secureworks / dcept Goto Github PK
View Code? Open in Web Editor NEWA tool for deploying and detecting use of Active Directory honeytokens
Home Page: https://www.secureworks.com/blog/dcept
License: GNU General Public License v3.0
A tool for deploying and detecting use of Active Directory honeytokens
Home Page: https://www.secureworks.com/blog/dcept
License: GNU General Public License v3.0
High CPU usage has been noticed with dcept in docker (master branch). dcep process consumes 100% of CPU core permanently.
root 22540 0.0 0.0 14776 2168 pts/2 S+ 16:36 0:00 grep dcep
root 31237 0.0 0.0 155364 14896 ? Ssl Jun28 0:02 /usr/bin/docker start -a dcept
root 31261 0.0 0.0 20076 2812 pts/1 Ss+ Jun28 0:00 /bin/sh -c cron; /opt/dcept/dcept.py
root 31275 99.9 0.1 224028 24728 pts/1 Sl+ Jun28 45392:56 /usr/bin/python /opt/dcept/dcept.py
Here is strace of dcept process (with children).
when following the instructions
# mcs ht-agent.cs -r:System.Data.dll -r:System.Web.Extensions.dll
ht-agent.cs(11,18): error CS0234: The type or namespace name `Services' does not exist in the namespace `System.Web'. Are you missing `System.Web.Services' assembly reference?
Compilation failed: 1 error(s), 0 warnings
so i tried
# mcs ht-agent.cs -r:System.Data.dll -r:System.Web.Extensions.dll -r:System.Web.Services
and got not error. i guess it builds fine this way, but not tested this yet.
Hi,
I am trying to configure log event forwarding via syslog to remote server. I followed your instructions and changed dcept.cfg file by:
Unfortunately I don't see any syslog message passed to remote server. I confirmed that by running tcpdump on both servers. Is there are anything else that I missed to configure?
The dcept server is running CentOS 7 and rsyslog
thanks,
/*I FOUND THE SOLUTION TO MY PROBLEM IN THE CLOSED ISSUES. SORRY.*/
Hello,
I ran ./docker_build.sh
and got this error:
--2018-03-29 16:57:28-- http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz Resolving www.openwall.com (www.openwall.com)... 195.42.179.202 Connecting to www.openwall.com (www.openwall.com)|195.42.179.202|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-03-29 16:57:28 ERROR 403: Forbidden.
I tried working around this by creating the directory specified in the wget myself :
Step 11/27 : RUN wget -O /tmp/john.tar.gz http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz ---> Running in 60493f8009e5
I created the directory (specified above) and put the tar file in it using FileZilla hoping that it would recognize that the resources are there and skip that step. Instead I ran into the same error.
I also tried adding sudo to each of the commands in the docker_build.sh file (just to see if anything would change) and to no avail.
I'm not sure what else I should try. If anyone could point me in the right direction I would be eternally grateful. ๐
I'm trying to put dcept to work in a setup with 3 virtual machines:
The sniffer gets the pre-authentication timestamp and the cracker enqueues it, but the cracking process is not capable of decrypting with the message "No password hashes loaded", from JtR.
I looked at the faq at http://www.openwall.com/john/doc/FAQ.shtml but can't get it to work.
I'm using the most recent version of dcept cloned from repository (commit 3edb23b).
Am I missing something?
Hi.
Attempting a new install under Debian, ./docker_build.sh fails here:
john-1.8.0-jumbo-1/src/pst_fmt_plug.c
john-1.8.0-jumbo-1/src/missing_getopt.c
gzip: stdin: unexpected end of file
john-1.8.0-jumbo-1/src/rules.c
john-1.8.0-jumbo-1/src/options.c
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
The command '/bin/sh -c mkdir /tmp/john && tar -xvf /tmp/john.tar.gz -C /tmp/john --strip-components=1' returned a non-zero code: 2
`
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.