No text on "attacker" side

Question

No text on "attacker" side

giovannifanzaga opened this issue 3 years ago · 0 comments

Hi all,

I'm trying to setup ad advance networking configuration with 2 VM, one with 2 network adapter (192.168.1.152/24 "WAN" and 172.16.0.1 "LAN" for the Honssh) and one with one network adapter (172.16.0.5 for honeypot).
Both SSh server seems work fine, the 2nd one with public & private auth keys configured.
After setting honssh.cfg and starting ./honsshctrl.sh start, the deamon starts correctly and wait for connection.
Trying connect it, some line a printed, but nothing else happens; the log stops at the line: [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
Meanwhile, in the client (Putty), nothing is shown, and I can only close the window, detected by honssh with "connection lost" message

Here's my conf and last lines of the log.

[honeypot]
ssh_addr = 192.168.1.152
ssh_port = 2222
client_addr = 0.0.0.0
public_key = id_rsa.pub
private_key = id_rsa
public_key_dsa = id_dsa.pub
private_key_dsa = id_dsa
ssh_banner = blablablablablabla
connection_timeout = 10
[honeypot-static]
enabled = true
pre-auth = true
post-auth = true
sensor_name = hon_sensor
honey_ip = 172.16.0.5
honey_port = 22
[honeypot-script]
enabled = false
pre-auth = true
post-auth = true
pre-auth-script =
post-auth-script =
[honeypot-docker]
enabled = false
[hp-restrict]
disable_publicKey = true
disable_x11 = true
disable_sftp = false
disable_exec = false
disable_port_forwarding = false
[folders]
log_path = logs
session_path = sessions
[advNet]
enabled = true
[interact]
enabled = false

2021-07-02 17:39:38+0200 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2021-07-02 17:39:38+0200 [-] HonsshServerFactory starting on 2222
2021-07-02 17:39:38+0200 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0x7efffef15998>
2021-07-02 17:39:50+0200 [-] [PRE_AUTH] - Connecting to Honeypot: hon_sensor (172.16.0.5:22)
2021-07-02 17:39:50+0200 [-] [ADV-NET] - HonSSH Interface already exists, not re-adding
2021-07-02 17:39:50+0200 [-] [ADV-NET] - Fake IP Address already exists, not re-adding
2021-07-02 17:39:50+0200 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0x7efffea773f8>
2021-07-02 17:39:50+0200 [Uninitialized] [CLIENT] - New client connection
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] kex alg, key alg: diffie-hellman-group-exchange-sha256 ssh-rsa
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] outgoing: aes256-ctr hmac-sha2-512 none
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] incoming: aes256-ctr hmac-sha2-512 none
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] REVERSE
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] NEW KEYS
2021-07-02 17:39:50+0200 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2021-07-02 17:39:50+0200 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS

What can I try to do to make it working?

Thanks
Ciao
Giovanni