In the previous episode, I’ve demonstrated how to set up a Kippo SSH honeypot, and ended with a series of unsuccessful password brute-force attack. In this episode, I will be covering fake user and password management of your Kippo SSH honeypot.
Username-Password Combination
Unlike Kojoney where you have a text file that state all the username and password combination it accepts, Kippo is slightly more advance than that. By default, the only root password is “123456”.
If you want to accept more username and password combination than that, you can append it to data/userdb.txt.
In addition, if a successful login launched a passwd command, the new password will also be appended to the file.
In other word, you can look at the trend of password these intruders like to change to.
New Users
To add a new fake user into your Kippo SSH honeypot, you cannot simply use the useradd command within the honeypot. However, the useradd command provides a more interesting feature:
It will be interesting if you can collect personal information about the intruder.
To add a new user, you just have to append your new username and password combination into the data/userdb.txt file.
Similarly, if a successful login to that user launched a passwd command, the new password will be appended to the file.
Explore your Kippo!
By now, you would have successful logged into your Kippo SSH honeypot. Explore around with it, and you will realise you get some return values from some basic Linux commands (e.g. w, ps, ls, etc.), unlike Kojoney which always tells you that command is not found.
–
That’s all for now; I will drill more into the sticky factor of Kippo in the next episode. 
- Part 01: Getting Started
- Part 02: User & Password Management
- Part 03: A Sticky Honeypot
- Part 04: Kippo-Graph