bhdresh / dejavu Goto Github PK
View Code? Open in Web Editor NEWDejaVU - Open Source Deception Framework
Home Page: https://www.camolabs.io
License: Other
DejaVU - Open Source Deception Framework
Home Page: https://www.camolabs.io
License: Other
The script generated by the HoneyHash functionality injects the wrong password into memory when the password provided contains characters considered significant by Powershell, such as a "$"
For example, providing the following input into DejaVu:
Produces the following from mimikatz:
The underlying cause seems to be that the password in the script is enclosed by double-quotes ("P@$$WORD!123"), when it really should be single-quotes ('P@$$WORD!123')
Hey, i am running into some new wierd issues.
I've got single vlan interface setup working but its not very feasible since we got a lot of vlans, so i am trying out the trunk option. I'm am trying a few different options now which involves making the incoming interface a trunk port and tag all the vlans, but Dejavu aint seeing the vlans. I've tried it as a edge port and tag all the vlans but Dejavus doesn't see our vlans still, tried with reboots of host and vm's but no luck. Have been looking for documentation on this but can't find any. I've been looking at the virtualbox documentation on this but it doesn't help.
Am i missing something in my setup?
When changing time zone to any time zone or using any NTP you get error message "wrong timezone"
Framework/Tool is published here: Beta V9
the link Beta V9 is 404 error ć
thanks for fix
If an attack occurs, it would be great if we could send an custom API call to a third party NAC device. Simple details like attacker IP address.
This is a great product. Keep up the good work!
I can't complete the registeration however i can login to the console ssh
(1) when i load https://192.168.56.109/ --> redirects to https://192.168.56.109/Decoify/loginView.php
(2) i tried to load https://192.168.56.109/Decoify/registerView.php mannually
(3) I fill all fields and click "get started" to redirect to loginView.php again
(4) loginView.php always give "invalid username/passwor"
Hello,
i use version 11 and want to upgrade to the newst. I have downloaded the upgrade.zip (11->12) and use the function "settings -> Backup&Upgrade -> Upgrade" I select the upgrade.zip on Dejavu engine and click "Upgrade Dejavu Enngine". I do the same on the
Dejavu Console and wait about 30 Min. Then i reboot the Engine and the Console and booth are always shows version 11.
What make i wrong?
It is possible to upgrade from version 11 directly to version 14?
With friendly Regards
Mathias
The user interface (updateSettingsView.php
) states that SMTP credentials are optional, however alert emails are not sent if authentication is not used. Upon looking at mailAlert.php
we find the following code:
if($hostname && $username && $password){
//Create a new PHPMailer instance
$mail = new PHPMailer;
$mail->isSMTP();
//Enable SMTP debugging
$mail->SMTPDebug = 2;
$mail->Host = $hostname;
$mail->Port = 25;
...
This if statement is not followed by and else/else if statement - therefore, the process to create and send an email is only started when a username and password are provided. I confirmed that this was causing the issue by removing && $username && $password
from the conditional statement, and which point I started getting email alerts as expected.
He there, is project alive?
The Add Decoy to Domain function produces an erroneous ps1 command.
Generating an Add Decoy to Domain script for a domain called TestDomain.local and a decoy called SMBDecoy produces the following Powershell script:
Import-Module ActiveDirectory
New-ADComputer -Name SMBtest -DNSHostName SMBtest.TestDomain.local
dnscmd /recordadd TestDomain.local SMBtest A 192.168.215.43
dnscmd /recordadd 215.168.192.in-addr.arpa 43 PTR SMBtest.TestDomain.local
Running this on the Domain Controller produces an error saying that the domain doesn't exist. This is because the name of the domain is missing from the last line of the script. The last line should instead read:
dnscmd /recordadd TestDomain.local 215.168.192.in-addr.arpa 43 PTR SMBtest.TestDomain.local
Hi,
First of all, I would like to echo the sentiments of others that this is a great tool! I am just curious if it is being actively maintained?
Looking for how to use authentication with smtp for alerts, i've found (it seems) that it is currently not implemented, yet it apparently was at a time.
Am I right in this assumption ? If yes, is it to be introduced again, and is there a temporary solution that I can use ?
Thank you for this solution that works like a charm otherwise ! Waiting for your response.
Deployed decoys and they trigger alerts but do not respond to pings, ssh traffic or web traffic. I can see attackers in logs but from an attackers view the nmap scans are dead
Hi guys. Please help me.
How to shedule esxi older snapshot remove. No option on vcenter.
Hi guys, i have been trying VMware since my experience with Virtualbox didn't work out. I couldn't reply on the question if VMware worked out for me the last time, sorry for that.
I am now having some issues with Vmware though. I have followed the instructions for vmware esx and all looks great after the installations of both the console and the engine. I am now having difficulties reaching the default ip address. From my Virtualbox experience i could access those ip addresses from the local machine where virtualbox was running on and finish the configuration. Under VMware i'm struggling to figure out where things are failing. I am sure i am missing something in Vmware to somehow enable access to the default network those vm's start in.
regards,
Lennart
Hi, I would like to integrate console to SIEM.
What is the path of attack logs and raw logs . I can read logs via ssh
By the way. You are awesome guys.
Love it !!1
I've downloaded both VDI and VMDK image, and it has same issue, the registration page isn't working. Please check it.
I follow the instruction video, and wondering why every time I register my account, it doesn't show any notification such as "User registered! Please login". Turns out I can only login with admin:admin.
Hi
where is php command for call getopt() function in mailAlert.php?
During my testing of this tool we noticed that if the system attempts to vMotion from one host to another, it corrupted the vmdk. We were able to fix that corruption, but any time we see this system try to vMotion, it crashes the system. Any thoughts?
i have trouble from instalation
I am following the setup video, and when I browse to the web interface for the first time it presents me with the login page, rather than the setup page. I attempted to manually browse to the setup page, which does not work either.
I have not noticed anywhere that we can add additional users to the platform (unless I am missing something)
Thanks!
The Kerberoast HoneyAccount functionality produces an erroneous PowerShell script. Generating a script with a service name of "RealService" and an SPN Name of RealSPN produced the following script:
Import-Module ActiveDirectory New-ADUser -Name "RealService" -SamAccountName "RealService" -DisplayName "RealService" -ServicePrincipalNames "RealSPN" -AccountPassword (ConvertTo-SecureString "FRPoc2oCIQ)CbOpw#1I$C%5qsnJ6Sv" -AsPlainText -Force) -Enabled $True -GivenName "RealService" -PasswordNeverExpires $True
Running this script in PowerShell resulted in errors. I was able to fix the errors and successfully achieve creating of the service account by replacing -ServicePrinicalName "RealSPN"
with REAL/RealSPN.TestDomain.local
I also added -UserPrincipalName [email protected]
, but I don't know if that was necessary.
Can you update sql command to create database
Hi, first off, great tool/platform, very appriciated!
I do have some weird saving issue, i am receiving a view false positives and i want to filter them out using multiple match criteria, but unfortunately its not saving the additional match criteria, am i doing something wrong or is this a bug?
regards and keep up the good work!
Lennart
hi the dev team,
thxx a lot for this great tool, i have few questions for you if you don t mind:
before i ve used open canary, you install this sort of honeypot on rpi, and plug it here and there on your network. Because i have like 150 different offices, it require a bit of organisation.
In the dashboard, i guess what i used to have on a rpi is what is called a client decoy, right?
if my dejavu server is on 192.168.56.102 how do you proceed to "deploy" decoy on other ip range?
i ve added a decoy client in the same ip range than the pc hosting the vm, can t reach it, doesn t work.
Can i from a single vm deploy virtual decoy on all my subnet?
thank you for your time, truelly appreciate.
Hello, Dejavu Deception framework is working nice but do you guys building some quick start quide or some manual for this.? so why am I asking this cuz need some information how is working, how services are working etc ..
Couldn't find any in docs.
btw, is there a documentation besides installation pdf's?
After setting up VMs from the links in email, there is the following error when navigating to IP address hosting the Console for first time.
My colleague who set this up mentioned:
Couple things I did: I changed networking to get IP addresses from dhcp and modified apache2 config to listen on all IP addresses (there were hardcoded IPs from manuals before)
Not sure if either is causing the "No such file" error.
https://camolabs.io site is down, Please fix it. I can not download .vmdk file
Dear Experts, I have deployed Dejavu on my LAN which is not connected to internet. Everything is working and I am getting logs on console, but attack graph is not visible. How I can view attack graph?
Hello,
I am trying to install your Console and Engine VDI file. I have successfully downloaded the Console VDI file, But i am unable to download the Engine VDI file. I have noticed that it gives out an error after 1.5-2GB download completed. I have tried from multiple devices and multiple internet connections, but i get the same error Please help.
Has anyone done it?
Any difficulties\hints?
While testing your solution we detected some misconfigurations in decoys? (RDP, SMB decoys). Where I can find their configs to change that?
We have a few systems (Zabbix, Tenable.SC, etc. that will scan the network and I see those triggering alerts. Is there a way to configure this to ignore these known systems so it does not trigger an alert?
TIA
Hello, @bhdresh I received the email to download Preconfigured images
I look forward to reviewing your product, it's certainly something I have been looking for and really like what you have done.
However, I have a question
Thank you
Thanks for your project. While reviewing it for the security tools section on our website, I couldn't find the license. Can you add one?
Hey guys how to reset the password and username of dejavu console dashboard
Is it possible to change default IP during installation process?
Hi,
firstly like to say that i am glad i got things running, the vlan tagging is working perfectly with Hypver-V. Looking forward to finally settings this up at work in production.
I remember settings this up on my test server at work using the production smtp server on port 25, and this worked. Now i am testing it in my home lab using the gmail smtp server on poort 587 and smtp.gmail.com but this doesn't seem to be working. Is this a known issue?
regards,
Lennart
Hi
Looks like upgrade file is missing is releases section
ps:thanks for awesome work!
Hi
I made an installation, guided by pdf
when i configure a new decoy.. i can ping briefly for a few seconds.. but after that.. iĀ“m not able to ping
but, inside the engine console.. i can ping the decoys...
if I reboot the appliance engine.. i get the same scenario.. ping 3 or for times after the reboot.. and dies again
any ideas ?
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.
The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
That's all, this message is just to notify you if you care.
When I boot up the VM it's taking me to the login screen. I've tried root/root and root/toor but they didn't work. I also bridged the adapters, but I cannot get a connection to either one.
I converted the VMware disk images to VHDX and set up a test lab in Hyper-V. The images boot and work to some extent, but not completely. In essence, the engine can receive incoming packets from the virtual switch on eth1, but nothing goes out to the virtual switch from the engine.
I presume this has something to do with interface virtual1000 on the engine being in promiscuous mode. Is there any way around this, or do I need to keep looking for alternatives that work in Hyper-V?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ššš
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ā¤ļø Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.