How to setup AD Honeypot Autodeploy

An except from my dissertation around deploying AD Honeypot Autodeploy

21/08/2022

This software required 12GB of memory, 8CPU cores and 100GB of storage which were provided via the virtual machine. The software was installed on Ubuntu 20.04.3 Desktop and virtualisation was enabled for the virtual machine prior to booting. To install the software, the following steps were taken. An important prerequisite was to download a copy of a Windows 10 ISO file as the software could not do that automatically like the other ISO files it uses.

DISCLAIMER

Is this best practice for setting up a honeypot? No. I would NOT recommend running this script outside of a secure, virtualized environment. In this form, it is also detectable as a honeypot, as I outlined in my dissertation. I am not responsible for you using this guide to deploy an insecure honeypot and getting yourself into trouble.

Packer

1. Other required software was first installed using the following command:

sudo apt install git vim p7zip-full curl qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils xsltproc pwgen whois python3.8-venv

2. Then the software was installed from the GitHub repository using the following command:

git clone https://github.com/tothi/ad-honeypot-autodeploy.git

3. Change into the newly installed directory and run the 'init-passwords.sh' script. All passwords were set to '!Password123' to meet password requirements.

cd ad-honeypot-autodeploy && ./init-passwords.sh

4. Move into the 'packer' directory and run the 'get-virtio.sh' script.

cd packer && ./get-virtio.sh

5. Copy of the previously downloaded Windows 10 ISO file into the ISO directory and rename it to 'Win10_21H2_EnglishInternational_x64.iso' 6. Download GeoList2-City.mmb and place it in the resource's directory, (MaxMind, 2022). 7. Run the below commands to install packer.

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb\_release -cs) main" sudo apt-get update && sudo apt-get install packer

8. Run the 'packer-build-all.sh' script.

./packer-build-all.sh

Terraform

1. Install terraform using this command:

sudo apt install terraform

2. Edit the qemu.conf file to fix an issue faced during this research by following these steps.

sudo vim /etc/libvirt/qemu.conf Uncomment 'security_driver = 'none''

3. Change into the terraform directory

cd ../terraform

4. Initiate and apply the terraform build. This may take sometime.

terraform init terraform apply

Ansible

1. Change into the Ansible directory

cd ../ansible

2. Run the following commands:

python3 -m venv venv

. ./venv/bin/activate

pip3 install -r requirements.txt

pip wheel install ansible pywinrm faker

3. Finally deploy the ansible configuration. This step may take a while.

ansible-playbook -i hosts setup-domain.yml -v

The honeypot is now ready to be used. To make it accessible to the attacker's machine, the following commands were run: