No video :(

I Put A Fake Email Server On The Internet

Подписаться 1,8 млн

Просмотров 153 тыс.

50% 1

jh.live/pwyc || Jump into Pay What You Can training at whatever cost makes sense for you! jh.live/pwyc
We tried a different style with this video. Please let me know what you think!
Free Cybersecurity Education and Ethical Hacking
🔥RU-vid ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware

Опубликовано:

29 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 134

@_JohnHammond 7 месяцев назад

What do you think of this style and format? The first half of the video is a bit more scripted, with some more explanation and storytelling. Good, bad, ugly?

@btboss123 7 месяцев назад

I like it easy to follow

@ReligionAndMaterialismDebunked 7 месяцев назад

Second. :3 Early crew. Shalom. :3

@ReligionAndMaterialismDebunked 7 месяцев назад

It's good. Thanks. 🤝😅🤓😎

@0oNoiseo0 7 месяцев назад

Oh yes! it is verry easy to follow with the video itself. I like this methodology

@_AN203 7 месяцев назад

Good, Keep experimenting with this format and I like where this is going.

@joda0029 7 месяцев назад

Joda32 here :) I'm glad you enjoyed that and thanks for the shout out

@somexne 7 месяцев назад

Look out for the big guy! Also, big guy, wouldn't you say it's a little presumptuous from John's part to say a "try it out yourself"? As if there IS any vulnerability or way of id'ing your hp there might be a breach and bleed? Bad actors still would like a random access to use for their own purposes.

@_JohnHammond 7 месяцев назад

Huge thanks joda32!!! :D

@fightme5543 7 месяцев назад

@@somexneJohn set up a cloud computer... Even if It was compromised, who cares? That's like worrying about running a virus on a virtual machine...

@somexne 7 месяцев назад

@@fightme5543 Wrong. This machine could be involved in criminal activities under John's name. Also used as a C&C. Depending on the workings of the machine, he could even get charged more for the usage of the computer.

@somexne 7 месяцев назад

@@fightme5543 More than that, this is John's case. Other people could use and not sanitize or stop the machine after the use and worse.

@alxactly 7 месяцев назад

> Tries to setup a honeypot > Gets memed by viewers to get a cool shout out in the next vid

@ReligionAndMaterialismDebunked 7 месяцев назад

:3 Early crew. Shalom. :3

@mattplaygamez 7 месяцев назад

Matt here thanks for showing the resources in all of your videos. + Being intertaining. And a free shout out. Why not😉

@Gnievv 7 месяцев назад

When I started practising ethical hacking it immediately opened my eyes for what I already knew from "blue" side knowledge. Knowing how reds work complemented that and I started connecting the dots. I learned first hand how things I see in logs when analyzing breaches work. Knowing how to perform an attack is ultra usefull when posing as blue.

@daniellowrie 7 месяцев назад

Bro! Your production is looking sweet!!! Great video too. Gotta love a good honeypot 😎👍

@_JohnHammond 7 месяцев назад

Thanks so much Daniel!!!

@InfoSecPat 7 месяцев назад

John love the video and new fromat. You are killing it dude

@KenPryor 7 месяцев назад

This is so cool. I really want to try this sometime. I used to run a Kippo SSH honeypot years ago. Had a lot of fun with it and learned a lot too. Also, just signed up for some training with your sponsor. Will be taking their PWYC SOC Core Skills class.

@michaelk6702 7 месяцев назад

While the concept is great, hosting the service in the cloud is going to cost a small fortune if the threat actor starts performing DDoS attacks as your traffic will significantly ramp up and inflating your costs. You could build a local VM inside a local DMZ port forwarding out.

@oksowhat 7 месяцев назад

i dont think gcp or aws charge for online traffic until you setup specific services, for a simple vm on cloud any provider worth 2cents wont charge for traffic

@michaelk6702 7 месяцев назад

@@oksowhat I've only ever built a Honeypot in Azure as a side project and off the bat, it started charging for the hosting portion as well as the bandwidth. I was fortunate enough to be working for an MS partner meaning that I got the $200 per month to run Azure services. Does GCP and AWS run with the same model billing structures?

@oksowhat 7 месяцев назад

@@michaelk6702 I have only used azure to host a vm as a vscode server for a team project since I had student credit so I don't know where was I charged, but in gcp and AWS there is not charges for bandwidth until you use some services to manage it like load balancer. As far as I know, I have only built small projects on both

@naijanmusics 7 месяцев назад

6:57 John "pork" hammond my beloved

@Crysal 7 месяцев назад

I set up honeypots on the default port of an application and then run the legit application on another port, then fail2ban anyone trying to hard on the honeypot

@blinking_dodo 7 месяцев назад

That works until you accidentally forgot to use set the custom port option on your SSH session.

@VulnerableU 7 месяцев назад

Getting PTSD flashbacks to OWA incidents...

@jasonnugent963 7 месяцев назад

Breaking things down in a pie chart by Source-Country would have been cool to see.

@josecintron85 7 месяцев назад

i set a fake ssh server the last time an ssh vulnerability was announced and the results i got were fun to say the lest. i am thinking about doing something similar next time an apache or Nginx (it's easy enough to fake the server's headers) vuln is released just to see.

@CybersecPat 7 месяцев назад

Did you use Cowrie? That is my favorite

@josecintron85 7 месяцев назад

@@CybersecPat actually Dockpot

@KerboOnYT 7 месяцев назад

I setup an SSH honeypot years ago and holy cow the bots. It was interesting parsing the data

@Geek_Strong 7 месяцев назад

Great video keep up the good work Mr.John :)

@gamereditor59ner22 7 месяцев назад

Thanks for the video and keep it up!! Can you do basic tutorials of IT cybersecurity along with website free to learn in 2024? I am very hungry for knowledge!!

@de_mon2084 7 месяцев назад

So maybe this is a stupid question but without asking no knowledge is gained: I assume one could set blocking rules based on the host header and I am pretty sure that the host header you send can be spoofed so would a defender want to set blocking rules for non-browser host headers/pentesting utility host headers or is it better to not block them? From my perspective it may be better to allow these host headers so attacks are easier to identify as blocking them would „prompt“ the attacker to spoof it but I‘m happy to hear other opinions and expand my horizon.

@blinking_dodo 7 месяцев назад

Would a WordPress login page get attacked more often? 🤔 I should probably set up a honeypot on my VPS too. Also, consider putting honeypots inside corporate systems so you can track hackers that move laterally. 🙃

@lifesmisfortunes 7 месяцев назад

grep your logs for xmlrpc.php .... then block all those trying to access it. Typically, the same bots - people are trying to access that and wp-login

@user-lt2rw5nr9s 7 месяцев назад

I looked through my web server logs and some of the most common interesting paths have been WordPress related. Some look for backup directories, files related to vulnerable plugins and themes, xml-rpc or login page.

@rosenclosed 7 месяцев назад

I have a WordPress installation that isn't even accessible through google or any other search engine, they found it purely by scanning hosts of my hosting provider. It's now 2pm on Jan 14 2024 and I already have 34 failed login attempts on my wp-login.php just today (attempts that come up as 403 in my server log)

@eduardstehlik2565 7 месяцев назад

It will be targeted basically the second you generate certificate for the domain. They will try to scan the site to gather data about vulnerable plugins and themes and ofc try to bruteforce the admin account since WP instance is much more interesting than some outlook form, because with simple vulnerability or just bruteforcing the admin account, you can run your own code on the server.

@dave24-73 7 месяцев назад

The scary part would be capturing this info then transferring them to the Levite site logged in.

@realShadowKat 7 месяцев назад

I actively run a python based ssh honeypot for the past few years on a VM on a jailed VLAN that allows "logins" with everything logged that is run on the command line. "Root" gets used at least 10K times a day. Fun times.

@xZeroOffical 7 месяцев назад

I usually put honeypot on common SSH ports and real (well protected) SSH on some obscure port.

@Ebiko 7 месяцев назад

well - who the heck would actually keep the default UserAgent string ? I'd either use a random one, or constantly rotate to a different one.

@Abduselam.m 7 месяцев назад

Thanks so much JohnHammond your RU-vid channel is very important channel

@rankala 7 месяцев назад

I would have thought, to use a random user agent for every request, but with the 10k from the same Mac... seems they really don't care

@houghi3826 7 месяцев назад

The User-Agent is trivial to edit. The option is -A or --user-agent. This is build in in curl. It can be clearly seen with the actual "hack". Those 10 004 are clearly using a fake user-agent. The fact that you did not said that, makes it feel that you either did not know (which is doubtful) or just ignored and leaving people with the wrong information, which can be dangerous. Not having information is better than having the wrong information in many cases when it concerns security. And security is not so much IT stuff, it is an attitude. ;-) Still interesting, but the --user-agent information is almost totally meaningless.

@tomtravis858 7 месяцев назад

he did mention it... lol

@hqcart1 7 месяцев назад

I think this honeypot is useless. blocking IP addresses is not the way to go. nothing will be achieved from the logs you obtained.

@bigun89 7 месяцев назад

Yeah, just expose SSH to the net and wait. I did it and had MB's of logs within a few years. Got sick of it and changed the default port.

@joostvanderlee9569 7 месяцев назад

pay what you can, yes but there is a minimum cost of 300 bucks. so not really pay what you can or i can not look and im just missing stuff

@_JohnHammond 7 месяцев назад

At the top of the registration page, there is text that says "For tuition assistance, please click here", and then the minimum is $0 🙂

@joostvanderlee9569 7 месяцев назад

@@_JohnHammond thanks, im just blind😅

@moetazbrayek 7 месяцев назад

I don't think any of us using hydra really , personally i play around with some python and customize my brute force either for owa or 1&1 or ovh or what ever so i really suggest always to learn a bit of programming maybe basics before try pentesting anything

@cyber_space09 7 месяцев назад

😂wow I was very curious here 🔞📵🌐🤣

@mthia 7 месяцев назад

you should do it without the domain with just the ip and there would be higher chance that someone would find that the server ip has some app on it

@PROD.poptart 7 месяцев назад

Nice video keep up the good work

@cyberjack Месяц назад

no hacker would use their real IP address

@MasonSchmidgall 7 месяцев назад

9:31 line 93 🤣

@dadamnmayne 7 месяцев назад

you can make a sweet password list by doing this.

@rob-890 7 месяцев назад

Why would you bother? Hackers will just be using already known tables of passwords you're only going to be reassembling that data again?

@dadamnmayne 7 месяцев назад

@@rob-890 what?

@user-lt2rw5nr9s 7 месяцев назад

They're mostly just using well known passwords anyway. Though you could find some rather rare default credentials for cheap IoT manufacturers over something like Telnet.

@scottoclark3637 7 месяцев назад

Sounds like another name for value for value.

@uuu12343 7 месяцев назад

Wait, squarespace lets you setup a honeypot domain name?

@GustavoMartinez-qi1bd 7 месяцев назад

I don't have time to set up a HoneyPot but I would like to learn how to protect my server for those attacks!

@bryanteger 7 месяцев назад

IP/NFtables and UFW

@God.Almighty 7 месяцев назад

or cloudflare zero trust tunnel

@MsDeniz2001 7 месяцев назад

when is the automation video coming!?

@linear_pub 7 месяцев назад

We swnd these out all the time using cracked SMTP servers

@DarkSnakeX 7 месяцев назад

So happy to appear in the video 8:25 - 8:32 (I really mean it the last one xD)

@user-td4pf6rr2t 7 месяцев назад

I notice ALOT of the password fields have letter only combinations. Is this even possible anymore?

@hibob841 7 месяцев назад

Most systems/sysadmins get password requirements all wrong, though it has improved. Ideally they would set a very high minimum length (say, 20 characters) a reasonable minimum entropy (say, at least 7 unique characters) and _allow whitespace_ . Then users can choose a phrase: "why should we care about security?" This is easy to remember and type-which means less likely to end up on a sticky note-but infeasible to brute-force. What's more typical? 10 characters, at least one number, one capital letter, one special character, no whitespace...great. Now you have a password that's difficult to remember and type, but _trivial_ to brute-force. I've even encountered one system that specified a _maximum_ length of 12 characters! I can't even...

@retrocomputing 7 месяцев назад

@@hibob84110 characters with special symbols? Should take 5 years, it's not trivial. Totally randomized 10+ passwords are fine, the problems start when you use normal words with some numbers.

@balajisharathkumar9753 7 месяцев назад

honey pot ia great software most of the cyber security people in the modern era

@AbdulAziz-by1wj 7 месяцев назад

Why hackers choose his target can anyone explain ?

@ReligionAndMaterialismDebunked 7 месяцев назад

Early crew. Shalom. :3

@fbifido2 7 месяцев назад

What link have the tutorial for this honeypot?

@PerumalJegan 7 месяцев назад

did you outsource your video editing?

@nordgaren2358 7 месяцев назад

I have been editing his videos for over a year, now. :)

@fightme5543 7 месяцев назад

@@nordgaren2358Props man! Great quality work & super efficient!

@nordgaren2358 7 месяцев назад

Thanks @fightme5543 ! RU-vid won't let me see your comment, but I see it on the channel. Appreciate the blessing! 🙏

@fbifido2 7 месяцев назад

can this pot be run in a container?

@joda0029 7 месяцев назад

Yes it can easily be done, I've just not had the motivation to do that :) log a ticket on the project and I'll dockerize it :)

@110776remco 7 месяцев назад

This video is so slow, the first 4 minutes is filled with stuff everyone already knows hello...

@rob-890 7 месяцев назад

This video feels like you're trying to pad out an essay anything to get to that 10 minute mark

@skmgeek 7 месяцев назад

incredible

@user-iz1nx2qd6r 7 месяцев назад

nice

@kedirmamo7818 7 месяцев назад

It is good!

@cocosloan3748 7 месяцев назад

Oh c'mon , just another script-kiddo who gets his views based on his good looks 🙄 Just joking John - Happy New Year 🤣

@IrfanAnsari-ng6wb 7 месяцев назад

👍

@ShainAndrews 7 месяцев назад

If you spoke normal I'd be interested in what you have to say.

@kevinhoy6838 7 месяцев назад

Need to figure out how to extract malicious IP from logs and send to firewall dynamic block list. Must learn scripting first.. :)

@Triscuitwells 7 месяцев назад

Giant waste of time video...

@rvizx 7 месяцев назад

1st ^^

@brinh123 7 месяцев назад

I'd like to have seen this done as a silent exercise, without telling twitter - Hey - Try hack this! I get why this was done but it would be nice to see how long it took for genuine attacks to start

@mrhassell 7 месяцев назад

It is illegal to spoof a commercial website. In the United States, website spoofing is considered a federal crime and can result in fines and imprisonment. In Australia, website spoofing is a criminal offense under the Cybercrime Act 2001 and can result in imprisonment for up to 10 years.

@joda0029 7 месяцев назад

In this case it is not spoofing a commercial website. It is spoofing a common product that many organizations deploy (well they did that in the past) plus he was hosting it on his own domain. No company was spoofed. But yes, picking an organizations actual site and cloning that can land you in hot water.

@josecintron85 7 месяцев назад

he is not spoofing a commercial site, he is spoofing the login page to his own server.