Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Honeycreds not sending expected traffic #1

Open
glwallum opened this issue Jul 7, 2021 · 2 comments
Open

Honeycreds not sending expected traffic #1

glwallum opened this issue Jul 7, 2021 · 2 comments

Comments

@glwallum
Copy link

glwallum commented Jul 7, 2021

Environment:
Centos 7 Minimal
Python 3.9.6
smbprotocol 1.5.1
cffi 1.14.5
splunk-sdk 1.6.16
requests 2.25.1

Setup Honeycreds and attempted to test with Responder, did not see any traffic in responder.

Ran TCPdump on host while Honeycreds was running, discovered only DNS traffic being sent. Sample DNS traffic below.

IP xx.xxx.xxx.xxx.37311 > 1xxx.xxx.xxx.xxx53: 2376+ A? sqldev01.emc.com.local
@glwallum
Copy link
Author

Found issue.

  • LLMNR is disabled on certain Linux variants, and possibly not supported in others
  • Specifying an FQDN in the .conf file might throw errors or not correctly trigger LLMNR queries

In my environment, had to enable LLMNR and restart service

  • /etc/systemd/resolved.conf
  • sudo systemctl start systemd-resolved.service

And clear the FQDN entry in honeycreds.conf

  • def_fqdn =

@glwallum glwallum reopened this Jul 22, 2021
@garilla2
Copy link

Product does not work at all for me. Even with your change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glwallum @garilla2