Your SSH honeypot fakes a Linux system and logs the threat actor's commands.
-
Ryan Castellucci :nonbinary_flag:replied to Bee O'Problem :godot: last edited by
@beeoproblem actually, I know how to do that
-
Ryan Castellucci :nonbinary_flag:replied to unexpectedteapot last edited by
@unexpectedteapot I'll post it eventually, but probably not the animation file (it's 50MB)
I basically mashed this together with russh:
ansi-player-rs/src/main.rs at main · ryancdotorg/ansi-player-rs
Contribute to ryancdotorg/ansi-player-rs development by creating an account on GitHub.
GitHub (github.com)
You can see the animation via
nc rya.nc 1987
-
Ryan Castellucci :nonbinary_flag:replied to Joacim Jacobsson last edited by
@jjacobsson I got it working last night, shitposted about it and went to bed.
Will post the code in the next couple of weeks.
I don't use container stuff, and it's Rust so you can just compile it to a single binary anyway.
-
Morten Linderudreplied to Dr David Mills last edited by
Love it. Totes doing that.
GitHub - Foxboron/ssh-the-planet: SSH The Planet
SSH The Planet. Contribute to Foxboron/ssh-the-planet development by creating an account on GitHub.
GitHub (github.com)
-
Joacim Jacobssonreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc _nice_
Having exactly 0 experience with running a honeypot so I did some googling and realized that is more complicated than I initially thought
But I need to see this.
-
Ryan Castellucci :nonbinary_flag:replied to Joacim Jacobsson last edited by
-
Ryan Castellucci :nonbinary_flag:replied to Morten Linderud last edited by
-
Joacim Jacobssonreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc That is _amazing_
-
Morten Linderudreplied to Ryan Castellucci :nonbinary_flag: last edited by
-
Legion495replied to Ryan Castellucci :nonbinary_flag: last edited by
@[email protected] I am afraid
-
Ryan Castellucci :nonbinary_flag:replied to a software last edited by
-
Ryan Castellucci :nonbinary_flag:replied to Morten Linderud last edited by
@Foxboron @Dtl @viq I'm extracting individual frames as low quality jpg (quality really doesn't matter here, lol) and then converting individual frames to ANSI.
Ryan Castellucci :nonbinary_flag: (@[email protected])
Attached: 2 images Did this last night.
Infosec Exchange (infosec.exchange)
-
Ryan Castellucci :nonbinary_flag:replied to Joacim Jacobsson last edited by
@jjacobsson It's pretty amazing how good it looks when you spam the terminal with unicode and 24 bit color escape sequences
-
Eloyreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc can it also override ~. ?
-
Morten Linderudreplied to Ryan Castellucci :nonbinary_flag: last edited by
-
datenwolfreplied to Ryan Castellucci :nonbinary_flag: last edited by
-
Mathias Panzenböckreplied to Ryan Castellucci :nonbinary_flag: last edited by
-
Ryan Castellucci :nonbinary_flag:replied to Mathias Panzenböck last edited by
@bloody_albatross @Foxboron @Dtl @viq the frame encoder (which I did not write, but plan to replace with my own to be written encoder) picks from one of 32 possible characters and two colors for each cell.
-
Ryan Castellucci :nonbinary_flag:replied to datenwolf last edited by [email protected]
@datenwolf @dalias @porkroll I suspect this would help infrequently enough to be not worth the trouble.
Using ZLIB via SSH helps quite a lot.
-
Mathias Panzenböckreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @Foxboron @Dtl @viq That's cool! 32? What characters do you use? I know characters that would yield 4 (1x2 pixels per character), 64 (2x3), and 256 (2x4) different values. Though not all of those Unicode characters are well supported everywhere. I went with 1x2 because it's easy and no color compromise. Though low resolution.