jump to navigation

Some kippo results September 28, 2010

Posted by lvdeijk in Uncategorized.

On the 23th of July I started with the SSH honeypot kippo. So after a good two months I decided to collect all the urls/locations those “1337 h4x0rs” are wgetting all their files from. (rootkits/ircbots/scanners)
I came up with the following list:

Now, I am not saying that these sites are “evil”. Chances are most likely that they are compromised themselves. So, just simply putting them on a blacklist isn’t a good idea.

Some of these links contain open directories, including all sorts of files, while other sites simply may have disappeared into thin air. It’s purely a list I extracted from the database my kippo is writing it’s results to.
As kippo also stores the obtained files, I have a copy of every single one of them for further analysis.
Use this information and/or containing files at you own risk.

Kippo also keeps track of every typed command in every “session”

One particular session I found too funny not sharing it:

Thanks to Justin Elze, for helping me out with the video.



1. 2010 in review « Lvdeijk's Blog - January 2, 2011

[…] Some kippo results September 2010 5 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: