files from compromised hosts (e.g.
/bin/bash
) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/
) should be recovered from the previously stored backup (recommended).
0 Comments