I Put A Fake Email Server On The Internet
Рет қаралды 152,245
4 ай бұрынjh.live/pwyc || Jump into Pay What You Can training at whatever cost makes sense for you! jh.live/pwyc
We tried a different style with this video. Please let me know what you think!
Free Cybersecurity Education and Ethical Hacking
🔥KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
@_JohnHammond 4 ай бұрын
What do you think of this style and format? The first half of the video is a bit more scripted, with some more explanation and storytelling. Good, bad, ugly?
@btboss123 4 ай бұрын
I like it easy to follow
@ReligionAndMaterialismDebunked 4 ай бұрын
Second. :3 Early crew. Shalom. :3
@ReligionAndMaterialismDebunked 4 ай бұрын
It's good. Thanks. 🤝😅🤓😎
@0oNoiseo0 4 ай бұрын
Oh yes! it is verry easy to follow with the video itself. I like this methodology
@_AN203 4 ай бұрын
Good, Keep experimenting with this format and I like where this is going.
@joda0029 4 ай бұрын
Joda32 here :) I'm glad you enjoyed that and thanks for the shout out
@somexne 4 ай бұрын
Look out for the big guy! Also, big guy, wouldn't you say it's a little presumptuous from John's part to say a "try it out yourself"? As if there IS any vulnerability or way of id'ing your hp there might be a breach and bleed? Bad actors still would like a random access to use for their own purposes.
@_JohnHammond 4 ай бұрын
Huge thanks joda32!!! :D
@fightme5543 4 ай бұрын
@@somexneJohn set up a cloud computer... Even if It was compromised, who cares? That's like worrying about running a virus on a virtual machine...
@somexne 4 ай бұрын
@@fightme5543 Wrong. This machine could be involved in criminal activities under John's name. Also used as a C&C. Depending on the workings of the machine, he could even get charged more for the usage of the computer.
@somexne 4 ай бұрын
@@fightme5543 More than that, this is John's case. Other people could use and not sanitize or stop the machine after the use and worse.
@alxactly 4 ай бұрын
> Tries to setup a honeypot > Gets memed by viewers to get a cool shout out in the next vid
@ReligionAndMaterialismDebunked 4 ай бұрын
:3 Early crew. Shalom. :3
@mattplaygamez 4 ай бұрын
Matt here thanks for showing the resources in all of your videos. + Being intertaining. And a free shout out. Why not😉
@Gnievv 4 ай бұрын
When I started practising ethical hacking it immediately opened my eyes for what I already knew from "blue" side knowledge. Knowing how reds work complemented that and I started connecting the dots. I learned first hand how things I see in logs when analyzing breaches work. Knowing how to perform an attack is ultra usefull when posing as blue.
@geekzombie8795 4 ай бұрын
What the fuck are you saying
@daniellowrie 4 ай бұрын
Bro! Your production is looking sweet!!! Great video too. Gotta love a good honeypot 😎👍
@_JohnHammond 4 ай бұрын
Thanks so much Daniel!!!
@KenPryor 4 ай бұрын
This is so cool. I really want to try this sometime. I used to run a Kippo SSH honeypot years ago. Had a lot of fun with it and learned a lot too. Also, just signed up for some training with your sponsor. Will be taking their PWYC SOC Core Skills class.
@InfoSecPat 4 ай бұрын
John love the video and new fromat. You are killing it dude
@Geek_Strong 4 ай бұрын
Great video keep up the good work Mr.John :)
@Abduselam.m 4 ай бұрын
Thanks so much JohnHammond your KZbin channel is very important channel
@naijanmusics 4 ай бұрын
6:57 John "pork" hammond my beloved
@KerboOnYT 4 ай бұрын
I setup an SSH honeypot years ago and holy cow the bots. It was interesting parsing the data
@michaelk6702 4 ай бұрын
While the concept is great, hosting the service in the cloud is going to cost a small fortune if the threat actor starts performing DDoS attacks as your traffic will significantly ramp up and inflating your costs. You could build a local VM inside a local DMZ port forwarding out.
@oksowhat 4 ай бұрын
i dont think gcp or aws charge for online traffic until you setup specific services, for a simple vm on cloud any provider worth 2cents wont charge for traffic
@michaelk6702 4 ай бұрын
@@oksowhat I've only ever built a Honeypot in Azure as a side project and off the bat, it started charging for the hosting portion as well as the bandwidth. I was fortunate enough to be working for an MS partner meaning that I got the $200 per month to run Azure services. Does GCP and AWS run with the same model billing structures?
@oksowhat 4 ай бұрын
@@michaelk6702 I have only used azure to host a vm as a vscode server for a team project since I had student credit so I don't know where was I charged, but in gcp and AWS there is not charges for bandwidth until you use some services to manage it like load balancer. As far as I know, I have only built small projects on both
@dave24-73 4 ай бұрын
The scary part would be capturing this info then transferring them to the Levite site logged in.
@jasonnugent963 4 ай бұрын
Breaking things down in a pie chart by Source-Country would have been cool to see.
@xZeroOffical 4 ай бұрын
I usually put honeypot on common SSH ports and real (well protected) SSH on some obscure port.
@VulnerableU 4 ай бұрын
Getting PTSD flashbacks to OWA incidents...
@gamereditor59ner22 4 ай бұрын
Thanks for the video and keep it up!! Can you do basic tutorials of IT cybersecurity along with website free to learn in 2024? I am very hungry for knowledge!!
@realShadowKat 4 ай бұрын
I actively run a python based ssh honeypot for the past few years on a VM on a jailed VLAN that allows "logins" with everything logged that is run on the command line. "Root" gets used at least 10K times a day. Fun times.
@PROD.poptart 4 ай бұрын
Nice video keep up the good work
@de_mon2084 4 ай бұрын
So maybe this is a stupid question but without asking no knowledge is gained: I assume one could set blocking rules based on the host header and I am pretty sure that the host header you send can be spoofed so would a defender want to set blocking rules for non-browser host headers/pentesting utility host headers or is it better to not block them? From my perspective it may be better to allow these host headers so attacks are easier to identify as blocking them would „prompt“ the attacker to spoof it but I‘m happy to hear other opinions and expand my horizon.
@josecintron85 4 ай бұрын
i set a fake ssh server the last time an ssh vulnerability was announced and the results i got were fun to say the lest. i am thinking about doing something similar next time an apache or Nginx (it's easy enough to fake the server's headers) vuln is released just to see.
@CybersecPat 4 ай бұрын
Did you use Cowrie? That is my favorite
@josecintron85 4 ай бұрын
@@CybersecPat actually Dockpot
@Crysal 4 ай бұрын
I set up honeypots on the default port of an application and then run the legit application on another port, then fail2ban anyone trying to hard on the honeypot
@blinking_dodo 4 ай бұрын
That works until you accidentally forgot to use set the custom port option on your SSH session.
@Ebiko 4 ай бұрын
well - who the heck would actually keep the default UserAgent string ? I'd either use a random one, or constantly rotate to a different one.
@rankala 4 ай бұрын
I would have thought, to use a random user agent for every request, but with the 10k from the same Mac... seems they really don't care
@mthia 4 ай бұрын
you should do it without the domain with just the ip and there would be higher chance that someone would find that the server ip has some app on it
@blinking_dodo 4 ай бұрын
Would a WordPress login page get attacked more often? 🤔 I should probably set up a honeypot on my VPS too. Also, consider putting honeypots inside corporate systems so you can track hackers that move laterally. 🙃
@lifesmisfortunes 4 ай бұрын
grep your logs for xmlrpc.php .... then block all those trying to access it. Typically, the same bots - people are trying to access that and wp-login
@user-lt2rw5nr9s 4 ай бұрын
I looked through my web server logs and some of the most common interesting paths have been WordPress related. Some look for backup directories, files related to vulnerable plugins and themes, xml-rpc or login page.
@rosenclosed 4 ай бұрын
I have a WordPress installation that isn't even accessible through google or any other search engine, they found it purely by scanning hosts of my hosting provider. It's now 2pm on Jan 14 2024 and I already have 34 failed login attempts on my wp-login.php just today (attempts that come up as 403 in my server log)
@eduardstehlik2565 4 ай бұрын
It will be targeted basically the second you generate certificate for the domain. They will try to scan the site to gather data about vulnerable plugins and themes and ofc try to bruteforce the admin account since WP instance is much more interesting than some outlook form, because with simple vulnerability or just bruteforcing the admin account, you can run your own code on the server.
@MsDeniz2001 4 ай бұрын
when is the automation video coming!?
@moetazbrayek 4 ай бұрын
I don't think any of us using hydra really , personally i play around with some python and customize my brute force either for owa or 1&1 or ovh or what ever so i really suggest always to learn a bit of programming maybe basics before try pentesting anything
@balajisharathkumar9753 4 ай бұрын
honey pot ia great software most of the cyber security people in the modern era
@scottoclark3637 4 ай бұрын
Sounds like another name for value for value.
@MasonSchmidgall 4 ай бұрын
9:31 line 93 🤣
@uuu12343 4 ай бұрын
Wait, squarespace lets you setup a honeypot domain name?
@bigun89 4 ай бұрын
Yeah, just expose SSH to the net and wait. I did it and had MB's of logs within a few years. Got sick of it and changed the default port.
@GustavoMartinez-qi1bd 4 ай бұрын
I don't have time to set up a HoneyPot but I would like to learn how to protect my server for those attacks!
@bryanteger 4 ай бұрын
IP/NFtables and UFW
@God.Almighty 4 ай бұрын
or cloudflare zero trust tunnel
@linear_pub 4 ай бұрын
We swnd these out all the time using cracked SMTP servers
@houghi3826 4 ай бұрын
The User-Agent is trivial to edit. The option is -A or --user-agent. This is build in in curl. It can be clearly seen with the actual "hack". Those 10 004 are clearly using a fake user-agent. The fact that you did not said that, makes it feel that you either did not know (which is doubtful) or just ignored and leaving people with the wrong information, which can be dangerous. Not having information is better than having the wrong information in many cases when it concerns security. And security is not so much IT stuff, it is an attitude. ;-) Still interesting, but the --user-agent information is almost totally meaningless.
@tomtravis858 4 ай бұрын
he did mention it... lol
@fbifido2 4 ай бұрын
What link have the tutorial for this honeypot?
@joostvanderlee9569 4 ай бұрын
pay what you can, yes but there is a minimum cost of 300 bucks. so not really pay what you can or i can not look and im just missing stuff
@_JohnHammond 4 ай бұрын
At the top of the registration page, there is text that says "For tuition assistance, please click here", and then the minimum is $0 🙂
@joostvanderlee9569 4 ай бұрын
@@_JohnHammond thanks, im just blind😅
@dadamnmayne 4 ай бұрын
you can make a sweet password list by doing this.
@rob-890 4 ай бұрын
Why would you bother? Hackers will just be using already known tables of passwords you're only going to be reassembling that data again?
@dadamnmayne 4 ай бұрын
@@rob-890 what?
@user-lt2rw5nr9s 4 ай бұрын
They're mostly just using well known passwords anyway. Though you could find some rather rare default credentials for cheap IoT manufacturers over something like Telnet.
@PerumalJegan 4 ай бұрын
did you outsource your video editing?
@nordgaren2358 4 ай бұрын
I have been editing his videos for over a year, now. :)
@fightme5543 4 ай бұрын
@@nordgaren2358Props man! Great quality work & super efficient!
@nordgaren2358 4 ай бұрын
Thanks @fightme5543 ! KZbin won't let me see your comment, but I see it on the channel. Appreciate the blessing! 🙏
@user-td4pf6rr2t 4 ай бұрын
I notice ALOT of the password fields have letter only combinations. Is this even possible anymore?
@hibob841 4 ай бұрын
Most systems/sysadmins get password requirements all wrong, though it has improved. Ideally they would set a very high minimum length (say, 20 characters) a reasonable minimum entropy (say, at least 7 unique characters) and _allow whitespace_ . Then users can choose a phrase: "why should we care about security?" This is easy to remember and type-which means less likely to end up on a sticky note-but infeasible to brute-force. What's more typical? 10 characters, at least one number, one capital letter, one special character, no whitespace...great. Now you have a password that's difficult to remember and type, but _trivial_ to brute-force. I've even encountered one system that specified a _maximum_ length of 12 characters! I can't even...
@retrocomputing 4 ай бұрын
@@hibob84110 characters with special symbols? Should take 5 years, it's not trivial. Totally randomized 10+ passwords are fine, the problems start when you use normal words with some numbers.
@cyber_space09 4 ай бұрын
😂wow I was very curious here 🔞📵🌐🤣
@DarkSnakeX 4 ай бұрын
So happy to appear in the video 8:25 - 8:32 (I really mean it the last one xD)
@rob-890 4 ай бұрын
This video feels like you're trying to pad out an essay anything to get to that 10 minute mark
@hqcart1 4 ай бұрын
I think this honeypot is useless. blocking IP addresses is not the way to go. nothing will be achieved from the logs you obtained.
@AbdulAziz-by1wj 4 ай бұрын
Why hackers choose his target can anyone explain ?
@fbifido2 4 ай бұрын
can this pot be run in a container?
@joda0029 4 ай бұрын
Yes it can easily be done, I've just not had the motivation to do that :) log a ticket on the project and I'll dockerize it :)
@110776remco 4 ай бұрын
This video is so slow, the first 4 minutes is filled with stuff everyone already knows hello...
@skmgeek 4 ай бұрын
incredible
@IrfanAnsari-ng6wb 4 ай бұрын
👍
@kedirmamo7818 4 ай бұрын
It is good!
@user-iz1nx2qd6r 4 ай бұрын
nice
@ReligionAndMaterialismDebunked 4 ай бұрын
Early crew. Shalom. :3
@kevinhoy6838 4 ай бұрын
Need to figure out how to extract malicious IP from logs and send to firewall dynamic block list. Must learn scripting first.. :)
@Triscuitwells1242 4 ай бұрын
Giant waste of time video...
@rvizx 4 ай бұрын
1st ^^
@cocosloan3748 4 ай бұрын
Oh c'mon , just another script-kiddo who gets his views based on his good looks 🙄 Just joking John - Happy New Year 🤣
@ShainAndrews 4 ай бұрын
If you spoke normal I'd be interested in what you have to say.
@mrhassell 4 ай бұрын
It is illegal to spoof a commercial website. In the United States, website spoofing is considered a federal crime and can result in fines and imprisonment. In Australia, website spoofing is a criminal offense under the Cybercrime Act 2001 and can result in imprisonment for up to 10 years.
@joda0029 4 ай бұрын
In this case it is not spoofing a commercial website. It is spoofing a common product that many organizations deploy (well they did that in the past) plus he was hosting it on his own domain. No company was spoofed. But yes, picking an organizations actual site and cloning that can land you in hot water.
@josecintron85 4 ай бұрын
he is not spoofing a commercial site, he is spoofing the login page to his own server.
@brinh123 4 ай бұрын
I'd like to have seen this done as a silent exercise, without telling twitter - Hey - Try hack this! I get why this was done but it would be nice to see how long it took for genuine attacks to start
10 News First
Рет қаралды 75 МЛН