HoneyPot

Inspiration

Wanted to build something cyber related that basic and understand the concepts of it

What it does

Basically what it does is takes the simulated attack from our own script then cowrie takes those logs sends them to our honeypot dashboard to visualize the attacks so we can see what those messy logs that cowrie provides into something that visually appealing

How we built it

Built it from Virtual box then did some port forwarding since im not a fan of doing stuff in virtual box plus powershell was easier to manage and more freedom like copy/paste. From there i went on to install some dependencies like Cowrie as well as clone Cowrie then configure Cowrie like changing hostname to my ubuntu server and the listen_endpoints to listen to all network interfaces. After had AI assistance to create a python script to manual attacks so we can see them on a dashboard. With the dashboard i had AI help me as well to create a quick flask server plus the html interface to visualize the manual attacks from the script.

Challenges we ran into

I ran into so many issues I documented every issue on a google doc. One was having to install a venv package, the other issue was cowrie plug in wasnt registered with twistd so i had to install the cowrie properly as a python package. The other issue occurred where i got cowrie running with twistd but when i tried to test to see if it was capturing the logs it kept on denying the passwords so heres the big headache i went to cowrie config looked for the auth_class and added a code to allow all types of passwords and users and that didnt work so what i did next was to make sure accept_all is being read and it wasnt that so two other commands that lead me to the issue, the userdb.example shows that the passwords with ! which meant it denies all those passwords and there was no actual userdb.txt so i ran another command and added some passwords to make it work and making :x: so it can allow all passwords, but that didn't work so what i did was see the VB port forwarding added one port for the honeypot then another to manage the honeypot and guess what that was the issue it was all cause a port issue since it wasnt listening to the same port so i went with dual port forwarding approach one for the HP and the VM. Now after this i ran into a small issue since i changed ports it was like hey i dont recognize you set off the nuke alarm, and form there i just had to run a command to remove the old key from the known hostfile. The other issue was that python3-pip did install on the honeypot dashboard so i did the same thing i did with Cowrie which was creating a virtual environment that had all the necessary python libs to run correctly which was "python3-venv and python3-full". then created another port for the dashboard and everything worked but the dashboard just showed 0's so i thought it was a path issue so i went to see if the file of the log existed and the dashboard could read it, and from there i found out that JSON data existed so the issue couldve been the permission to everyone which isnt smart if i was doing a live honeypot but that didnt work and i was like maybe cause its not reading the log file and the API returns perfectly but the website was still 0's so my next step was setting jak user to read the cowrie log files so i grant permission with some commands and when i went to go run the attacks to see the input and the data i ran into a huge error but it turns out it was simple with the code had a issue where python tried to add an int and a string which wasnt allowed so i replaced it to something that was safer and BOOM everything was up and running