Class 2 Lab 2 ‐ Set Up a Modern Honey Network (MHN) - Justin-Boyd/CIT-Class GitHub Wiki

Task 1: MHN OVA Installation

Step 1

  • Download the CIT-02-L2_MGN.ova file from the Extra Files section within Canvas.

Step 2

  • Open VirtualBox. Click File in the upper left-hand corner of the screen and then select Import Appliance....

Step 3

  • Click the folder icon under Local File System to open an Explorer window.

Step 4

  • Select the CIT-02-L2_MHN_20210730.ova file. It may be in your Downloads folder.

Step 5

  • Ensure the correct file is selected in the box under Local File System. Change the MAC Address Policy setting to Generate new MAC addresses for all network adapters. Click Import.

Step 6

  • Once the file finishes importing, click the MHN virtual machine within VirtualBox and then click Start.

Step 7

  • To log into the virtual machine, select the user account and input a password of Pa$$w0rd. Click Sign in.

Step 8

  • The MHN server has been configured with the following settings:
    • Superuser email: john@local
    • Superuser password: Aa123456!
    • Server base URL: http://127.0.0.1
    • Mail server address: smtp.gmail.com
    • Use TLS for email: y
    • Use SSL for email: y
    • Mail server username: [email protected]
    • Mail server password: Aa123456!
    • Mail default sender: Honeypot_Alert

Task 2: Configure the Dionaea Honeypot

Step 1

  • Click the Firefox browser icon in the menu on the left to open it.

Step 2

  • Browse to 127.0.0.1.

Step 3

  • Use the login credentials specified during the installation:
    • Email: john@local
    • Password: Aa123456!

Step 4

  • Click Deploy in the menu at the top to navigate to its page.

Step 5

  • Click New script and select Ubuntu/Raspberry Pi - Dionaea.

Step 6

  • Highlight the content of the Deploy Command, right-click it, and copy it for use in the terminal.

Step 7

  • Go to the terminal and paste the copied command. Then, execute the command and wait until it is finished before moving to step 8.
  • Note: You likely will be prompted for a password to execute this command. This will require the local user password (Pa$$w0rd) instead of the superuser password.

Step 8

  • In the web interface, click Sensors in the menu at the top and select View sensors.

Step 9

  • Note it is updated with the honeypot’s information.

Task 3: Attack the Honeypot

Step 1

  • In the web interface, click Attacks to open signs of attacks. Note there is no evidence of an attack.

Step 2

  • Use the command curl -k https://127.0.0.1 to allow an insecure connection on the honeypot.
  • Note: Since SSL is a service used by the honeypot, cURL is used to trigger the honeypot alert

Step 3

  • Click Attacks again in the web interface and note there is a record of the action, which is an indication of an attack.