Ryan Castellucci :nonbinary_flag:
Your SSH honeypot fakes a Linux system and logs the threat actor's commands.
My SSH honeypot hijacks the threat actor's terminal to play the music video of Rick Astley's 1987 pop hit "Never Gonna Give You Up" while ignoring Ctrl-C.
We are not the same.
Ryan Castellucci :nonbinary_flag:
The CPU usage of this thing is absurd. Doesn't help that my files are encoded with "\n" newlines, but I need to use "\r\n" for an SSH pty for whatever reason.
Ryan Castellucci :nonbinary_flag:
Also wondering if there's any way I can precompress the data...
Ryan Castellucci :nonbinary_flag:
Oh, I didn't compile with --release. That'll do it. CPU usage reduced by 80% 😆
Rich Felker
@ryanc You should be able to set the newline conversion mode on the pty with stty/tcsetattr.
Ryan Castellucci :nonbinary_flag:
@dalias server side?
Wulfy
Teach me Sensei!
Morten Linderud
This is funny. I wrote a SSH server that writes out the script to Hackers while ignoring Ctrl-C.
Ryan Castellucci :nonbinary_flag:
@nex windows terminal seems to have implemented DECPS... 🤔
nex
@ryanc@infosec.exchange SSH honeypot that hijacks the remote terminal to play the portal 1 ending, with music
SpaceLifeForm
Bonus points if you can make them hear the music thru the PC Speaker.
Dr David Mills
@viq @Foxboron @ryanc and a terminal beep after each character?
Ryan Castellucci :nonbinary_flag:
viq
Ryan Castellucci :nonbinary_flag:
@beeoproblem actually, I know how to do that
Bee O'Problem :godot:
@ryanc I now lowkey wish RickrollMEMZ was a thing
Hijack the machine to display the video (and crash the system once the video is over) and also trash the BIOS to show the Rick Astley on boot.
Ryan Castellucci :nonbinary_flag:
@unexpectedteapot I'll post it eventually, but probably not the animation file (it's 50MB)
I basically mashed this together with russh:
https://github.com/ryancdotorg/ansi-player-rs/blob/main/src/main.rs
You can see the animation via
nc rya.nc 1987
unexpectedteapot
@ryanc so since no one asked, I'll volunteer: do you have this software hosted on a gitsomething somewhere?
Ryan Castellucci :nonbinary_flag:
@jjacobsson I got it working last night, shitposted about it and went to bed.
Will post the code in the next couple of weeks.
I don't use container stuff, and it's Rust so you can just compile it to a single binary anyway.
Joacim Jacobsson
@ryanc where can I get a container of this for arm please?
Ryan Castellucci :nonbinary_flag:
@jjacobsson the video itself viewable via
nc rya.nc 1987
No sound, but the whole thing is subtitled.
Joacim Jacobsson
@ryanc _nice_
Having exactly 0 experience with running a honeypot so I did some googling and realized that is more complicated than I initially thought :D
But I need to see this.
Ryan Castellucci :nonbinary_flag:
@Foxboron @Dtl @viq I can encode arbitrary movies the same way 🤔
Morten Linderud
Love it. Totes doing that.
Ryan Castellucci :nonbinary_flag:
@Foxboron @Dtl @viq I'm extracting individual frames as low quality jpg (quality really doesn't matter here, lol) and then converting individual frames to ANSI.
Morten Linderud
I tried getting ffmpeg to output Hackers through caca but it wasn't super easy as you need to render each frame from the nurses driver.
Ryan Castellucci :nonbinary_flag:
@jjacobsson It's pretty amazing how good it looks when you spam the terminal with unicode and 24 bit color escape sequences
Joacim Jacobsson
@ryanc That is _amazing_
Ryan Castellucci :nonbinary_flag:
@bloody_albatross @Foxboron @Dtl @viq the frame encoder (which I did not write, but plan to replace with my own to be written encoder) picks from one of 32 possible characters and two colors for each cell.
Mathias Panzenböck
@ryanc @Foxboron @Dtl @viq Very cool! Did something similar myself a few months ago. (Also in Rust.) I always render 2 pixels per character and only support images, including animated GIFs. You seem to do more than one pixel per character, but quatize them to two colors?
Ryan Castellucci :nonbinary_flag:
@bloody_albatross @Foxboron @Dtl @viq
This is what I'm currently using to encode frames:
Mathias Panzenböck
@ryanc @Foxboron @Dtl @viq That's cool! 32? What characters do you use? I know characters that would yield 4 (1x2 pixels per character), 64 (2x3), and 256 (2x4) different values. Though not all of those Unicode characters are well supported everywhere. I went with 1x2 because it's easy and no color compromise. Though low resolution.
Ryan Castellucci :nonbinary_flag:
@bloody_albatross @Foxboron @Dtl @viq
I would call it roughly an effective resolution of four to eight "pixels" per character.
Ryan Castellucci :nonbinary_flag:
@Legion495 wise
Legion495
@ryanc@infosec.exchange I am afraid
Tim Clevenger :donor:
@ryanc That's amazing.
Ryan Castellucci :nonbinary_flag:
@IlyaShasham I'm building a custom ssh server with a built in animation player for this purpose. I have it working, but I want to clean it up before posting.
Ilya Shasham
@ryanc is it possible to learn this power?
Ilya Shasham
@ryanc best of luck to you, mate. Sounds quite interesting.
Ryan Castellucci :nonbinary_flag:
@IlyaShasham if you just want to see what gets played, run
nc rya.nc 1987
in a vaguely recent terminal emulator.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.