Shulou(Shulou.com)06/03 Report--

20161219 08PUR 51 MULTHUE 09MAXING 30

This blog post records the overall introduction of HoneyDrive_3_Royal_Jelly (1) system application and (2) the introduction of initial preparation or related specific functions, and (3) the basic use or basic theory of HoneyDrive_3.

Reference: HoneyDrive (an overall introduction to HoneyDrive's article, impartial)

Https://bruteforce.gr/honeydrive

A brief introduction to the application of the system as a whole

Reference: http://bruteforce.gr/honeydrive-3-royal-jelly-edition.html

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution.

20161219 11PUR 10MUTHUTHUL 12PUR 39

What you need to know (PLEASE READ):

1) HoneyDrive 3 has been created entirely from scratch. It is based on Xubuntu Desktop 12.04.4 LTS edition and it is distributed as a standalone OVA file that can be easily imported as a virtual machine using virtualization software such as VirtualBox and VMware.

2) All the honeypot programs from the previous version of HoneyDrive are included, while they have also been upgraded to their latest versions and converted almost entirely to cloned git repos for easier maintenance and updating. This latter fact on its own could be considered reason enough to release the new version.

3) Many new honeypot programs have been installed that really make HoneyDrive 3 "complete" in terms of honeypot technology, plus around 50 (!) New security related tools in the fields of malware analysis, forensics and network monitoring.

4) The main honeypot software packages and BruteForce Lab's projects reside in / honeydrive. The rest of the programs reside in / opt. The location of all software can be found inside the README.txt file on the desktop.

5) HoneyDrive 3 doesn't make itself as known to the outside world as the previous version. There are no descriptive messages and apart from Kippo-Graph and Honeyd-Viz every other piece of software is not accessible from the outside (unless if you configure them otherwise, or even lock down Kippo-Graph and Honeyd-Viz as well).

A note on versioning: previous versions of HoneyDrive started with a zero (0.1 and 0.2) which seemed confusing to some. I didn't like it either and in the end I decided to "renumber" those as versions 1 and 2, essentially making this new version HoneyDrive 3, .i.e the third official release.

Second, the initial preparation before the use of HoneyDrive or the introduction of related specific functions

Reference: HoneyDrive 3 VMware guide

Https://bruteforce.gr/honeydrive-3-vmware-guide.html

Here is a step by step guide for converting the HoneyDrive 3 OVA file to a VMware-compatible virtual machine. The procedure should be the same for all the other VMware products as well (Workstation, ESXi, etc). Instructions:

2.1 preliminary preparation procedures for the use of HoneyDrive_3 in VMware:

(1)。 Download OVF Tool (: Download OVF Tool 3.5.2 (needs a free account registration) from: https://my.vmware.com/web/vmware/details?downloadGroup=OVFTOOL352&productId=352

(2)。 Install and run OVF Tool, convert OVA format files to VMX format, (Convert HoneyDrive OVA to VMX)

(3)。 Import the VMX format file (Honey) into vmware by double-clicking the .vmx file (Import/open the new virtual machine by double clicking the .vmx file.).

(4)。 Uninstall VirtualBox Guest Additions (Inside the HoneyDrive virtual machine, open Terminator (on the desktop) and type the following to uninstall the VirtualBox Guest Additions) in the terminal interface in HoneyDrive virtual machine:

$sudo aptitude purge-P virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11

$sudo reboot

Note: the user password is required when uninstalling VirtualBox Guest Addition. The password information can be found in [System] in the file named "README" on the desktop.

(5)。 Install VMware Tools (this step is considered optional), Once HoneyDrive is running again, click on "Virtual Machine"-> "Install VMware Tools" from the menu. This will mount a virtual disk with VMware Tools. Open Terminator again and type:

$cp / media/VMware\ Tools/VMwareTools-.tar.gz ~ /

$tar zxvf VMwareTools-.tar.gz

$cd vmware-tools-distrib

$sudo. / vmware-install.pl-d

$sudo reboot

After performing the above operation and completing the installation, the terminal executing the command appears the following interface prompt:

After the VMware Tools is installed and the system is restarted, you can transfer data directly to the virtual host across the real host zh, that is, directly copy information or files from the real host to the virtual host (host or other hosts, for example, paste the information directly from the host host server2012 to the virtual host, and copy the information directly to the virtual host from the host win7 connected to the host host) See the following figure:

That's it, enjoy HoneyDrive in VMware!

2.2 in the process, about the use of OVF Tool in windows

For detailed information on ovf, refer to: https://www.vmware.com/support/developer/ovf/

In this practice, ovf tool is used in the dos terminal interface of windows. The usage is as follows:

(1) the shortcut key win+R opens the "run" interactive interface and enters "cmd" to enter the dos interface.

(2) enter D:\ software\ vm-convert-tool\ ovftool.exe-- lax-st=ova D:\ tmp\ HoneyDrive_3_Royal_Jelly.ova D:\ tmp2\ HoneyDrive_3_Royal_Jelly.vmx on the command line, and enter the format conversion mode. As shown below:

Note: (0) try the dos command line because there is neither a shortcut icon nor an exe file that can be used to effectively start the tool after ovftool is installed in the graphical interface. (1) the meaning of the options and parameters in the command can be understood by executing the command D:\ software\ vm-convert-tool\ ovftool.exe-- help. (2) in the command, D:\ software\ vm-convert-tool\ is the installation path of ovftool, D:\ tmp is the path where HoneyDrive_3_Royal_Jelly.ova is stored, and D:\ tmp2 is the newly created empty path for storing files in vmx format. (3) the reason why the above command line uses the absolute path is that the application does not join the global environment configuration of windows, or does not join successfully. For more information on the configuration of global environment variables in win7, please see the following link (the configuration is not successful in this practice):

OVFTool 4.1vmdk format is converted to OVF format

Http://blog.csdn.net/hanzheng260561728/article/details/51345481

Adding the OVF Tool to your Path Environment Variable

The following instructions are for Windows 7, but the steps are similar on other Windows systems:

Right-click My Computer.

Select Properties.

Select Advanced system settings.

Select Environment Variables.

Highlight (select) the Path variable from the System variable (lower) pane.

Click the Edit button and then type the path to the folder where you installed the OVF Tool (at the end of the existing path).

2.3 the operation of importing VMX format files into vmware in the process

Import HoneyDrive's system name HoneyDrive_3_Royal into the list of virtual machines in vmware by double-clicking the ".vmx" file of HoneyDrive_3_Royal, and then select the system name in the list of virtual machines in vmware. The operating system can be opened by the green button "turn on this client operating system" under the stand-alone menu bar. That is to say, the HoneyDrive_3 application suite is pre-installed in the ubuntu operating system, and the HoneyDrive_3_Royal_Jelly.ova file is a ready-made assembled virtual machine file (rather than the need to install the ubuntu system and then manually install the suite into ubuntu), which can be used directly, just for use in Vmware, so convert its format to vmx.

20161219 16Rose 17MUR 17PUR 51

Third, the basic use or basic theory of HoneyDrive_3

Reference: Getting started with honeyd

Https://bruteforce.gr/getting-started-honeyd.html

3.1 basic configuration and common management commands of the ubuntu operating system

Reference: Ubuntu12.04 system initialization

Blog.csdn.net/yangfanabc1993/article/details/23677285

Several things to do after installing ubuntu 12.04

Http://blog.163.com/likaifeng@126/blog/static/320973102012620550682/

(0.1) update source data, update all software and security patches.

Sudo apt-get update or use the Update Manager to update the software.

Install ssh server, sudo apt-get install openssh-server

(1) View ssh server processes, ps-ef | grep sshd; sudo service ssh status

(2) start and terminate the sshd process, sudo service ssh start

20161219 20PUR 16MUTHUTHULAR 22PUBG 56

(3) configuration file of network card, configuration of hostname, hosts binding configuration of local hostname & IP (domain name resolution)

Reference: Ubuntu makes network configuration by modifying configuration file

Http://blog.chinaunix.net/uid-22117508-id-157758.html

Configure the Nic, sudo vim / etc/network/interfaces, as follows:

# = defualt settings=

# auto lo # this section is the default configuration information contained in the Nic file

# iface lo inet loopback

# = dhcp pattern====

# auto eth0 # this section is added manually to automatically obtain the eth0 of IP mode

# iface eth0 inet dhcp

# = static ip =

Auto eth0 # this section is manually added, static IP mode eth0, uncommented, effective

Iface eth0 inet static

Address 192.168.0.16

Netmask 255.255.255.0

Gateway 192.168.0.1

# pre-up ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx (modify MAC)

Restart the network card eth0,ifdown eth0;ifup eth0

Restart the network service, sudo / etc/init.d/networking restart

Add a domain name resolution server, sudo / etc/resolv.conf

Configuration of hostname, sudo vim / etc/hostname

Local domain name resolution binding configuration, sudo vim / etc/hosts

(4) opening and closing of firewall process and configuration

Reference:

IptablesHowTo

Https://help.ubuntu.com/community/IptablesHowTo

The usage of iptables under ubuntu

Http://blog.sina.com.cn/s/blog_537517170102vkpy.html

Ubuntu Server 12.04 configure Firewall iptables

Http://blog.csdn.net/supercrsky/article/details/17553289

Iptables:

Ufw:sudo ufw enable;sudo ufw disable;sudo ufw status

Description: When you install Ubuntu, iptables is there, but it allows all traffic by default. Ubuntu 8.04 Comes with ufw-a program for managing the iptables firewall easily.-- so in view of the fact that the theory of iptables configuration strategy is intertwined and does not affect the current practice, we will shelve this part of the theoretical basis for long-term consideration.

(5) modify the source of "Download from" corresponding to the Yum source in centos

Here, it is often seen in the graphical interface.

(6) View the operating system information

Check the number of bits of the operating system, getconf LONG_BIT

Check the version of the current Ubuntu system. Various data of the current system running are recorded in the cat / proc/version # proc directory. The version information recorded by version can be viewed directly through cat, and you can also see the gcc version, but this is not an ordinary release version. Uname-a # displays its own kernel version lsb_release-a # shows the version description and the regular release number cat / etc/issue # shows only the release number

View CPU information, cat / proc/cpuinfo

(7) the use of ubuntu software package management tools

Reference: Ubuntu Equivalent of Yum's WhatProvides

Http://stackoverflow.com/questions/4471327/ubuntu-equivalent-of-yums-whatprovides

SwitchingToUbuntu/FromLinux/RedHatEnterpriseLinuxAndFedora

Https://help.ubuntu.com/community/SwitchingToUbuntu/FromLinux/%20RedHatEnterpriseLinuxAndFedora

On some uses of apt under Ubuntu and its comparison with yum

Http://blog.sina.com.cn/s/blog_49b1f7210102vepr.html

Apt-file search ssh and yum whatprovides * / ssh

Note: the yum reverse query command or the command of the software package to which the file belongs has actually changed from the parameter "whatprovides" to "provides", which can be verified by "yum-- help", but the former can still be used. Accordingly, apt-file is used in the linux operating system of the ubuntu/debian series to implement the equivalent reverse query.

The use of apt-file search ssh: first, if apt-file does not exist, use apt-get install apt-file to install; then, the newly installed apt-file needs to execute apt-file update; before you can use apt-file search | find ssh

Note: the use of apt-file search XYZ is different from the equivalent yum provides XYZ format, the former does not need to use "* /"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.