Miguel A Paraz wrote:
I think the honeypots out there are meant to fool programs, not humans.
Honeypots are there to simulate a running machine. It can fool anyone, not just network exploitation tools (eg: core impact). I ran into this sometime ago. It was an easy way in via an old smtp hole. But the thing that made me think it's a honeypot is when I reviewed the scans I did before the attack. All ports were open. Weird at first but someone suggested a honeypot. Some say it's a firewall. Sad to say I reviewed it *after* the attack. Buti na lng foreign machine. Oh well. I'm getting old for this stuff... I hope.
I only have an hour! And one PC! :)
Then what would you hack with and hack into with one PC? A local account getting root? Privilege escalation is hardly dramatic. Try airsnort. One pc acting as a wireless server (ala starbux), then a laptop running phlak.org live cd. You said opensource right? Forget about win32 exploits. You'd look like a script-kiddie running bo2k... which is to say, lame.
It's nice to have an "attack-laptop" on hand with any live cd installed with all the juicy tools you can get on the net. As I've said above, phlak.org is good. It's based on the Knoppix core. This are it's contents (from a bugtraq post):
Debian Packages: aide, airsnort, amap, argus-client, argus-server, arpd, arping, arpwatch, autopsy, bfbtester, biew, bing, cabextract, cflow, cheops, chkrootkit, chntpw, cracklib2, cryptcat, darkstat, dlint, dnswalk, driftnet, dsniff, echoping, etherape, ethereal, ethereal-commo, ethereal-dev, ettercap-commo, ettercap-gtk, farpd, fenris, flawfinder, fping, fragroute, fragrouter, freeswan, ftp-ssl, gdb, gnupg, gtkrecover, hammerhead, hping2, httptunnel, httpush, hunt, icmpinfo, icmpush, idswakeup, ipchains, iproute, iptraf, iputils-ping, irpas, isic, john, kismet, l2tpd, lde, libcrypt-blowf, libcrypt-cbc-p, libcrypt-ciphe, libcrypt-crack, libcrypt-gpg-p, libcrypt-hcesh, libcrypt-passw, libcrypt-rijnd, libcrypt-smbha, libcrypt-sslea, libcrypt-unixc, libcrypto++-de, libcrypto++-ut, libcrypto++5, lsof, ltrace, macchanger, mtr, nasm, nast, nbtscan, nemesis, nessus, nessus-plugins, nessusd, netsed, ngrep, nikto, nmap, nmapfe, nstreams, ntop, openssl, p0f, packit, paketto, partimage, pnscan, pptpd, rarpd, recover, scanssh, scli, secpanel, sendip, sing, sleuthkit, smb-nat, socat, spikeprox, splint, ssh, ssh-askpass-gn, ssldump, strace, stunnel, stunnel4, sudo, tcpdump, tcpflow, tcpreplay, tcpslice, tcptrace, tethereal, transproxy, tsocks, valgrind, wipe
Hand-compiled Packages 01-sdi-brutus-eng.pl, ADM-SAMBA-CLIENT, ADMsnmp, SPIKE, WAP_Assessment, babelweb, cmospwd, dcetest, dcfldd, dd_rescue, ddb-sfe, di, domainobsencontroll, fatback, ffp, grenzgaenger, hackbot, hellkit, hjksuite, hydra, ipsorc, isnprober, itunnel, lcrzeox, lj, login_hacker, mac-robber, manipulate_data, md5deep, memfetch, netcat(compiled statically with Big-Gaping Security Hole), numby, obiwan, objobf, ol2mbox, onesixtyone, pandora-linux, photorec, pwl9x, rda, redir, reverb, revinetd, samba-tng, sara, screamingCobra, secure_delete, sharefuzz, shiva, slogdump, snapscreenshot, tarballz, tct, thcrut, tnef, vmap, walker, wardrive, whisker, zylyx
Windows Packages (using wine) achillies, AINTX, brutus, THC-CUPASS, ispy, nbtdump, photorec, md5deep, pdd
Hope that helps.
--
__________________________________
____ _ ___ ____ _____ ____ _____
/__ \/ \ \/ \ /__ \ \
___/ / /___/ / / /__/ ___/ / /__/
/ __/ \ / / / / / __/__ \
/___/ /__/___/____/______/ /___/ \_____ /
"Lensmen eat Jedi for breakfast."
___________________________----- ... Forest fires cause Smokey Bears.
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
