切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
391 sh2log shell操作记录 CENTOS[复制链接]
发表于 2013-1-11 00:21:34 | 显示全部楼层 |!read_mode!
不仅可以记录到击键信息,而且包括终端下的输出信息


  1. [root@Centos log]# wget http://packetstorm.foofus.com/UNIX/loggers/sh2log-1.0.tgz
  2. --2013-01-07 05:16:56--  http://packetstorm.foofus.com/UNIX/loggers/sh2log-1.0.tgz
  3. Resolving packetstorm.foofus.com... 64.71.188.242
  4. Connecting to packetstorm.foofus.com|64.71.188.242|:80... connected.
  5. HTTP request sent, awaiting response... 200 OK
  6. Length: 80240 (78K) [text/plain]
  7. Saving to: `sh2log-1.0.tgz'

  8. 100%[=====================================================================================>] 80,240      57.2K/s   in 1.4s   

  9. 2013-01-07 05:16:58 (57.2 KB/s) - `sh2log-1.0.tgz' saved [80240/80240]

  10. [root@Centos log]# tar xf sh2log-1.0.tgz
  11. [root@Centos log]# cd sh2log-1.0
  12. [root@Centos sh2log-1.0]#
复制代码


编译选项


  1. [root@Centos sh2log-1.0]# make

  2. Please specify the target:

  3.         make linux
  4.         make freebsd
  5.         make openbsd
  6.         make cygwin
  7.         make sunos
  8.         make irix
  9.         make hpux
  10.         make aix
  11.         make osf
复制代码


如下


  1. [root@Centos sh2log-1.0]# make linux
  2. gcc -g -W -Wall -o sh2log  rc4.c sha1.c sh2log.c -lutil -DLINUX
  3. gcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.c
  4. gcc -g -W -Wall -o parser  rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/lib
  5. parser.c:35:22: error: X11/Xlib.h: No such file or directory
  6. parser.c: In function ‘main’:
  7. parser.c:291: error: ‘Display’ undeclared (first use in this function)
  8. parser.c:291: error: (Each undeclared identifier is reported only once
  9. parser.c:291: error: for each function it appears in.)
  10. parser.c:291: error: ‘dpi’ undeclared (first use in this function)
  11. parser.c:292: error: ‘Window’ undeclared (first use in this function)
  12. parser.c:292: error: expected ‘;’ before ‘wnd’
  13. parser.c:293: error: ‘XWindowAttributes’ undeclared (first use in this function)
  14. parser.c:293: error: expected ‘;’ before ‘xwa’
  15. parser.c:515: warning: implicit declaration of function ‘XOpenDisplay’
  16. parser.c:522: error: ‘wnd’ undeclared (first use in this function)
  17. parser.c:524: warning: implicit declaration of function ‘XSetWindowBorderWidth’
  18. parser.c:525: warning: implicit declaration of function ‘XSync’
  19. parser.c:525: error: ‘False’ undeclared (first use in this function)
  20. parser.c:526: warning: implicit declaration of function ‘XGetWindowAttributes’
  21. parser.c:526: error: ‘xwa’ undeclared (first use in this function)
  22. parser.c:714: warning: implicit declaration of function ‘XMoveResizeWindow’
  23. parser.c:772: warning: implicit declaration of function ‘XCloseDisplay’
  24. make: *** [linux] Error 1
复制代码


错误:


  1. parser.c:35:22: error: X11/Xlib.h: No such file or directory
复制代码


安装X11


  1. [root@Centos sh2log-1.0]# yum install libX11-devel
复制代码


在编译


  1. [root@Centos sh2log-1.0]# make linux
  2. gcc -g -W -Wall -o sh2log  rc4.c sha1.c sh2log.c -lutil -DLINUX
  3. gcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.c
  4. gcc -g -W -Wall -o parser  rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/lib
复制代码


先删除演示


  1. [root@Centos sh2log-1.0]# rm test.bin
复制代码


配置


  1. [root@Centos sh2log-1.0]# mkdir /bin/shells/
  2. [root@Centos sh2log-1.0]# cp -p /bin/sh /bin/shells/
  3. [root@Centos sh2log-1.0]# cp -p /bin/bash /bin/shells/
  4. [root@Centos sh2log-1.0]# rm -rf /bin/sh /bin/bash
  5. [root@Centos sh2log-1.0]# cp -p sh2log /bin/sh
  6. [root@Centos sh2log-1.0]# cp -p sh2log /bin/bash
  7. [root@Centos sh2log-1.0]# ./sh2logd
  8. [root@Centos sh2log-1.0]# ps -ef | grep sh2logd
  9. root     27151     1  0 05:24 ?        00:00:00 ./sh2logd
  10. root     27175 26396  0 05:24 pts/3    00:00:00 grep sh2logd
  11. [root@Centos sh2log-1.0]#
复制代码


发现sh2logd 已经启动了 当前目录下生成了以时间命名的BIN文件


  1. -rw------- 1 root root     0 Jan  7 05:24 sh2log-20130107-052402.bin
复制代码


查看记录
先打开个终端操作以下


  1. [root@Centos log]# bash
  2. [root@Centos log]# ls -la
  3. total 112
  4. drwxr-xr-x  3 root root  4096 Jan  7 05:17 .
  5. drwxrwxrwt 17 root root  4096 Jan  7 05:18 ..
  6. drwxr-xr-x  2 root root  4096 Jan  7 05:24 sh2log-1.0
  7. -rw-r--r--  1 root root 80240 Nov  8  2006 sh2log-1.0.tgz
  8. [root@Centos log]# pwd
  9. /tmp/log
  10. [root@Centos log]#
复制代码


查看日志


  1. [root@Centos sh2log-1.0]# ./parser sh2log-20130107-052402.bin

  2. SID        SOURCE IP    UID    PID    START DATE      END DATE      DURATION

  3.    1       [127.0.0.1]     0 (27293)  07/01 05:25 | 07/01 05:25  X        03s
  4.    2       [127.0.0.1]     0 (27407)  07/01 05:26 | 07/01 05:26  X        02s

  5. In interactive mode, use Enter to fast forward, Space to pause and q to quit.
  6. Note that xterm is required for window resizing.

  7. Session ID -> 2

  8. Interactive mode (y/n) ? n

  9. 07/01 05:26:53 -> ls -la
  10. 07/01 05:26:53 -> pwd
复制代码






附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2019-11-17 08:38

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部