HonTel is a Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu environment, though it could be easily adapted to run inside any Linux environment.
Setting the environment and running the application requires intermmediate Linux administration knowledge. The whole deployment process can be found “step-by-step” inside the deploy.txt file. Configuration settings can be found and modified inside the hontel.py itself. For example, authentication credentials can be changed from default
root:123456 to some arbitrary values (options
AUTH_PASSWORD), custom Welcome message can be changed from default (option
WELCOME), custom hostname (option
FAKE_HOSTNAME), architecture (option
FAKE_ARCHITECTURE), location of log file (inside the chroot environment) containing all telnet commands (option
LOG_PATH), location of downloaded binary files dropped by connected users (option
Note: Some botnets tend to delete the files from compromised hosts (e.g.
/bin/bash) in order to harden itself from potential attempts of cleaning and/or attempts of installation coming from other (concurent) botnets. In such cases either the whole chroot environment has to be reinstalled or host directory where the chroot directory resides (e.g.
/srv/chroot/) should be recovered from the previously stored backup (recommended).