SSH Server - University Final Project

Hi Guys,

I'm in my final year at University studying a Computer Science degree, for my final year project I've decided to examine different techniques used when people gain access to servers, what do they look for when they get in, do they download files if so what types of files are downloaded etc.

If anyone is interested I've acquired a server, I need some traffic going through it, attempting to 'hack' it, download some malware, etc, IP addresses will be logged how ever this is purely for academic research and they will not be revealed, I will only be using your countrywide location in my research nothing else, likewise any files that are downloaded I will only be examining their end goal not configuration files etc, and at the end of the project everything will be securely deleted leaving no traces.

I've had a few breaches so far and they've ran what appears to be the Mirai IoT malware and given me nothing to work with!

If there is some interest in this i'll post the IP address for the server, the ssh password is ridiculously easy and a simple brute force tool will be able to crack it in a matter of <1 hour, also the brute force would be god to monitor different types of passwords attempted :)

B

Sounds interesting man..

Yeah go for it dude.

Awesome, so as I say logs will be taken but nothing will be used to return back to you guys in anyway as this will help me out massively.

So,Ip is: 62.100.207.185

And as in previous the password is stupidly easy a simple common password list will break it, I'm not saying what it is as I need data for login attempts :)

I should add, I was required to create a fake company so if someone does gain entry with malicious intent they wouldn't be alerted to the fact they were being logged, so when you gain access you will notice the host is HambledonFinancial, this is a fake company and has been made up for the purpose of this project!

Cheers guys,

B

a simple brute force tool will be able to crack it in a matter of <1 hour 1.3 seconds thumbs up

It runs frustratingly slowly on an android phone using juice for the ssh connection.

1.3 seconds! I knew it'd be fast, I had a sensible password for a month but had no hits so apparently needed to make it a bit easier!

Yeah, the server i'm paying for and what i've got appear to be two different things, it's slow from my end too! E-mailed them and they've said what I've got is normal, sounds like bs to me!

Also, any feedback on what I can do to improve the server to make it more realistic would be brill, I've had 3 hacks since posting and that's been fantastic, more is welcome though! :)

Huitzilopochtli wrote: It runs frustratingly slowly on an android phone using juice for the ssh connection.

Intrigued as to how you ran a brute force script on your android phone! Sounds interesting!

I used a version of NCrack https://forum.xda-developers.com/attachment.php?s=ed465da5f21f5f4f3863665e5e282da8&amp;attachmentid=1819137&amp;d=1363768906 ported to Android.

And a Terminal Emulator https://play.google.com/store/apps/details?id=jackpal.androidterm&amp;hl=en

There are also IDE's that will let you run scripts and code written in almost any language on your Android phone these days man.

Welcome to the 21st century thumbs up

What a time to be alive! Cheers for that, very interesting :)

B

I take it that this is just a VM we're logged into man ? Or do you spawn a new image for each new ip ?

Just noticed any changes to the file system seem to revert back if you're logged out.

Yeah so I didn't want people who log in to attack it, who aren't from this post who have malicious intentions to think 'oh loads of people have attacked this maybe it's a bit too obvious I'm being logged' so after each log out it reverts back to original settings! Purely to avoid arousing suspicions.

B