What are You Working on Wednesday

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨shellsharks@infosec.pub⁩ to ⁨cybersecurity@infosec.pub⁩

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Comments

Sort:hotnew top

A medium interaction SSH honeypot backed by a basic LLM that believes it’s bash.

I’m impressed at the ability to retain limited state, and respond ‘reasonably enough’ that it’ll probably allow first stage automated attacks to be captured… but at the moment, it’s way too easy to peer behind the curtain.

It’s quite jarring when your bash terminal starts telling you a story about a happy dragon in response to some weird command.

source

RedPhoenix@aussie.zone ⁨1⁩ ⁨year⁩ ago

Yep… sigh

me@somewhere:~$ ssh -p 8022 root@localhost
The authenticity of host '[localhost]:8022 ([127.0.0.1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:W6aK3as7TwFMIuBVAEjPIyIjE9m+cvomkhDO2e5Oonw.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
root@localhost's password: 
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-31-generic x86_64)

* Documentation:  https://help.ubuntu.com
* Management:     https://landscape.canonical.com
* Support:        https://ubuntu.com/advantage

524 packages can be updated.
270 updates are security updates.


----------------------------------------------------------------
Ubuntu 16.04.1 LTS                          built 2016-12-10
----------------------------------------------------------------
last login: Sun Nov 19 19:40:44 2017 from 172.99.99.99
root@host:~$ whoami
root
root@host:~$ ls
README log.txt
root@host:~$ cat README
# NOTE: Do not reset this server, as it provides essential services.
root@host:~$ cat log.txt
Mar  3 15:37:01 root kernel: Boot time configuration written to /etc/default/grub
Mar  3 15:37:02 root kernel: Loading initial ram disk images...
Mar  3 15:37:03 root kernel: Linux version 4.9.0-6-amd64 (buildid@Debian) (gcc version 8.2.0 ( Ubuntu 8.2.0-14-ga )) #1 SMP Debian 4.9.141-1 (2017-03-09)
Mar  3 15:37:03 root kernel: Linux command line options: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Boot arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Kernel arguments: ro root=UUID=6f8e4a7c-35d5-4b2d-93a4-a4335a95f58c rw initramfs-version=4.9.0-6-amd64 rd.driver.video=i915
Mar  3 15:37:03 root kernel: Mounting system...
Mar  3 15:37:03 root kernel: Mounted system...
root@host:~$ echo "testing1234" > somefile.txt
root@host:~$ echo "testing 23456" >> somefile.txt
root@host:~$ cat somefile.txt
testing1234
testing 23456
root@host:~$ echo tell me a story about a dragon
Once upon a time, in a land far, far away, there lived a magnificent dragon named Scorch. Scorch was the most feared creature in all the land, with scales that shone like gold in the sunlight and eyes that glowed like embers. He roamed the countryside, breathing fire and destruction wherever he went, and no one dared to cross...

source

mwguy@infosec.pub ⁨1⁩ ⁨year⁩ ago
Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts

source
- -> View More Comments

ComradeKhoumrag@infosec.pub ⁨1⁩ ⁨year⁩ ago
Bravo

source
kabobglance@infosec.pub ⁨1⁩ ⁨year⁩ ago
This sounds fun

source

ComradeKhoumrag@infosec.pub ⁨1⁩ ⁨year⁩ ago
Fixing other people’s crap because that’s the punishment for writing functional code

source
alex_02@infosec.pub ⁨1⁩ ⁨year⁩ ago
World domination.

On a more serious note… been trying to test various different tools I’ve found or read about and writing necessary scripts/programs.

source
NonDollarCurrency@monero.town ⁨1⁩ ⁨year⁩ ago
At work, setting up windows server auditing in a way that doesn’t nuke the event viewer with millions of security entires. At home working on upgrading my proxmox.

source
0ddysseus@infosec.pub ⁨1⁩ ⁨year⁩ ago
Mostly working on getting over covid! In the meantime, I got MacOS running in a VM which was a bit of fun. Host system is Linux Mint 21 and the VM is running through KVM/Qemu. I’ve been wanting to play with it for a while but I’m way too poor to get the hardware. Not a bad system overall, the installer is a bit hinky but users aren’t supposed to see that anyway. Haven’t dug into it much yet but I will when I find some time. Interested to see how closely the experience matches some of the Mac-aligned Linux distros.

source
- shellsharks@infosec.pub ⁨1⁩ ⁨year⁩ ago
  Interesting, this is something I’ve yet to do. I’ve been seeing some interesting news about Asahi Linux for M1 macs im interested in trying out though.
  
  source