artillery icon indicating copy to clipboard operation
artillery copied to clipboard

Published 20 hours ago verified publisher icon trustedsec

artillery honeypot spawning

Open johnjohnsp1 opened this issue 6 years ago • 0 comments

problem is about the honeypot that won't spawn over the selected ports:

example, within this configuration:

PORTS TO SPAWN HONEYPOT FOR

TCPPORTS="3389,88,389,445,135,137,1433,8080,21,5060,5061,5900,25,110,1723,1337,10000,5800,44443,16993" UDPPORTS="123,5060,5061,3478"

none of those ports are active:

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 566 root 3u IPv4 21609 0t0 TCP *:22 (LISTEN) postgres 595 postgres 3u IPv6 19874 0t0 TCP [::1]:5432 (LISTEN) postgres 595 postgres 6u IPv4 19875 0t0 TCP 127.0.0.1:5432 (LISTEN) postgres 595 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 netdata 611 netdata 3u IPv4 19027 0t0 TCP *:19999 (LISTEN) netdata 611 netdata 4u IPv6 19028 0t0 TCP *:19999 (LISTEN) netdata 611 netdata 7u IPv6 20144 0t0 UDP [::1]:8125 netdata 611 netdata 8u IPv4 20145 0t0 UDP 127.0.0.1:8125 netdata 611 netdata 9u IPv6 20149 0t0 TCP [::1]:8125 (LISTEN) netdata 611 netdata 10u IPv4 20150 0t0 TCP 127.0.0.1:8125 (LISTEN) postgres 657 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 postgres 658 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 postgres 659 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 postgres 660 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 postgres 661 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 postgres 662 postgres 10u IPv6 19994 0t0 UDP [::1]:60526->[::1]:60526 dns2tcpd 1394 nobody 3u IPv4 24091 0t0 UDP *:53

the service is active:

● artillery.service - LSB: Artillery - Advanced threat intelligence Loaded: loaded (/etc/init.d/artillery; generated) Active: active (exited) since Tue 2018-08-28 15:12:49 CEST; 16min ago Docs: man:systemd-sysv-generator(8) Process: 482 ExecStart=/etc/init.d/artillery start (code=exited, status=0/SUCCESS)

ago 28 15:12:49 KALI20183 systemd[1]: Starting LSB: Artillery - Advanced threat intelligence... ago 28 15:12:49 KALI20183 artillery[482]: Starting Artillery... Ok ago 28 15:12:49 KALI20183 systemd[1]: Started LSB: Artillery - Advanced threat intelligence.

running it on a VM (VMware fusion 10.1.3) as the latest kali image 2018.3:

Linux KALI20183 4.17.0-kali3-amd64 #1 SMP Debian 4.17.17-1kali1 (2018-08-21) x86_64 GNU/Linux root@KALI20183:/etc# cat os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2018.3" VERSION_ID="2018.3" ID_LIKE=debian ANSI_COLOR="1;31" HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/"

the only way to make it work properly is to uninstall and reinstalling it every time. won't survive a reboot or anything else.

any ideas ? anyone else got the same issue ?

thanks in advance

johnjohnsp1 avatar Aug 28 '18 13:08 johnjohnsp1