This repository has been archived by the owner on Oct 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 45
/
hbconf.yaml
117 lines (98 loc) · 4.3 KB
/
hbconf.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
path:
bashhistory: /home/test/.bash_history
awsconf: /home/test/.aws/config
awscred: /home/test/.aws/credentials
hosts: /etc/hosts
randomline:
bashhistory: true
confile: false
honeypot:
addr: 192.168.1.66
# Fake files
honeyfile:
enabled: true
monitor: none # Options: go-audit, auditd, none
goaudit-conf: /etc/go-audit.yaml # Only if you use go-audit
traps:
# Format: - file_path:content_type:template
## content_type: rdpconn, txtemail,
## template: config (read from config file: contentgen.xxx.template), template file path (/tmp/sampletemplate.txt)
- /tmp/test.rdp:rdpconn:config
- /tmp/email.txt:txtemail:template/txtemail
# Content generator for honeyfiles or file honeybits
contentgen:
rdpconn:
user: administrator
pass: 12345
domain: example.com
template: "screen mode id:i:2\ndesktopwidth:i:1024\ndesktopheight:i:768\nuse multimon:i:1\nsession bpp:i:24\nfull address:s:%s\ncompression:i:1\naudiomode:i:2\nusername:s:%s\ndomain:s:%s\nauthentication level:i:0\nclear password:s:%s\ndisable wallpaper:i:0\ndisable full window drag:i:0\ndisable menu anims:i:0\ndisable themes:i:0\nalternate shell:s:\nshell working directory:s:\nauthentication level:i:2\nconnect to console:i:0\ngatewayusagemethod:i:0\ndisable cursor setting:i:0\nallow font smoothing:i:1\nallow desktop composition:i:1\nredirectprinters:i:0\nprompt for credentials on client:i:1\nuse redirection server name:i:0"
# server: 192.168.1.66 # Default is 'honeypot addr'
txtemail:
user: dave
pass: 12345
# template: "From: Adel 0x <adel@example.com>\nSubject: Re: Monitoring system\nDate: March 22, 2017 at 21:59:15 GMT+11\nTo: Dave Cohen <dave.cohen@example.com>\nCc: security <security@example.com>\n\nHi,\n\nAh, sorry I forgot to send you the new address: http://%s\nI also reset your password (user: %s) to the default pass: %s\n\nPlease set the MFA (multi-factor authentication) ASAP.\n\nCheers,\nAdel\n\nOn 22 Mar 2017, at 9:57 pm, Dave Cohen <dave.cohen@example.com> wrote:\n\nHi Adel,\n\nI just wanted to login to the Monitoring system, but I get 404 error. Could you please have a look at it?\n\nThanks\nDave\n\nThe information contained in this email and any attachments is confidential and/or privileged. This email and any attachments are intended to be read only by the person named above. If the reader of this email, and any attachments, is not the intended recipient, you are hereby notified that any review, dissemination or copying of this email and any attachments is prohibited. If you have received this email and any attachments in error, please notify the sender by email or telephone and delete it from your email client."
# server: 192.168.1.66 # Default is 'honeypot addr'
honeybits:
# Fake records in config files
awsconf:
enabled: false
profile: devsecops
region: us-east-1
accesskeyid: AKIAIOSFODNN7EXAMPLE
secretaccesskey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
hostsconf:
enabled: false
# ip: 192.168.1.66 # Default is 'honeypot addr'
name: mysql-srv
# Fake records in bash_history
ssh:
enabled: false
# server: 192.168.1.66 # Default is 'honeypot.addr'
port: 2222
user: root
sshpass: false
pass: 123456
wget:
enabled: false
url: http://192.168.1.66:8080/backup.zip
ftp:
enabled: false
# server: 192.168.1.66 # Default is 'honeypot.addr'
port: 2121
user: backup
pass: b123
rsync:
enabled: false
# server: 192.168.1.66 # Default is 'honeypot.addr'
port: 2222
user: root
remotepath: /var/db/backup.tar.gz
localpath: /tmp/backup.tar.gz
sshpass: false
pass: 12345
scp:
enabled: false
# server: 192.168.1.66 # Default is 'honeypot.addr'
port: 2222
user: root
remotepath: /var/db/backup.tar.gz
localpath: /tmp/backup.tar.gz
mysql:
enabled: false
# server: 192.168.1.66 # Default is 'honeypot.addr'
port: 3306
user: dbadmin
pass: 12345
command: show databases
# dbname: clients
aws:
enabled: false
profile: devops
region: us-east-2
command: ec2 describe-instances
accesskeyid: AKIAIOSFODNN7EXAMPLE
secretaccesskey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# custom honeybits in bash_history
custom:
- telnet 192.168.1.66 25
- nano /tmp/backup/credentials.txt