Kippo on Kali on Raspberry Pi

Kali for Raspberry Pi

• Download Kali Linux for Raspberry Pi from https://www.offensive-security.com/kali-linux-arm-images/. If necessary review the documentation available.
• Verify the image against the supplied checksum, unzip and copy to an SD card.

• shasum kali-2.1.2-rpi2.img.xz
  db36fcd53c630fd32f2f8943dddd9f57b3673c5a  kali-2.1.2-rpi2.img.xz

Installing Kippo

Note, Kippo requires an older version of python twister.  It fails to start if twister 16.x is installed.  All worked fine with version 14.02.

sudo apt-get install python-mysqldb mysql-server apache2
# download kippo via github 
git clone https://github.com/desaster/kippo.git

Create a database called kippo, and database user called kippo.  Then add some the necessary database tables.

mysql -u root -p  // enter root user password
create kippo;
GRANT ALL ON kippo.* TO 'kippo'@'localhost' IDENTIFIED BY '**';
mysql -u kippo -p // enter database user password
use kippo;
source mysql.sql;
show tables;

Copy the sample kippo.cfg file and uncomment and edit the lines relating to [database_mysql].  Then create a user to start kippo, and grant the user access to the folder.

# edit kippo.cfg as follows
[database_mysql]
host = localhost
database = kippo
username = kippo
password = kippo_db_user_passwd

# kippo cannot be run as root user
useradd -d /home/kippo -s /bin/bash -m kippo -g sudo
# grant kippo user privileges
chown -R kippo /usr/local/src/kippo/

Owing to some issues, install python twisted manually.

sudo apt-get install python-dev python-pip
cd /tmp
wget https://github.com/twisted/archive/twisted-14.0.2.tar.gz
cd twisted-twisted-14.0.2/
./setup.py install
su kippo cd /usr/local/kippo/
./start.sh
# to stop kippo, try to restart it, then kill the pid

The root password for the kippo honeypot is 123456, change this by editing the /kippo /data/userdb.txt file and restarting kippo.

Kippo defaults to listen for SSH connections on port 2222.  Using iptables, direct all connections to port 22 to kippo which is listening on port 2222, then direct set the default port for SSH to a different port.

apt-get install iptables
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
iptables-save > /etc/iptables.rules
# set the default port for ssh to 65534
sed -i 's:Port 22:Port 65534:g' /etc/ssh/sshd_config
# restart ssh
/etc/init.d/ssh restart

Kippo-Graph

While I’ve followed the steps to install KippoGraph, it is currently throwing an exception originating in rb.php:761, so for now I’m just looking at the logs via script files.

Useful Links

• http://www.behindthefirewalls.com/2014/02/ssh-honeynet-kippo-kali-and-raspberry-pi.html
• https://itgeekchronicles.co.uk/2013/05/14/honeypot-kippo-pi/
• http://www.thedustycloud.com/installing-a-easy-honeypot/
• https://github.com/desaster/kippo/wiki/FAQ
• http://www.southbasecamp.com/blog/kali-linux-1-0-6-on-a-raspberry-pi/
• https://thelosingedgeblog.wordpress.com/2016/02/15/kippo-kali-pi/
• http://www.edgis-security.org/honeypot/kippo/
• https://blog.infosanity.co.uk/category/honeypot/kippo/ 
• https://www.digitalocean.com/community/tutorials/how-to-install-kippo-an-ssh-honeypot-on-an-ubuntu-cloud-server