I am at Security Summer Camp this week  and you always hear about how how dangerous these networks are with no real proof so I decided to see how dangerous they are*.  I built  the most insecure docker container I can think of. It runs SSHD with the root password set to  root* to see see what happens when I expose them to the blackhat and defcon networks.

I put the container here: jgamblin/sshoneypot

If you want to build and modify your own here is my base dockerfile:

FROM bashell/alpine-bash:latest

RUN apk update && apk upgrade

RUN apk add openssh openssh-sftp-server byobu tmux && \
/bin/sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
/usr/bin/ssh-keygen -A && \
echo "source /etc/profile.d/color_prompt" > /etc/skel/.bashrc && \
cp /etc/skel/.bashrc /root/.bashrc && \
echo "root:root" | chpasswd && \
su - root -c "byobu-launcher-install"

CMD ["/usr/sbin/sshd", "-D", "-e"]

I have been running on a DigitalOcean droplet for a few hours and surprisingly, none of the bots have been successful yet.

Screen Shot 2016-08-01 at 10.08.45 AMI will have a blog post next week with full pcaps and copies of the containers for any that have successful logins.

*This is like a really bad idea.  

Site Footer