Wednesday, March 1, 2017

sudo.co.il - Nopernik's Attacking Honeypot. ("NAH") или нах!

NAH is distributed system, which is located in most parts of the world.
On each system you can find this Terms of Use.

Terms of use.

By using any of provided services, you completely agree with next statements:

1. Once you send me SYN packet to commonly used ports that involved in botnet bruteforce attacks, which include but not limited to SSH and/or RDP, you provide to "NAH" and the owner exclusive right to attack back in any way your public IP address, disclose/share/sell your IP and/or data to the public, including wordlist that have been used in your attack.

2. Once correct credentials recovered, you completely agree and provide to "NAH"/owner/third parties choosed by the owner exclusive right to perform any manipulation with your machine and/or IP and/or internet access, you agree to removal of all known/unknown malicious software and/or botnet agents.

3. With that said, you provide to "NAH" and the owner FULL and LEGAL access to your network-connected device.

# ./attackback.py 
Found a new jerk! [censured].XXX.XXX:22
Bruteforcing SSH: [censured].XXX.XXX 

[22][ssh] host: [censured].XXX.XXX   login: root   password: ThisPassw0rdMightBeDefault!
1 of 1 target successfully completed, 1 valid password found

Credentials found!

Getting whois info...
Gathering system information...
Finding malware/botnet agents...
Found! Removing...
Sending email...

Waiting for another one...


Proof of Concept will be soon. Stay tuned.


1 comment: