Project URL: https://youtu.be/02IKZfKWh-g

Table of Contents

1. Introduction
2. System Requirements
3. Setting Up VirtualBox
4. Installing Cowrie Honeypot
5. Network Configuration
6. Accessing and Monitoring Cowrie
7. Conclusion

 

1. Introduction

1.1 What is Cowrie Honeypot?

Cowrie is a medium to high-interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by attackers. It emulates a vulnerable Linux system, attracting attackers and capturing their activities for analysis.

1.2 Purpose of this Documentation

This documentation provides a step-by-step guide on setting up Cowrie Honeypot on two virtual machines within VirtualBox. The setup involves creating a virtual network for communication and monitoring the activities of attackers on a emulated system.

 

2. System Requirements

2.1 Hardware Requirements

• Host machine with sufficient RAM and CPU for running VirtualBox and multiple virtual machines.

• Stable internet connection for downloading software and updates.

2.2 Software Requirements

• VirtualBox: Download VirtualBox
• Cowrie Honeypot: Cowrie GitHub Repository

 

3. Setting Up VirtualBox

3.1 Installing VirtualBox

1. Download and install VirtualBox following the installation wizard.

2. Open VirtualBox and create a new virtual machine for each Cowrie instance. Ensure that you have selected a Linux distribution as the guest OS.

3.2 Creating Virtual Machines

1. Configure the virtual machines with at least 512MB RAM, 1 CPU, and a virtual hard disk of 10GB.

2. Attach the Cowrie ISO image to each virtual machine to install the operating system.

3. Clone the virtual machine to create a second instance.

4. Ensure that both virtual machines are configured with bridged networking for communication.

 

4. Installing Cowrie Honeypot

4.1 Downloading Cowrie

1. On each virtual machine, clone or download the Cowrie repository from GitHub.

                           "git clone https://github.com/cowrie/cowrie.git"

4.2 Configuring Cowrie

1. Navigate to the Cowrie directory and copy the cowrie.cfg.dist file to cowrie.cfg.

                         "cd cowrie cp cowrie.cfg.dist cowrie.cfg"

             2. Open cowrie.cfg in a text editor and configure the settings according to your preferences.

4.3 Starting Cowrie

1. Start Cowrie on each virtual machine using the following command:

                        "./start.sh"

          Cowrie will begin listening for SSH and Telnet connections on the configured ports.

 

5. Network Configuration

5.1 Configuring Networking in VirtualBox

1. In VirtualBox, create a new internal network:

1. • Go to "File" > "Host Network Manager."

   • Click on "Create."

   • Name it (e.g., internal-net) and set DHCP to disabled.

 

             2. Assign the internal network to both virtual machines:

1. • Go to each virtual machine's settings.

   • Add a new network adapter and select "Internal Network."

   • Choose the network you created (internal-net).

5.2 Configuring Cowrie Networking

1. Open cowrie.cfg on each virtual machine.

2. Configure the LISTEN_ADDR to the IP address assigned by VirtualBox for the internal network.

 

6. Accessing and Monitoring Cowrie

6.1 Accessing Cowrie Console

1. Access the Cowrie console on each virtual machine using SSH:

         "ssh -p <configured_ssh_port> cowrie@<virtual_machine_ip>"

 

             2. Monitor the console for attacker interactions.

6.2 Monitoring Logs

1. Cowrie logs are stored in the cowrie/var/log/ directory. Analyze these logs to understand attacker activities.

7. Conclusion

7.1 Best Practices

• Regularly update Cowrie and the underlying operating system.

• Analyze logs to understand attack patterns and enhance security measures.

7.2 Further Resources

• Cowrie Documentation: Cowrie Documentation

• VirtualBox Documentation: VirtualBox User Manual

This documentation provides a basic setup for a Cowrie Honeypot using VirtualBox. Customize the configuration based on your specific requirements and security considerations.