Honssh honeypot - Skilled attacker


On 4-29-2015 an actually skilled attacker logs in. I'm not sure if he realized he was in a honeypot, and was trying to gain access to honssh. Or if he was trying to break into what he thought was a router. At any rate, he was skilled enough to write a one line shell script on the fly to search for open ports.



jthid
looks like too much coffee and not noticing the 65536 typo
#MUWA •
20% great technique 80% loading for port scanning
richard vaughn
He should have nohupped the port scan, redirected it to a file, grepped that.
TheSurvivor4
Sound-song name ? :)
MrArisVideo
He knew that it was a honeypot and he tried to ger access to the host machine.
John Ritchie
Nice one, nice lesson for script kiddies to realize that a lot of recon can be done in bash prompt without a script. Gave me new respect for bash.
Astrokie
lmao if only we could see the look on his face at the end
-
good to see there is someone out there knowing more than an wget command to download some "hacker scripts"
MELLOW
Props to this guy...
fish and banana
Hmm i couldnt find /dev/tcp on ubuntu, what is it replaced with ?
dr07828
tcp is a device.
Troy C
Whoa!
can you see me
Nmap could have done the job BUT it's not straight forward as you think,nmap can be NOISY!
Bob Lon
wow...this guy is amaizing...i mean i have seen sime skilled hqcks but this guy was probibly trying to break into the network through the honeypot...wow the skill is too real
Algorak
lol
Brad EastGate
Were running this on a raspberry pi?
GENERATING ROPS AND NOPS 4 YEARS
Nmap the easy way
Esc
I don't know why people are bashing on you for calling him "skilled" they are propably jealous :3 Anyway how did the attacker know he was in a honeypot?
Stephen Xanders
Is nobody going to talk about the random DragonBall z subtitles in the beginning?
kek kek
What is the name of this honeypot
L Rose
So once theyre in a honeypot, they cant get out?
dot
nc -z 192.168.1.110 80 nc -z 192.168.1.110 22 nc -z 192.168.1.110 443 and so on would have done the job as well (also a little simpler imo)
Ammar Hamood
What was he tryin to do ? and why that all dots went in lines ???
Fated
I'm so interested in hacking and protecting myself. Where do I even begin? Did you go to school for this?
Blz Ahz
I have question: the open port was at 65535 why does the attacker try 65536? Did the attacker just goof up, or what's the deal here?
bigbear 350
i been thinking .. how about hacking india server and fried them .. then they will having hard time to scam us and plus .. they will getting hard time to get parts for the server ..
Misanthrope330
He wrote nmap in the command line. I really would have liked to see what he was really going to do. That was an inspiring, and scary, level of skills.
Rundll32
Your ssh port is 2222 default honeypot config file for ssh DEAD GIVEAWAY Its a honeypot
Quantum Tunneller
This guy definitely isn't "incredibly skilled" as some in this comment section tend to believe. The most you can say about this guy is he knew what he was doing and clearly understood he was in a honeypot.
Arsh Rind
LOL its just an echo command used to read whatever the person is trying to say... nothing hacked actually... Nice fooling around
roflex2
What is skilled about this? He wrote some bash to Port scan the router?? Anyone can do that