search

iotac-eu / honeypot

Honeypot component by TU-Berlin
0 stars 0 forks source link

running commands.txt -- questions #2

Open Asiertec opened 1 year ago

Asiertec commented 1 year ago

Hello Julian,

I'm working with Leo and I was trying to run the commands in the file but I have some questions:

  1. Before running the honeypot it says that we should setup the config.json metadata part. What IDs should I use? Also, should I use the longitude and latitude from here? Should I see something different from what Leo sent you?
  2. At the part of testing the honeypot from outside it says to execute a container named "honeypot_attacker" but we don't have that container nor it is explained in this file how to get it. Is it missing?

Maybe we can have a quick telco this week.

Thank you in advance

julieeen commented 1 year ago

Hi Leo!

  1. Just change the ID to something unique "connectedCar" something. Everything else can stay the same first of all.
  2. We usually used another docker (just spin up a second one) to run the attacks from the outside. Sorry for the confusion! All the best
Asiertec commented 1 year ago

Hi Julian! Than you for the response!

I was able to login via ssh and via telnet from the attacker and get logs from the honeypot. I have some more questions though.

  1. When running the synflood script nothing appears in neither of the containers. Should I be seeing something?
  2. When trying to run "$ sudo su - cowrie" from the root user in the honeypot container I get an error: "su: user cowrie does not exist or the user entry does not contain all the required fields". Should I be running this on the root user? And if not, which is the password to the honeypot user? I tried honeypot and root as password already.

Thank you in advance

Have a nice day

julieeen commented 1 year ago

Hi,

yeah I’m checking the synflood thing soon and let you hear back.

Oh the actual user is honeypot, hence you need to call “su honeypot” This is actually just advanced stuff that no pilot really needs. So you can skip it from my point of view.

All the best Julian

On 13. Apr 2023, at 08:34, Asiertec @.***> wrote:

Hi Julian! Than you for the response!

I was able to login via ssh and via telnet from the attacker and get logs from the honeypot. I have some more questions though.

When running the synflood script nothing appears in neither of the containers. Should I be seeing something? When trying to run "$ sudo su - cowrie" from the root user in the honeypot container I get an error: "su: user cowrie does not exist or the user entry does not contain all the required fields". Should I be running this on the root user? And if not, which is the password to the honeypot user? I tried honeypot and root as password already. Thank you in advance

Have a nice day

— Reply to this email directly, view it on GitHub https://github.com/iotac-eu/honeypot/issues/2#issuecomment-1506425746, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADZRKUHGC7JAXNQSBYV5MDXA6NBBANCNFSM6AAAAAAW2KT6QE. You are receiving this because you commented.