WEB Interface (64297) is not working

[r00t34]

⚠️ Basic support information (commands are expected to run as root)

Hi All,

I installed Pot successfully without any error. I can access with SSH, i can access Admin panel but i can't access WEB Interface. I am getting below error.

192.168.1.24 normally uses encryption to protect your information. When Chrome tried to connect to 192.168.1.24 this time, the website returned unusual and incorrect credentials. An attacker may be trying to pretend to be 192.168.1.24 or a wireless login screen has disconnected. Your information is still safe because Chrome stops the connection before any data is exchanged.

You cannot visit the website at this time because the website 192.168.1.24 sends mixed credentials that Chrome cannot process. This page will probably work later, as network errors and attacks are usually temporary.

• What version of the OS are you currently using lsb_release -a and uname -a? [root@initialcowbell:~]# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 11 (bullseye) Release: 11 Codename: bullseye
• What T-Pot version are you currently using? 22.04.0
• What edition (Standard, Nextgen, etc.) of T-Pot are you running? Standard
• What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM
• Did you have any problems during the install? If yes, please attach /install.log /install.err. No
• How long has your installation been running?
• Did you install upgrades, packages or use the update script? I have the latest version
• Did you modify any scripts or configs? If yes, please attach the changes. Yes i configured /etc/network/interfaces because i had "Raise Network Interfaces" error.
• Please provide a screenshot of glances and htop.
• How much free disk space is available (df -h)? [root@initialcowbell:~]# df -h Filesystem Size Used Avail Use% Mounted on udev 3.9G 0 3.9G 0% /dev tmpfs 796M 3.7M 793M 1% /run /dev/sda2 118G 8.9G 104G 8% / tmpfs 3.9G 0 3.9G 0% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock
• What is the current container status (dps.sh)? `[root@initialcowbell:~]# dps.sh [ ========| System |======== ] DATE: Sat 20 Aug 2022 09:22:12 AM UTC UPTIME: 09:22:12 up 17 min, 1 user, load average: 2.45, 4.09, 4.33 T-POT: ACTIVE
  BLACKHOLE: DISABLED

NAME STATUS PORTS adbhoney Up 12 minutes (healthy) 0.0.0.0:5555->5555/tcp ciscoasa Up 12 minutes 0.0.0.0:5000->5000/udp, 0.0.0.0:8443->8443/tcp citrixhoneypot Up 12 minutes 0.0.0.0:443->443/tcp conpot_guardian_ast Up 12 minutes (healthy) 0.0.0.0:10001->10001/tcp conpot_iec104 Up 12 minutes (healthy) 0.0.0.0:161->161/udp, 0.0.0.0:2404->2404/tcp conpot_ipmi Up 12 minutes (healthy) 0.0.0.0:623->623/udp conpot_kamstrup_382 Up 12 minutes (healthy) 0.0.0.0:1025->1025/tcp, 0.0.0.0:50100->50100/tcp cowrie Up 12 minutes 0.0.0.0:22-23->22-23/tcp ddospot Up 12 minutes 0.0.0.0:19->19/udp, 0.0.0.0:53->53/udp, 0.0.0.0:123->123/udp, 0.0.0.0:1900->1900/udp dicompot Up 12 minutes 0.0.0.0:11112->11112/tcp dionaea Up 12 minutes (healthy) 0.0.0.0:20-21->20-21/tcp, 0.0.0.0:42->42/tcp, 0.0.0.0:81->81/tcp, 0.0.0.0:135->135/tcp, 0.0.0.0:445->445/tcp, 0.0.0.0:1433->1433/tcp, 0.0.0.0:1723->1723/tcp, 0.0.0.0:1883->1883/tcp, 0.0.0.0:3306->3306/tcp, 0.0.0.0:27017->27017/tcp, 0.0.0.0:69->69/udp elasticpot Up 12 minutes 0.0.0.0:9200->9200/tcp elasticsearch Up 12 minutes (healthy) 127.0.0.1:64298->9200/tcp ewsposter Up 12 minutes
fatt Up 10 seconds
heralding Up 12 minutes 0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:993->993/tcp, 0.0.0.0:995->995/tcp, 0.0.0.0:1080->1080/tcp, 0.0.0.0:5432->5432/tcp, 0.0.0.0:5900->5900/tcp honeytrap Up 12 minutes
ipphoney Up 12 minutes 0.0.0.0:631->631/tcp kibana Up 10 minutes (healthy) 127.0.0.1:64296->5601/tcp logstash Up 10 minutes (healthy)
mailoney Up 12 minutes 0.0.0.0:25->25/tcp map_data Up 10 minutes
map_redis Up 12 minutes
map_web Up 12 minutes 127.0.0.1:64299->64299/tcp medpot Up 12 minutes 0.0.0.0:2575->2575/tcp nginx Up 12 minutes
p0f Up 12 minutes
redishoneypot Up 12 minutes 0.0.0.0:6379->6379/tcp sentrypeer Up 12 minutes 0.0.0.0:5060->5060/udp snare Up 11 minutes 0.0.0.0:80->80/tcp spiderfoot Up 12 minutes (healthy) 127.0.0.1:64303->8080/tcp suricata Up 12 minutes
tanner Up 11 minutes
tanner_api Up 12 minutes
tanner_phpox Up 12 minutes
tanner_redis Up 12 minutes
`

• What is the status of the T-Pot service (systemctl status tpot)? [root@initialcowbell:~]# systemctl status tpot ● tpot.service - tpot Loaded: loaded (/etc/systemd/system/tpot.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-08-20 09:09:46 UTC; 19min ago Process: 7742 ExecStartPre=/opt/tpot/bin/updateip.sh (code=exited, status=0/SUCCESS) Process: 7781 ExecStartPre=/bin/bash -c /opt/tpot/bin/clean.sh on (code=exited, status=0/SU> Process: 7869 ExecStartPre=/opt/tpot/bin/tpdclean.sh -y (code=exited, status=0/SUCCESS) Process: 9660 ExecStartPre=/bin/bash -c /sbin/ethtool --offload $(/sbin/ip address | grep "> Process: 9666 ExecStartPre=/bin/bash -c /sbin/ethtool -K $(/sbin/ip address | grep "^2: " |> Process: 9672 ExecStartPre=/bin/bash -c /sbin/ip link set $(/sbin/ip address | grep "^2: " > Process: 9678 ExecStartPre=/opt/tpot/bin/rules.sh /opt/tpot/etc/tpot.yml set (code=exited, > Process: 9753 ExecStartPost=/bin/bash -c /usr/bin/sleep 30 && /usr/sbin/conntrack -D -p udp> Main PID: 9752 (docker-compose) Tasks: 39 (limit: 9508) Memory: 38.0M CPU: 19.266s CGroup: /system.slice/tpot.service └─9752 /usr/bin/python3 /usr/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no->

Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | -> Mission Fi> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Starting Adbh> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | -> Mission Fi> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Starting Ipph> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Starting Dico> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | -> Mission Fi> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Starting Medp> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Starting Citr> Aug 20 09:28:42 initialcowbell docker-compose[9752]: ewsposter | => Sleeping for > Aug 20 09:29:10 initialcowbell docker-compose[9752]: dionaea | [20082022 09:29:1

• What ports are being occupied? Stop T-Pot systemctl stop tpot and run netstat -tulpen [root@initialcowbell:~]# systemctl stop tpot [root@initialcowbell:~]# netstat -tulpen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
  tcp 0 0 127.0.0.1:36959 0.0.0.0: LISTEN 0 12336 575/containerd
  tcp 0 0 0.0.0.0:64295 0.0.0.0: LISTEN 0 12256 585/sshd: /usr/sbin tcp6 0 0 :::64294 ::: LISTEN 0 11332 1/init
  tcp6 0 0 :::64295 ::: LISTEN 0 12267 585/sshd: /usr/sbin udp 0 0 0.0.0.0:68 0.0.0.0:* 0 12064 494/dhclient
• If a single container shows as DOWN you can run docker logs <container-name> for the latest log entries

[r00t34]

I could access with Safari. Chrome and Firefox is not working. Any ideas?

[t3chn0m4g3]

T-Pot is running with unsigned certificates. Unless you trust that certificate within Chrome you receive the mentioned errors. You can bypass this as explained here by typing "thisisunsafe" once the error page appears.

[r00t34]

I can't follow that tutorial because i am using Mac and there is no Copy File button on Mac Chrome. And i can't drag and drop certificate. Could you please help me?