Hontel - Telnet Honeypot
HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service within the chroot environment. Originally it has been designed to live on operate within the Ubuntu environment, though it could live on easily adapted to operate within whatever Linux environment.
Documentation:
Setting the surroundings together with running the application requires intermmediate Linux management knowledge. The whole deployment procedure tin live on flora "step-by-step" within the deploy.txt file. Configuration settings tin live on flora together with modified within the hontel.py itself. For example, authentication credentials tin live on changed from default
root:123456
to merely about arbitrary values (options AUTH_USERNAME
together with AUTH_PASSWORD
), custom Welcome message tin live on changed from default (option WELCOME
), custom hostname (option FAKE_HOSTNAME
), architecture (option FAKE_ARCHITECTURE
), place of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH
), place of downloaded binary files dropped past times connected users (option SAMPLES_DIR
), etc. Note: Some botnets tend to delete the files from compromised hosts (e.g.
/bin/bash
) inwards club to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot surroundings has to live on reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/
) should live on recovered from the previously stored backup (recommended).