Kippo SVN build

This morning I cause myself a problem. Annoyingly it was foreseeable and avoidable, this is my excuse (not great, but I’ll stick to it). But as every problem is merely an opportunity in disguise whist I’m re-building systems I might as well document the process. The original InfoSanity guide for installing Kippo was based off of the latest stable version, but I rapidly migrated to the development SVN on learning of the MySQL logging capabilities, so this guide covers that.
As I’m using a Debian system a lot of the system pre-requisites are packaged, this aren’t all needed immediately but we might as well grab them all at once.

apt-get install subversion #for svn
apt-get install python-twisted python-mysqldb # Python and required modules
apt-get install mysql-server #

Basic Kippo setup
Grab Kippo direct from svn, at time of writing I got version 160. (latest instructions):

svn checkout /opt/kippo-svn

Now we can start the honeypot system:


That’s it, all that is required to get the system running. To confirm you can ssh locally with ssh -p2222 root@, unless you’ve jumped ahead and edited the config, password will be 123456.
Log into MySQL via commanline, assuming you’ve not modified the kippo.cfg database directives build the database:

create database kippo;
grant all on kippo.* to ‘kippo’@’localhost’ identified by ‘secret’;

Next edit the kippo.cfg accordingly you database/user/password and uncomment the [database] configuration directives. REMEBER to uncomment ;[database] line not just the parameters, that has now caught me out twice.
Finally, build the database structure with the script that can be found in <kippo>/doc/sql/:

doc/sql/# mysql -ukippo -psecret kippo < mysql.sql

Restart your Kippo process and you should be good; re-test access to the shell and view the database tables to confirm that logs are being written to the database.
Happy Honeypotting
–Andrew Waite

    Join the conversation


    1. Oh… and when editing kippo.cfg don’t forget to uncomment ‘[database]’ – I’ve lost 25 sessions… that’s what you get when you fall asleep working :/

    2. I’ve actually had this running for a little under 2 days and have already had two people try and connect! one was really funny to watch, they wget some tools, and i had a laugh watching them try to make a user and have to put in a “favorite movie”.
      The second person connected and then disconnected right after, but got stuck in the fake localhost prompt, and then quit out… awesome stuff haha!
      I got the ajaxterm up and running on my webserver (as the same limited user that runs the honeypot) and i created a basic php script that automatically lists the logs on my server.. check it out

      1. Nice work! Just watched the first capture, always good for a laugh.
        Couldn’t see anything on your blog, any chance you could write-up process for get the ajaxterm running? It’s been on my to-do list for a while (and know others who are looking at the same thing), a decent install guide would be useful.

        1. yeah definitely! i’ll get it up sometime this week.. i have heavily modded the file to make it more secure so i’ll zip that up and post it as well

      2. Nice work Dave, just had a read through and sounds nice and easy. Now know what I’ll be doing next time I get some free lab time 😉
        Cheers for sharing with the rest of us.

    Leave a comment

    Your email address will not be published. Required fields are marked *