Contents

Hfish a Honeypot Platform

  

HFish Honeypot In this article and video, I show you how to set up the HFish Honeypot in a few different ways and show you what you can do with it. HFish It is a cross-platform honeypot platform developed based on Golang, which has been meticulously built for enterprise security.


 

What I show in this article and video


Hfish a Honeypot Platform

 

What is a Honeypot

A honeypot looks like a real computer system that deliberately presents itself as vulnerable with applications and data, fooling cybercriminals into thinking it’s a legitimate target. For example, for (worm) viruses and customer billing systems - a frequent target of attack for criminals who want to find credit card numbers. The system is made as vulnerable as possible. If the hackers are in, they can be tracked, and their behavior assessed for clues on how to make the real network more secure.

Honeypots are also used to realize post-admission control in quarantine networks. Sometimes a honeypot is used to retrieve the hacker’s data. This way they can arrest the hacker and if necessary try it. The data retrieved by honeypot will then serve as proof.

A honeypot will have information that a hacker finds interesting, such as password information. In my own experience, this list can be a lot of fun and big, but also a lot of the most chosen passwords such as admin and 123456

Honeypot

 

What about the name “Honeypot”

The origin of the term “honeypot” (honey jar) is often associated with the bear Winnie the Pooh, who ended up in all kinds of situations because of his great love for pots of honey.
Another is
Honeypot comes from the world of espionage, where Mata Hari-style spies who use a romantic relationship as a way to steal secrets are described as setting a “honey trap” or “honeypot”. Often, an enemy spy is compromised by a honey trap and then blackmailed to hand over everything he/she knows.

 

Honeypot

 

  • Multi-function: Not just support HTTP(S) Pot,It also supports SSHSFTPRedisMysqlFTPTelnetDeep etc.
  • Expansibility: Provide API Interface,Users can expand honeypot module at will ( WEBPCAPP )
  • Convenience: Use Golang Development, Users can Win + Mac + Linux Quickly deploy a honeypot platform on

 

HFish Support honeypot

  • SSH Pot
  • Redis Pot
  • Mysql Pot
  • MemCache Pot
  • Telnet Pot
  • FTP Pot
  • WEB Pot
  • Deep Pot
  • HTTP Pot
  • TFTP Pot
  • VNC Pot
  • ES Pot
  • Custom Pot
  • And some more

 

HFish can be installed on Linux, Windows, Mac and Raspberry Pi

  • darwin for Mac version
  • 386 is a 32 -bit system, amd64 is a 64 -bit system
  • **arm64 **ARM architecture 64- bit can be used for Raspberry Pi

HFish can be installed on Linux, Windows, Mac and Raspberry Pi

Unfortunately, because I see that entire articles are regularly copied from hackingpassion.com, and without even mentioning Hacking Passion and pretending it was written themself, I decided to stop copying on hackingpassion.com.

I know this can be very difficult, especially if you have to copy (large) pieces of code, or commands, freehand.

On the other hand, this is also a very good exercise. Because once you do it wrong the program usually doesn’t work. A very good way to learn. (I can definitely recommend doing this with everything) - just a really good exercise :-D


 

Install HFish on a Ubuntu Server

Both for this article and in the video I will show you how to install HFish on an Ubuntu server. How to install an Ubuntu Minimal server on, for example, a VirtualBox, I show you in detail in the video.

As soon as the Ubuntu server (You can of course use various Linux servers, such as a Debian or a Centos) We will start installing the Honeypot

Obviously you should check if you have the correct release. You can find it here.

1
wget https://github.com/hacklcx/HFish/releases/download/0.6.2/HFish-0.6.2-linux-amd64.tar.gz
1
tar -zxvf HFish-0.6.2-linux-amd64.tar.gz
1
cd HFish-0.6.2-linux-amd64
1
chmod 777 -R db

HFish install

To start the HFish Honeypot simply run:

1
./HFish run

HFish Run

 

How to solve a crash problem with HFish and setup a cronjob

This is also very handy to just install the cronjob so that you can also work on your website or other things while the Honeypot continues to run. So I advise you to just use this.

After testing, because the concurrency is too high, and other scripting issues, the program will look abnormal, and causing the program process to exit.

With the help of a bash script, we will address the cronjob, and in this way, we ensure that the script is controlled every minute by the cron that we are going to place.

Open a file with vim, nano or any other editor /opt/monitor.sh. In this example I use vim.

1
vim /opt/monitor.sh

Place the following bash script in the terminal and save it. Make sure with this command that it will be the right version of HFish (in this tutorial I use HFish-0.6.2-linux-amd64) Make sure you change this in the script as well to the one you have downloaded.

 

1
2
3
4
5
6
#!/bin/bash  
procnum=`ps -ef | grep "HFish"| grep -v grep | wc -l`  

if [ $procnum -eq 0 ]; then  
   cd HFish-0.6.2-linux-amd64 && nohup ./HFish run >> /opt/output.log 2>&1 &
fi

 


#!/bin/bash

The next thing we are going to do is create a cron job to make sure that (in this case) the script runs every minute so that HFish keeps running.
We open the cronjob with the following command:

1
crontab -e

And now we put the next cron line at the bottom, exactly as I show in the picture.

1
*/1 * * * * sh /opt/monitor.sh

 

crontab -e

Write the content, execute once a minute : wq! (vim)
or
ctrl and O for (nano)
Save and exit.

With the follow command we make sure the script will run without a stop.

1
cd HFish-0.6.2-linux-amd64 && nohup ./HFish run >> /opt/output.log 2>&1 &

As you see in this command we use “nohup”. Nohup runs a command that keeps running after you log out.
The output file you can find in /opt/output.log


Run

 

Video HFish Honeypot

In this video, I will show you all sorts of things.
For example, how to install a simple Ubuntu server locally, how to install HFish, how to use Play with Docker. At the end of the video, I’ll show you what traffic there has been when the Honeypot runs for several hours.
I tried to indicate the commands as clearly as possible. In this video, I use my own VPS server. Attacks are not intended to take place here. Be polite to use your own (local) server for this. I hope you enjoy this video. If there have a comment, you can leave them at the bottom of this article, or on YouTube itself.
Most important have fun..! :-D

 



 

Become a member on Odysee.com
Earning on Odysee for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.

https://odysee.com/$/invite/@hackingpassion:9


 

Redis honeypot

redis-cli, the Redis command line interface

redis-cli is the Redis command-line interface, a simple program that allows sending commands to Redis, and read the replies sent by the server, directly from the terminal.

It has two main modes: an interactive mode where there is a REPL (Read Eval Print Loop) where the user types commands and get replies; and another mode where the command is sent as arguments of redis-cli, executed, and printed on the standard output.

The command I use in this example:

1
sudo redis-cli -h IP ADDRESS -a 12345
1
ls
1
set test 12345678
1
get test
1
exit

redis-cli, the Redis command line interface

Press on “click to view” to see what the relevant IP address has done for an attack. So you can see various commands they have used.


Hook information redis

 

Telnet honeypot

Telnet is one of the earliest remote login protocols on the Internet. The Telnet session between the client and the server is not encrypted. Anyone with access to the TCP/IP packet flow between the communicating hosts can reconstruct the data that flows between the endpoints and read the messaging, including the usernames and passwords that are used to log in to the remote machine. 


Telnet honeypot

Telnet honeypot

Telnet honeypot


WEB honeypot WordPress

1
2
3
4
5
6
7
[web]
status = 0                                  
addr = 0.0.0.0:9000                          
template = wordPress/html                    
index = index.html                          
static = wordPress/static                    
url = /

 

  • status whether to start WEB 1 start 0shut down, start the API after WEB before reporting results
  • addr WEB server address, 0.0.0.0 is open to the outside world, 127.0.0.1 is open to the inside and can go through Nginx reverse proxy
  • template template path
  • index home page file
  • static static file path Note: there must be two directories, HTML files and static files can not be same level
  • url access path, the default / can be changed to /index.html /index.asp /loginetc.

 

WEB honeypot WordPresst

 

Play with Docker HFish Honeypot

Play with Docker (PWD) is a Docker playground that allows users to run Docker commands in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in a browser, where you can build and run Docker containers and even create clusters in Docker Swarm Mode. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs.


Play with Docker HFish Honeypot

You can also use Play with Docker also for many other docker applications.
You may need to change the ssh port. In this example, I changed it to -p 2222:22. (Normal will this be 22:22)

Use the “ADD NEW INSTANCE” button to open a new terminal.

1
docker run -d --name hfish -p 21:21 -p 2222:22 -p 23:23 -p 69:69 -p 3306:3306 -p 5900:5900 -p 6379:6379 -p 8080:8080 -p 8081:8081 -p 8989:8989 -p 9000:9000 -p 9001:9001 -p 9200:9200 -p 11211:11211 --restart=always imdevops/hfish:latest

docker run

Use port 9001 to log in
The default login details are:
Username :: admin
Password :: admin


HFish

 

HFish

 

Conclusion

It was so much fun to make this video and article. I have been using honey pots for a long time. There are many different honeypots on the internet. HFish is one and HFish is a very nice option to use. I am sure that there will be more articles and videos about honeypots in the future.
I sincerely hope you enjoy this video and article as much as I did. :-)


 

WANT TO SUPPORT THE WEBSITE

Dear people, I do a lot of things on the Internet and I do it all for free. If I don’t get enough to support myself, it becomes very difficult to maintain my web presence, which takes a lot of time, and the server costs also have to be paid. Your support is greatly appreciated.

Thanks guys ..!

https://paypal.me/hackingpassion

Use the link above to donate via PayPal.


 

IMPORTANT THINGS TO REMEMBER

✓ This Video and Article is made for educational purposes and pentest only.

* You will not misuse the information to gain unauthorized access.

✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!


Read also the Disclaimer

All the techniques provided in the tutorials on HackingPassion.com, are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, HackingPassion.com can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.


 

Finally

If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, contact me. Please feel free to do so.


 

 

By Bulls Eye

Jolanda de koff • emaildonate

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ...

I ♥ open-source and Linux