[sh2log]Linux键盘记录 keylogger notes
亿网不仅可以记录到击键信息,而且包括终端下的输出信息
| 1 2 3 4 5 6 7 8 9 10 11 12 | [ root @ Centos log ] # wget http://www.trustauth.cn/exp/Linux/sh2log-1.0.tgz — 2013 – 01 – 07 05 : 16 : 56 — http : //www.trustauth.cn/exp/Linux/sh2log-1.0.tgz Resolving packetstorm . foofus . com . . . 64.71.188.242 Connecting to packetstorm . foofus . com | 64.71.188.242 | : 80… connected . HTTP request sent , awaiting response . . . 200 OK Length : 80240 ( 78K ) Saving to : ` sh2log – 1.0.tgz ‘ 100%[=====================================================================================>] 80,240 57.2K/s in 1.4s 2013-01-07 05:16:58 (57.2 KB/s) – `sh2log-1.0.tgz’ saved [ 80240 / 80240 ] [ root @ Centos log ] # tar xf sh2log-1.0.tgz [ root @ Centos log ] # cd sh2log-1.0 [ root @ Centos sh2log – 1.0 ] # |
编译选项
| 1 2 3 4 5 6 7 8 9 10 11 | [ root @ Centos sh2log – 1.0 ] # make Please specify the target : make linux make freebsd make openbsd make cygwin make sunos make irix make hpux make aix make osf |
如下:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [ root @ Centos sh2log – 1.0 ] # make linux gcc – g – W – Wall – o sh2log rc4 . c sha1 . c sh2log . c – lutil – DLINUX gcc – g – W – Wall – o sh2logd rc4 . c sha1 . c sh2logd . c gcc – g – W – Wall – o parser rc4 . c sha1 . c parser . c – lX11 – L / usr / X11R6 / lib parser . c : 35 : 22 : error : X11 / Xlib . h : No such file or directory parser . c : In function ‘ main’ : parser . c : 291 : error : ‘ Display’ undeclared ( first use in this function ) parser . c : 291 : error : ( Each undeclared identifier is reported only once parser . c : 291 : error : for each function it appears in . ) parser . c : 291 : error : ‘ dpi’ undeclared ( first use in this function ) parser . c : 292 : error : ‘ Window’ undeclared ( first use in this function ) parser . c : 292 : error : expected ‘ ;’ before ‘ wnd’ parser . c : 293 : error : ‘ XWindowAttributes’ undeclared ( first use in this function ) parser . c : 293 : error : expected ‘ ;’ before ‘ xwa’ parser . c : 515 : warning : implicit declaration of function ‘ XOpenDisplay’ parser . c : 522 : error : ‘ wnd’ undeclared ( first use in this function ) parser . c : 524 : warning : implicit declaration of function ‘ XSetWindowBorderWidth’ parser . c : 525 : warning : implicit declaration of function ‘ XSync’ parser . c : 525 : error : ‘ False’ undeclared ( first use in this function ) parser . c : 526 : warning : implicit declaration of function ‘ XGetWindowAttributes’ parser . c : 526 : error : ‘ xwa’ undeclared ( first use in this function ) parser . c : 714 : warning : implicit declaration of function ‘ XMoveResizeWindow’ parser . c : 772 : warning : implicit declaration of function ‘ XCloseDisplay’ make : * * * [ linux ] Error 1 |
错误:
| 1 | parser . c : 35 : 22 : error : X11 / Xlib . h : No such file or directory |
安装X11
| 1 | [ root @ Centos sh2log – 1.0 ] # yum install libX11-devel |
再编译:
| 1 2 3 4 | [ root @ Centos sh2log – 1.0 ] # make linux gcc – g – W – Wall – o sh2log rc4 . c sha1 . c sh2log . c – lutil – DLINUX gcc – g – W – Wall – o sh2logd rc4 . c sha1 . c sh2logd . c gcc – g – W – Wall – o parser rc4 . c sha1 . c parser . c – lX11 – L / usr / X11R6 / lib |
先删除演示:
| 1 | [ root @ Centos sh2log – 1.0 ] # rm test.bin |
配置:
| 1 2 3 4 5 6 7 8 9 10 11 | [ root @ Centos sh2log – 1.0 ] # mkdir /bin/shells/ [ root @ Centos sh2log – 1.0 ] # cp -p /bin/sh /bin/shells/ [ root @ Centos sh2log – 1.0 ] # cp -p /bin/bash /bin/shells/ [ root @ Centos sh2log – 1.0 ] # rm -rf /bin/sh /bin/bash [ root @ Centos sh2log – 1.0 ] # cp -p sh2log /bin/sh [ root @ Centos sh2log – 1.0 ] # cp -p sh2log /bin/bash [ root @ Centos sh2log – 1.0 ] # ./sh2logd [ root @ Centos sh2log – 1.0 ] # ps -ef | grep sh2logd root 27151 1 0 05 : 24 ? 00 : 00 : 00 . / sh2logd root 27175 26396 0 05 : 24 pts / 3 00 : 00 : 00 grep sh2logd [ root @ Centos sh2log – 1.0 ] # |
发现sh2logd 已经启动了 当前目录下生成了以时间命名的BIN文件
| 1 | – rw — — — – 1 root root 0 Jan 7 05 : 24 sh2log – 20130107 – 052402.bin |
查看记录
先打开个终端操作以下:
| 1 2 3 4 5 6 7 8 9 10 | [ root @ Centos log ] # bash [ root @ Centos log ] # ls -la total 112 drwxr – xr – x 3 root root 4096 Jan 7 05 : 17 . drwxrwxrwt 17 root root 4096 Jan 7 05 : 18 . . drwxr – xr – x 2 root root 4096 Jan 7 05 : 24 sh2log – 1.0 – rw – r — r — 1 root root 80240 Nov 8 2006 sh2log – 1.0.tgz [ root @ Centos log ] # pwd / tmp / log [ root @ Centos log ] # |
查看日志:
| 1 2 3 4 5 6 7 8 9 10 | [ root @ Centos sh2log – 1.0 ] # ./parser sh2log-20130107-052402.bin SID SOURCE IP UID PID START DATE END DATE DURATION 1 [ 127.0.0.1 ] 0 ( 27293 ) 07 / 01 05 : 25 | 07 / 01 05 : 25 X 03s 2 [ 127.0.0.1 ] 0 ( 27407 ) 07 / 01 05 : 26 | 07 / 01 05 : 26 X 02s In interactive mode , use Enter to fast forward , Space to pause and q to quit . Note that xterm is required for window resizing . Session ID -> 2 Interactive mode ( y / n ) ? n 07 / 01 05 : 26 : 53 -> ls – la 07 / 01 05 : 26 : 53 -> pwd |
文章转载来自:trustauth.cn