This guide explains how to test your ShadowLure honeypot using a second machine (like a VM) as the attacker.
- Your Target Machine: The Windows computer where ShadowLure is running.
- Your Attacker Machine: Your Arch Linux VM.
The attacker needs the target's address.
- On your Windows machine, open a Command Prompt (cmd).
- Run this command:
ipconfig
- Find the IPv4 Address (e.g.,
192.168.1.15). This is your Target IP.
Switch to your Arch Linux VM and open a terminal. Use the Target IP you just found in the commands below.
(Remember to replace YOUR_WINDOWS_IP with the real IP address)
ftp YOUR_WINDOWS_IP 21- At the
ftp>prompt, type the following commands, pressing Enter after each one:user admin(or any fake username)pass password123(or any fake password)
- The honeypot will log these credentials and then disconnect you.
Method 1: Web Browser (Recommended)
- Open a web browser on your Arch Linux VM.
- Navigate to
http://YOUR_WINDOWS_IP. - You will see a fake "System Login" page.
- Enter a fake username (e.g.,
root) and password (e.g.,12345) and click the Login button. - The honeypot will log the credentials you submitted.
Method 2: Terminal (using curl)
# This command simulates submitting the login form
curl -X POST -d "username=root&password=12345" http://YOUR_WINDOWS_IP- This will send the login data directly to the honeypot, which will be recorded in the log.
ssh fakeuser@YOUR_WINDOWS_IP -p 22- The honeypot will ask for a password. Type anything. The attempt will be logged.
After launching the attacks, check the results on your Windows machine.
- The Running ShadowLure Terminal: You will see live log output for each connection you made.
- The
shadowlure.logFile: Open this file in a text editor. It will contain a permanent, timestamped record of every attack, including the IP address of your Arch Linux VM and any credentials you used.
This process validates that your honeypot is successfully detecting and logging unauthorized activity on your network.