Skip to content

Instantly share code, notes, and snippets.

1aN0rmus 1aN0rmus

Block or report user

Report or block 1aN0rmus

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View DFIR_IT_Contest_Submission.md

The below report attempts to provide answers to the objectives set in the "NETWORK CHALLENGE - 001 - LINUX":

  1. Determine what likely occurred based on the evidence from the PCAP.
  2. Identify any network and/or host artifacts that could be used to scope this incident further.
  3. If applicable, write detection signatures (snort/suricata/yara) to increase coverage for this type of activity.

The report comprises of multiple sections:

View kippo-stats.txt
Unique values (135526 connections):
- usernames 8600
- passwords 75780
- sources 1985
# SSH client versions Count
--------------------------------------------------------------
1 SSH-2.0-libssh-0.1 109840
2 SSH-2.0-libssh-0.2 13500
@1aN0rmus
1aN0rmus / KippoUsers.txt
Created Jul 21, 2014
List of unique usernames attempted against my Kippo instance
View KippoUsers.txt
root
a
b
user1
oracle
postgres
test
kippo
nagios
zabbix
@1aN0rmus
1aN0rmus / KippoIPList.txt
Created Jul 21, 2014
IP's connecting to my Kippo instance
View KippoIPList.txt
122.226.95.166
50.63.54.215
222.80.80.100
114.79.58.109
174.139.119.26
117.21.127.215
147.30.82.47
116.255.184.150
61.156.238.56
222.186.130.242
View lastlog.txt
This file has been truncated, but you can view the full file.
root pts/0 173.72.189.207 Thu Jan 24 20:59 - 21:00 (00:10)
root pts/0 54.235.161.133 Thu Jan 24 20:58 - 21:08 (10:01)
root pts/0 54.235.161.133 Thu Jan 24 21:54 - 21:55 (01:14)
root pts/0 173.72.189.207 Thu Jan 24 21:58 - 21:59 (00:18)
root pts/0 218.26.89.179 Fri Jan 25 03:51 - 03:51 (00:05)
root pts/0 218.26.89.179 Fri Jan 25 03:51 - 03:51 (00:08)
root pts/0 218.26.89.179 Fri Jan 25 03:51 - 03:51 (00:04)
root pts/0 218.26.89.179 Fri Jan 25 03:51 - 03:51 (00:08)
root pts/0 218.26.89.179 Fri Jan 25 03:51 - 03:51 (00:06)
@1aN0rmus
1aN0rmus / Password Statistics from Kippo Honeypot using Pipal
Last active Aug 29, 2015
Password Statistics from Kippo Honeypot using Pipal
View Password Statistics from Kippo Honeypot using Pipal
remnux@remnux:~/custom_tools/pipal$ ./pipal.rb ../TekDefense/wordlist.txt
Generating stats, hit CTRL-C to finish early and dump stats on words already processed.
Basic Results
Total entries = 203400
Total unique entries = 75627
Top 10 passwords
123456 = 3561 (1.75%)
You can’t perform that action at this time.