honssh icon indicating copy to clipboard operation
honssh copied to clipboard

Published 20 hours ago verified publisher icon tnich

No text on "attacker" side

Open giovannifanzaga opened this issue 3 years ago • 0 comments

Hi all,

I'm trying to setup ad advance networking configuration with 2 VM, one with 2 network adapter (192.168.1.152/24 "WAN" and 172.16.0.1 "LAN" for the Honssh) and one with one network adapter (172.16.0.5 for honeypot). Both SSh server seems work fine, the 2nd one with public & private auth keys configured. After setting honssh.cfg and starting ./honsshctrl.sh start, the deamon starts correctly and wait for connection. Trying connect it, some line a printed, but nothing else happens; the log stops at the line: [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS Meanwhile, in the client (Putty), nothing is shown, and I can only close the window, detected by honssh with "connection lost" message

Here's my conf and last lines of the log.

[honeypot] ssh_addr = 192.168.1.152 ssh_port = 2222 client_addr = 0.0.0.0 public_key = id_rsa.pub private_key = id_rsa public_key_dsa = id_dsa.pub private_key_dsa = id_dsa ssh_banner = blablablablablabla connection_timeout = 10 [honeypot-static] enabled = true pre-auth = true post-auth = true sensor_name = hon_sensor honey_ip = 172.16.0.5 honey_port = 22 [honeypot-script] enabled = false pre-auth = true post-auth = true pre-auth-script = post-auth-script = [honeypot-docker] enabled = false [hp-restrict] disable_publicKey = true disable_x11 = true disable_sftp = false disable_exec = false disable_port_forwarding = false [folders] log_path = logs session_path = sessions [advNet] enabled = true [interact] enabled = false

2021-07-02 17:39:38+0200 [-] reactor class: twisted.internet.epollreactor.EPollReactor. 2021-07-02 17:39:38+0200 [-] HonsshServerFactory starting on 2222 2021-07-02 17:39:38+0200 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0x7efffef15998> 2021-07-02 17:39:50+0200 [-] [PRE_AUTH] - Connecting to Honeypot: hon_sensor (172.16.0.5:22) 2021-07-02 17:39:50+0200 [-] [ADV-NET] - HonSSH Interface already exists, not re-adding 2021-07-02 17:39:50+0200 [-] [ADV-NET] - Fake IP Address already exists, not re-adding 2021-07-02 17:39:50+0200 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0x7efffea773f8> 2021-07-02 17:39:50+0200 [Uninitialized] [CLIENT] - New client connection 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] kex alg, key alg: diffie-hellman-group-exchange-sha256 ssh-rsa 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] outgoing: aes256-ctr hmac-sha2-512 none 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] incoming: aes256-ctr hmac-sha2-512 none 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] REVERSE 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] NEW KEYS 2021-07-02 17:39:50+0200 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured 2021-07-02 17:39:50+0200 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS

What can I try to do to make it working?

Thanks Ciao Giovanni

giovannifanzaga avatar Jul 02 '21 15:07 giovannifanzaga