[Question] Is it possible or has it been done, can a Honeypot be created with bash aliases that would use a very common command someone would run if they were in your system but it aliases to some

chingadera@lemmy.world · 2 days ago

[Question] Is it possible or has it been done, can a Honeypot be created with bash aliases that would use a very common command someone would run if they were in your system but it aliases to some

sprite0@sh.itjust.works · edit-2 2 days ago

you can’t know what system architecture is on the ssh client side. It could be a mac, a windows or linux box, android or ios, beos, amigaos, etc.

So even if you could get ssh to pass malicious code how would you know what code to pass?

What you’re asking for is nigh impossible i think.

chingadera@lemmy.world · 2 days ago

And when you say “can’t know” do you mean it would be impossible to tell strictly through SSH?

sprite0@sh.itjust.works · 2 days ago

the ssh protocol doesn’t provide any mechanism for your server to identity the client host architecture, nor does it provide any mechanism i’m aware of to send any payloads back to the host client for arbitrary execution.

The thing is ssh is a protocol and it’s implementation is not going to be identical across clients.

So if you found a bug in an ssh client that allowed for this your hypothetical attack vector would only work on intruders using that broken client. ssh is one of the most scrutinized protocols there are and you should be a hero if you found this bug. what you’re asking for, if it were as easy as you might hope, well ssh wouldn’t be the ubiquitous security connection protocol if it were simple like that right?

chingadera@lemmy.world · 2 days ago

Very true. Thanks for the education. SSH to me is just magic portal that lets me talk to my server in my closet lmao

sprite0@sh.itjust.works · 2 days ago

it’s a fun thought experiment as it’s a very complex protocol

chingadera@lemmy.world · 2 days ago

I kind of figured it would be a shot in the dark, some scripting could definitely be done to assess that, and even run code per major OS depending on some automated recon.

Let’s say you’ve got that figured out, and the user is running putty on windows as an administrator. Is there anything that could take advantage of that fact?

I feel like this would be way easier/more feasible to run a script on your own machine as a defensive measure like OC mentioned early, but just more asking our of curiosity. I’m not skilled enough to even imagine what to do with this or write it, but I am fascinated by security stuff.