HoneyCreds icon indicating copy to clipboard operation
HoneyCreds copied to clipboard

Published 20 hours ago verified publisher icon Ben0xA

Honeycreds not sending expected traffic

Open glwallum opened this issue 3 years ago • 2 comments

Environment: Centos 7 Minimal Python 3.9.6 smbprotocol 1.5.1 cffi 1.14.5 splunk-sdk 1.6.16 requests 2.25.1

Setup Honeycreds and attempted to test with Responder, did not see any traffic in responder.

Ran TCPdump on host while Honeycreds was running, discovered only DNS traffic being sent. Sample DNS traffic below.

IP xx.xxx.xxx.xxx.37311 > 1xxx.xxx.xxx.xxx53: 2376+ A? sqldev01.emc.com.local

glwallum avatar Jul 07 '21 22:07 glwallum

Found issue.

  • LLMNR is disabled on certain Linux variants, and possibly not supported in others
  • Specifying an FQDN in the .conf file might throw errors or not correctly trigger LLMNR queries

In my environment, had to enable LLMNR and restart service

  • /etc/systemd/resolved.conf
  • sudo systemctl start systemd-resolved.service

And clear the FQDN entry in honeycreds.conf

  • def_fqdn =

glwallum avatar Jul 22 '21 22:07 glwallum

Product does not work at all for me. Even with your change.

garilla2 avatar Oct 28 '21 03:10 garilla2