Kali for Raspberry Pi
- Download Kali Linux for Raspberry Pi from https://www.offensive-security.com/kali-linux-arm-images/. If necessary review the documentation available.
- Verify the image against the supplied checksum, unzip and copy to an SD card.
-
shasum kali-2.1.2-rpi2.img.xz db36fcd53c630fd32f2f8943dddd9f57b3673c5a kali-2.1.2-rpi2.img.xz
Installing Kippo
Note, Kippo requires an older version of python twister. It fails to start if twister 16.x is installed. All worked fine with version 14.02.
sudo apt-get install python-mysqldb mysql-server apache2 # download kippo via github git clone https://github.com/desaster/kippo.git
Create a database called kippo, and database user called kippo. Then add some the necessary database tables.
mysql -u root -p // enter root user password create kippo; GRANT ALL ON kippo.* TO 'kippo'@'localhost' IDENTIFIED BY '**'; mysql -u kippo -p // enter database user password use kippo; source mysql.sql; show tables;
Copy the sample kippo.cfg file and uncomment and edit the lines relating to [database_mysql]. Then create a user to start kippo, and grant the user access to the folder.
# edit kippo.cfg as follows [database_mysql] host = localhost database = kippo username = kippo password = kippo_db_user_passwd # kippo cannot be run as root user useradd -d /home/kippo -s /bin/bash -m kippo -g sudo # grant kippo user privileges chown -R kippo /usr/local/src/kippo/
Owing to some issues, install python twisted manually.
sudo apt-get install python-dev python-pip cd /tmp wget https://github.com/twisted/archive/twisted-14.0.2.tar.gz cd twisted-twisted-14.0.2/ ./setup.py install su kippo cd /usr/local/kippo/ ./start.sh # to stop kippo, try to restart it, then kill the pid
The root password for the kippo honeypot is 123456, change this by editing the /kippo /data/userdb.txt file and restarting kippo.
Kippo defaults to listen for SSH connections on port 2222. Using iptables, direct all connections to port 22 to kippo which is listening on port 2222, then direct set the default port for SSH to a different port.
apt-get install iptables iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222 iptables-save > /etc/iptables.rules # set the default port for ssh to 65534 sed -i 's:Port 22:Port 65534:g' /etc/ssh/sshd_config # restart ssh /etc/init.d/ssh restart
Kippo-Graph
While I’ve followed the steps to install KippoGraph, it is currently throwing an exception originating in rb.php:761, so for now I’m just looking at the logs via script files.
Useful Links
- http://www.behindthefirewalls.com/2014/02/ssh-honeynet-kippo-kali-and-raspberry-pi.html
- https://itgeekchronicles.co.uk/2013/05/14/honeypot-kippo-pi/
- http://www.thedustycloud.com/installing-a-easy-honeypot/
- https://github.com/desaster/kippo/wiki/FAQ
- http://www.southbasecamp.com/blog/kali-linux-1-0-6-on-a-raspberry-pi/
- https://thelosingedgeblog.wordpress.com/2016/02/15/kippo-kali-pi/
- http://www.edgis-security.org/honeypot/kippo/
- https://blog.infosanity.co.uk/category/honeypot/kippo/
- https://www.digitalocean.com/community/tutorials/how-to-install-kippo-an-ssh-honeypot-on-an-ubuntu-cloud-server