Ah, Mr. Ubuntu didnt like all the modules being injected into it, so I took a reboot of the honeypot, gave it a fresh injection of the sebek module successfully and viola sebek process trees started appearing above the magnifying glass in walleye flows :) sweeeeeet !!! Testing with SSH, all keystrokes are being logged correctly followed by modules & files read and written to in the process. However, I donot see the user/password typed in. the SSH flows are encrypted and all is readeable plaintext till the nodes decide to exchange diffie-hellman+sha ciphers to encrypt the stream after that its all jibberish. Is there any way to dig the u/p of the session out with sebek, & which is less painful than recompiling openssh to log all u/p combinations to some hidden file?
Thanks, fahim
_______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
