Re: A kind of Honeypot

[max <max () neuropunks org>]

I have done this in the past, and i suggest you also put up as much
hax0r and system related info  into some directory, accessable only by
you, as a good library (just a failsafe in case the client blocks certain
sites where you would get info/exploits, and for improved archiving - most
security sites are so full of info, it is sometimes hard to find what you
need). Also, write web frontends to some usefull apps, like traceroute,
nmap, etc. Basically, make that site your base of operations on the net,
in case you have to conduct an audit on a system which is almost
completely locked out from the internet, and wont let you save downloaded
files or access to anything besides a web browser, stuff like that (you
can do pentests from internet cafes and libraries this way : ).

hope this helps,

max

On Wed, 20 Jun 2001, Nicolas Gregoire wrote:

> Hi all,
>
> I plan to make a website just for my pen-tests.
>
> This website grabs as much as possible info from the visitors (IP,
> browser, proxy, etc ..), tries to exploit some common vulns of browsers
> (Guninski's page is a good start for this) and hosts a passive
> fingerprinting app.
> The victims are "spammed" with some misc. content (p0rn, free CD/DVD,
> jokes) linking (or redirecting) to the site.
>
> Has anybody ever do that ?
>
> Nicob