I am at Security Summer Camp this week and you always hear about how how dangerous these networks are with no real proof so I decided to see how dangerous they are*. I built the most insecure docker container I can think of. It runs SSHD with the root password set to root* to see see what happens when I expose them to the blackhat and defcon networks.
I put the container here: jgamblin/sshoneypot
If you want to build and modify your own here is my base dockerfile:
RUN apk update && apk upgrade
RUN apk add openssh openssh-sftp-server byobu tmux && \
/bin/sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
/usr/bin/ssh-keygen -A && \
echo "source /etc/profile.d/color_prompt" > /etc/skel/.bashrc && \
cp /etc/skel/.bashrc /root/.bashrc && \
echo "root:root" | chpasswd && \
su - root -c "byobu-launcher-install"
CMD ["/usr/sbin/sshd", "-D", "-e"]
I have been running on a DigitalOcean droplet for a few hours and surprisingly, none of the bots have been successful yet.
*This is like a really bad idea.