Hello my hacker friends! I have been exploring the world of honey pots for the past 2 weeks and noticed there is not a lot of good documentation on installing the new Dionaea and what to do with it after on the Internet, so I figured would add some commentary here so I can share the fun/hacker love.First things first, there is a great article on Nullbyte's about deploying Dionaea on a VPS, but does not go into much detail on what to do next. Well, I will show you some things you need to be successful here and now! (My struggles are your success) We need a VPS provider, I usually use, Digital Ocean, Linode, and just turned up a honeypot from Vultr (no I am not endorsing these for the companies I just am trying to stick to a 5$ per month per honeypot deployment. There are lots to choose from online) I have tried deploying Dionaea with MHN (modern honeypot network) but I noticed the script is for the older Dionaea version not supporting SMBCRY and WannaCRY ETC. Links to MHN install can be found here, and or Google around if your interested. https://www.anomali.com/blog/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-so So at first I installed Dionaea, Kippo, POD, Snort, all that jazz, had the live maps of attacks and all, it was great and I thank them for all their hard work, BUT after I got bored of all that, I wanted to break down the malware and get to the good stuff. I also happened to notice they just upgraded Dionaea for Wannacry and SMBCRY so I figured Id wipe everything out and just use Dionaea. This is how I did it. 1) Pick your VPS provider, use version Ubuntu 14.04 x64, I have never tried another version so don't ask me if it works.
2) Type in the Commands below or make a script with "sudo nano install.sh" paste the script in, save it, and run it with "bash install.sh" or whatever else you might want to name it. Start Script
4) Wait for the malware, (sometimes this can take 30 minutes, sometimes hours) you can see connection attempts in your Dionaea log, you can also configure warning and errors to be enabled or disabled based on what you like with the original Dionaea setup article on Nullbytes5) I GOT MALWARE!!! WOOHOO JUMP UP AND DOWN, ooh yeah, what do I do with it now you ask? 6) We need to look at the data inside, URLs, strings, registry etc. I know a lot of people use IDA or IDA pro but am not that familiar with it, I have played around with it but that's another rabbit hole I need to go down into to learn...BUT I did discover PPEE the other day and it is much easier to work with and use for beginners. 7) You can download PPEE (Professional PE file Explorer) and open your malware to see the code inside and coolness your looking for. You can also run the malware in total virus with PPEE within the program. (Another reason I like it) https://www.mzrst.com/ 8) Tips to go by. I download my malware inside a VM using virtual box. I have a separate HDD I swap out, boot windows and then boot windows into a VM machine with virtual box. I ALSO use a VPN when downloading or running malware live, this is meant to try and be safer and disguise my ip when playing around with this stuff. ALSO I use winscp to connect and transfer the malware. 9) Enjoy my hacker friends! Also here are some useful commands and or file locations tail -f /opt/dionaea/var/dionaea/dionaea.log /opt/dionaea/var/dionaea/binaries/ ls -la /opt/dionaea/var/dionaea/binaries/ df -h who -h nano /opt/dionaea/var/dionaea/dionaea.log top or htop I like to use htop to monitor system resources sometimes (sudo apt-get install htop) You can search for files in the root directory with the command ( find / -iname "dionaea.log" ) /opt/dionaea/etc/dionaea/dionaea.cfg (the log file fills up quick, so taking out warning and just leaving errors is a good idea)
10) Also please note I am not an expert on everything. I will try my best though if asked any questions. HAVE FUN!