Hello everyone and welcome back! 💻 Big thanks for watching, if you have questions ask them on 📰 Discord/IG/Twitter 📰
https://tryhackme.com/room/introductiontohoneypots
HINTS FOR THE CHALLENGE (You have instructions in the challenge itself but here are some good hints):
Log in with ssh to honeypot (u can use any pass but use HOXFR for example so its easier to spot later)
Password thing :
cat Top200Creds.txt | grep p | grep w -c
Which tool is for bruteforcing?
Hydra
Tool for detection thing
fail2ban – reference: https://en.wikipedia.org/wiki/Fail2ban
(if u google it it pops out right away)
See CPUinfo
cat /proc/cpuinfo
More system information
uname -a
cat /etc/issue
compared- is it the same?
env (displays env vars – a command)
You can remove HISTFILE shell VARIABLE by typing the following unset command:
unset HISTFILE
Which device thing – router :
mikrotik
(google first line and eventually find it)
What was the attacker trying to change?
root password
NEXT: google ssh key
(its not m0therfuck3r)
solution: outlaw
Whats used – notice “wp” – indicates wordpress
wordpress (see wp-something)
Is the URL malicious?
ip-api.com isnt malicious
And thats all, simple as that – just follow the challenge. If you get stuck you can contact me on discord/IG/twitter
DISCLAIMER :📌 DO NOT USE ANY KNOWLEDGE LEARNED FROM THIS VIDEO FOR ILLEGAL PURPOSES ; EVERYTHING SHOWN IN THE VIDEO IS COMPLETELY LEGAL AND WITHIN THE TERMS OF TryHackMe WEBSITE AND IN ITS ISOLATED ENVIRONMENT THAT ALLOWS FOR THESE ACTIONS. I DO NOT SUPPORT ANY ILLEGAL ACTIONS.
