cowrie icon indicating copy to clipboard operation
cowrie copied to clipboard
verified publisher icon cowrie

Connection timed out - proxy mode virtual machines pool

Open OrdnasselaOttogim opened this issue 2 years ago • 1 comments

I followed all the instruction reported in the documentation in order to run a pool of virtual machines for running Cowrie in proxy mode. The VMs apparently boot correctly (i lowered down the number from 5 to 2, i also increased the guest_memory in cowrie.cfg file, not sure if it matters):

This is the tail of var/log/cowrie/cowrie.log file:

2023-05-18T18:36:42.240321Z [-] Connection to QEMU established
2023-05-18T18:36:42.242112Z [-] Could not get domain list
2023-05-18T18:36:42.365736Z [backend_pool.pool_server.PoolServerFactory] Received connection from 127.0.0.1:52868
2023-05-18T18:36:42.366970Z [Uninitialized] Initialising pool with Cowrie settings...
2023-05-18T18:36:42.368829Z [PoolClient,client] VM pool fully initialised
2023-05-18T18:36:42.369214Z [PoolClient,client] CowrieSSHFactory starting on 2222
2023-05-18T18:36:42.369268Z [cowrie.ssh.factory.CowrieSSHFactory#info] Starting factory <cowrie.ssh.factory.CowrieSSHFactory object at 0xffff87392830>
2023-05-18T18:36:42.413557Z [PoolClient,client] Ready to accept SSH connections
2023-05-18T18:36:43.251498Z [-] Guest cowrie-ubuntu18.04_e83c2dbcb432495ab6cf07df5b4500fd has booted
2023-05-18T18:36:44.131614Z [-] Guest cowrie-ubuntu18.04_15e8bb4be0b041e3a845138720439ace has booted
2023-05-18T18:37:11.734121Z [-] Guest 0 ready for connections @ 192.168.150.64! (boot 28s)
2023-05-18T18:37:11.775970Z [-] Guest 1 ready for connections @ 192.168.150.157! (boot 27s)

But still if I try to SSH in to the indicated IP addresses, the terminal hangs and eventually displays the following error:

ssh: connect to host 192.168.150.139 port 22: Connection timed out

Do you have any advice for this problem? Thank you in advance.

P.S.: please we have a presentation on honeypots to do on 8th of June please answer :)🥇

OrdnasselaOttogim avatar May 18 '23 17:05 OrdnasselaOttogim

I'm not sure if have followed this section to forward requests. cowrie open 2222 port as a SSH honeycomb by default, and you connect to 22 port by default. 2222 != 22.

Here you can see cowrie open the 2222 port.

2023-05-18T18:36:42.369214Z [PoolClient,client] CowrieSSHFactory starting on 2222

In fact, the port number 2222 is the default configuration:

# file: ./etc/cowrie.cfg

# Endpoint to listen on for incoming SSH connections.
# See https://twistedmatrix.com/documents/current/core/howto/endpoints.html#servers
# (default: listen_endpoints = tcp:2222:interface=0.0.0.0)
# (use systemd: endpoint for systemd activation)
# listen_endpoints = systemd:domain=INET:index=0
# For both IPv4 and IPv6: listen_endpoints = tcp6:2222:interface=\:\:
# Listening on multiple endpoints is supported with a single space seperator
# e.g listen_endpoints = "tcp:2222:interface=0.0.0.0 tcp:1022:interface=0.0.0.0" will result listening both on ports 2222 and 1022
# use authbind for port numbers under 1024

listen_endpoints = tcp:2222:interface=0.0.0.0

To solve this problem, you could assign -p 2222 when connect SSH honeycomb:

ssh [email protected] -p 2222

yaner-here avatar Aug 26 '23 14:08 yaner-here