Help capture SSH Honeypot details and valid username and passwords used


Using this post, , I have setup a SSH Honeypot with Kippo.
If you want, you can forward traffic from your own servers to mine and see the results of the SSH capture @

Use this in your IPTables to forward your own port 22 traffic to mine @ IP

Change ethernet device to match yours.

Remember to save your iptables for after reboot. iptables-save
Also, you better set this: sysctl net.ipv4.ip_forward=1 OR echo “1” > /proc/sys/net/ipv4/ip_forward

You can achive the same forwarding results by using
redir ( )
socat ( )
without making use of ip_forward, NAT and masquerading.

1,014 total views, 1 views today

Create Your Own Local Software Yum Repository Under Fedora Linux



If you have many Fedora (or any Red Hat based) systems, updating them all via yum separately means that you’re going to be downloading an awful lot of duplicated updates. Also, in some organisations, they will have a local yum repository for officially sanctioned updates so that it doesn’t break bespoke software that relies on specific versions of software packages. Here I’ll show you how to create your own local yum repository on your network via the Apache web server which you can then use for all the machines on your network – the point being that the updates are downloaded from a master server only once, thus saving you time and bandwidth.

First off, you’ll need to make you you have the Apache web server installed and running on the server you want to use as a yum repository. If it is, you can skip to the next part. If not or you’re not sure, install it with: –

Set the httpd daemon to run with:-

This assumes that you now have your HTML document root at “/var/www/html”, which is the default. Also, if you have a firewall like iptables running you’ll need to open port 80 to allow HTTP traffic through.

You can verify the port is open with:-

which should show you something like:-

The next thing to do is to create the directory structure required by yum to hold the packages. Create the following directories with:-

You’ll also need your Fedora installation CD for this next part. We’re going to copy the all the installation packages over. You can either use an installation CD/DVD or you can simply mount the ISO file you no doubt downloaded from the Fedora website. If you want to mount the ISO file, you can use:-

This will mount your ISO image at the /mnt/iso mount point directory – although the iso sub-directory must exist first, obviously. If not, create it.

The packages you want will be under “Packages” on the CD/DVD or mount point, so copy them to the “/var/www/html/yum/base” sub-directory you created earlier. Assuming you’re using a mount point of “/mnt/iso”, you’d use:-

Next you need to create the base repository headers. For this, you’ll need a small utility called “createrepo”. It’s usually installed by default under Fedora, but if you’re using another Red Hat based distribution or it isn’t installed, install it with:-

After that, run:-

This may take some time, depending on your system hardware specifications, but eventually you should end up with a sub-directory from there called “repodata”. If you do an “ls” on that directory, you should see files that look something like the following:-

These are your repository header files. Okay, now you need to select an external mirror site for all the Fedora update packages. We’re going to use rsync (which I’ve covered before to sync backups across servers) to sync our local repository to an externally maintained Fedora repository. You can find a list of public mirror sites for your country and Fedora version hereMake sure the mirror site you choose supports rsync and not just HTTP or FTP else the following won’t work and you’ll have to use something like the “wget” command to copy over all the updated packages. Clearly “rsync” is better in this situation. For the sake of this post, I’m going to assume you’re in the United Kingdom and are using Fedora 15 on 64-bit systems. To sync your repository with the example one based on the above requirements, I’d use the command:-

This example is using rsync to sync our local yum update directory with a Fedora mirror site maintained by Bytemark in the UK for 64-bit Fedora systems. Now would be a good time to create a daily cron job to keep your local repository in sync with the external one, so enter your crontab with:-

and add the following line (or whatever you want, assuming you’re familiar with using cron jobs):-

Save this by typing “:wq” This will update your repository every night at midnight. I’ve also added the delete flag in order to save space so that source and destination match. Use “man rsync” if you want more information on this.

Lastly you’ll need to configure yum on your servers that you want to be updated via yum to point to your new yum update repository. While you can add this to “/etc/yum.conf”, it’s recommended that you add a separate .repo file under “/etc/yum.repos.d”. So create a new .repo file with:-

and add the following information:-

If you want to use environment variables to get the Fedora version and architecture, see here. Replace the “″ IP address with the IP address of your repository server. That’s it – add this file to each Fedora server you want to update locally and you’re good to go :-)

428 total views, no views today

Webmin for Ubuntu


If you are using the DEB version of webmin, first download the file and then run the command :

The install will be done automatically to /usr/share/webmin, the administration username set to root and the password to your current root password. You should now be able to login to Webmin at the URL http://localhost:10000/. Or if accessing it remotely, replace localhost with your system’s IP address.

If Debian complains about missing dependencies, you can install them with the command :

If you are installing on Ubuntu and the apt-get command reports that some of the packages cannot be found, edit /etc/apt/sources.list and make sure the lines ending with universe are not commented out.

Some Debian-based distributions (Ubuntu in particular) don’t allow logins by the root user by default. However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges.

If you want to connect from a remote server and your system has a firewall installed, see this page for instructions on how to open up port 10000.

Using the Webmin APT repository

If you like to install and update Webmin via APT, edit the /etc/apt/sources.list file on your system and add the line :

You should also fetch and install my GPG key with which the repository is signed, with the commands :

You will now be able to install with the commands :

All dependencies should be resolved automatically.

356 total views, no views today

Poor man’s VPN with SSH | Setting up an SSH tunnel with PuTTY


Article #1 From:
Article #2 From:

Poor man’s VPN with SSH

SSH has port forwarding, dynamic forwarding, and now also IP forwarding. This allows you to create connections out through a firewall, and allow other connections in and out through your SSH-connection, originating at your SSH server. Read on for a few examples of use, and make sure you have the blessing of your security team.

Local forwarding

With local forwarding, you open a local port, and forward it to another host and port from the remote server.

Often used with forwarding to single webservers, proxies, Citrix ICA servers, VNC servers, and Windows Remote Desktop (RDP).

Example with local forwarding

Connect to a server at work, forwarding a connection from port 10080 on my laptop to

I can then open my browser to http://localhost:10080, and do my stuff. Some web applications, though, can be tricky enough to expect a hostname, and for that you need to edit /etc/hosts or equivalent, or you can read on for dynamic forwarding.

Remote forwarding

With remote forwarding, you open a listening port on the remote side, and forward it to another host and port from the local server.

Example with remote forwarding

One useful scenario is to help family members who have PC trouble. For instance: Mom has a problem, calls me, and wonders if I can help, and then clicks an icon on her desktop that does the following thing:

  • Starts Remote Desktop or VNC
  • Connects to my SSH server, with remote forwarding from <vncport1> on the SSH server, to localhost:<vncport1> on her PC.

What I do, is:

  • Connect to my SSH server, with local forwarding from <vncport1> on my laptop, to <vncport1> on the SSH server, which again connects through the remote forwarding to localhost:<vncport1> on mom’s PC.
  • Start a VNC client, and connect to my localhost:5801 on my laptop. This port is now connected through my ssh session, to mom’s ssh session, to her PC.

Dynamic forwarding with SOCKS

OpenSSH’s client has the ability to do dynamic forwarding to act as a local SOCKS server, both for SOCS4 and SOCS5.

Many programs have built-in SOCKS support, so if you enable this, and configure it to use localhost:<socksport> as a SOCKS proxy.

For programs with no built-in SOCKS support, you can use “tsocks”, to intercept networking calls, and work through the SOCKS server.

Example with dynamic forwarding

Then I configure Firefox, for instance, to use the SOCKS server at localhost port 1080, and all my web connections will go through the SSH connection, and appear to be initiated from Much easier than with local forwarding, and works great for remote administration of things from home where you use different hostnames and ports, and perhaps also unroutable IP addresses.

IP forwarding with TUN

Now we’re talking. This is the real thing, we get IP forwarding through a point-to-point interface. This exists only in newer versions of OpenSSH, and is not very well documented yet. Unfortunately, this also includes this document until I have more time to research further.

Example with IP forwarding

Where ‘0’ is the local device tun0, and ‘1’ refers to the remote device tun1. On each side, one needs to set an IP address for host-to-host contact, and add routing and perhaps also NAT for network access.

Beware, as careless use of IP forwarding between sites may have a serious impact on network security, and may make others very angry if used without permission.

Setting up an SSH tunnel with PuTTY

What follow is how to set up as SSH tunnel using PuTTY with the MySQL port (3306) forwarded as an example. After completing this how-to you’ll have port 3306 on your local machine listening and forwarding to your remote server’s localhost on port 3306. Thus effectively you can connect to the remote server’s MySQL database as though it were running on your local box.


This how-to assumes your MySQL installation has enabled listening to a TCP/IP connection. Only listening on is required (and the default as of MySQL 4.1). Although beyond the scope of this how-to, you can verify the server’s listening by using

on the server. Look for


in your

. Also, a trouble-shooting guide.

To achieve the same with PostgreSQL simply use PostgreSQL’s default port, 5432.

to test;

and the manual as pointers for configuration.

Set up the tunnel

Create a session in PuTTY and then select the Tunnels tab in the SSH section. In the Source port text box enter 3306. This is the port PuTTY will listen on on your local machine. It can be any standard Windows-permitted port. In the Destination field immediately below Source port enter This means, from the server, forward the connection to IP port 3306. MySQL by default listens on port 3306 and we’re connecting directly back to the server itself, i.e. Another common scenario is to connect with PuTTY to an outward-facing firewall and then your Destination might be the private IP address of the database server.

Putty Tunnel

Add the tunnel

Click the Add button and the screen should look like this,

Putty Tunnel Added

Save the session

Unfortunately PuTTY does not provide a handy ubiquitous Save button on all tabs so you have to return to the Session tab and click Save,

Putty Session

Open the session

Click Open (or press Enter), login, and enjoy!

Here for reference is an example connection using MySQL Adminstrator going to localhost: note the Server Host address of which will be transparently forwarded.

Mysql Administrator Login

1,551 total views, no views today