Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found "step-by-step" inside the deploy.txt file. Configuration settings can be found and modified inside the itself. For example, authentication credentials can be changed from default root:123456 to some arbitrary values (options AUTH_USERNAME and AUTH_PASSWORD), custom Welcome message can be changed from default (option WELCOME), custom hostname (option FAKE_HOSTNAME), architecture (option FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option LOG_PATH), location of downloaded binary files dropped by connected users (option SAMPLES_DIR), etc.

Note: Some botnets tend to delete the files from compromised hosts (e.g. /bin/bash) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g. /srv/chroot/) should be recovered from the previously stored backup (recommended).

Recommended to read:  nDPI - Open Source Deep Packet Inspection

Download Link

This article was published on Hack Hex website, under Tools section, written by Dawood Khan on 11th February 2019. Share & leave us some comments on what you think about this topic or if you like to add something.

Tags: #brute force tools #Computer Security #ethical hacking #Honeypot #Hontel #linux security testing #malware analysis tools #password brute force #Penetration Testing #penetration testing distribution #penetration testing linux #pentest android #pentest linux #pentest toolkit #pentest tools #security tool kit #spy tool kit #spyware #Telnet #web application testing tools #web malware detection