From webshell to sniff for linux

[Thank you!]

I haven't done it for a long time. I forgot how to perform sniff in linux.

I got a webshell and it is a linux machine. I want to try sniffing his intranet database server.

So with this article!

First, use backshell to bring back a SHELL to the local device.

I used the back. pl from xi4oyu.

Then, run python-c import pty; pty. spawn ("/bin/sh ").

Let the SHELL that pops up support the TTY environment.

Next we will install the sniff environment for sniffing.

The following tools are used:

Berkeley_db-4.6.21.NC.tar.gz

Libpcap-1.0.0 (Note: http://www.tcpdump.org/release/libpcap-1.0.0.tar.gz or directly installed with yum)

Krb5-libs-1.2.7-10.i386.rpm

Krb5-devel-1.2.7-10.i386.rpm

Dsniff2.3.tar.gz (Note: Or: ftp://rpmfind.net/linux/epel/5/x86_64/dsniff-2.4-0.3.b1.el5.x86_64.rpm)

Other software packages

Libnids-1.16.tar.gz [small

Libnet-1.0.2a.tar.gz

Note: The key to successful dsniff installation is the version of the software package. if the version is too high, there may be compatibility issues and many problems. We recommend that you use the software package of the above version.

Installation steps:

1. Install openssl

Rpm-ivh openssl-0.9.7a-2.i386.rpm

Rpm-ivh openssl-devel-0.9.7a-2.i386.rpm

If openssl-0.9.7i.tar.gz is a software package, it must be compiled before installation.

Copy openssl-0.9.7i.tar.gz to the/tmp directory,

Tar zxvf openssl-0.9.7i.tar.gz

Cd openssl-0.9.7i

./Configure -- prefix =/usr/local

Make

Make install

2. Install libpcap

Download the libpcap-1.0.0.tar.gz package to the/tmp directory,

Tar zxvf libpcap-1.0.0.tar.gz

Cd libpcap-1.0.0

./Configure -- prefix =/usr/local & make install

3. Install db4 (berkeley_db) and krb5-libs, krb5-devel

Rpm-ivh db4-4.0.14-20.i386.rpm

Rpm-ivh db4-devel-4.0.14-20.i386.rpm

Rpm-ivh krb5-libs-1.2.7-10.i386.rpm

Rpm-ivh krb5-devel-1.2.7-10.i386.rpm

If you use the berkeley_db-4.6.21.nc.tar.gzsoftware package, copy the berkeley_db-4.6.21.nc.tar.gz package to the/tmp directory,

Tar zxvf berkeley_db-4.6.21.NC

Cd berkeley_db-4.6.21.NC/build_unix/

../Dist/configure-prefix =/usr/local/BerkeleyDB & make install

4. Install libnet

Tar zxvf libnet-1.0.2a.tar.gz

Cd Libnet-1.0.2a

./Configure -- prefix =/usr/local & make install

5. Install Libnids

Tar zxvf libnids-1.16.tar.gz

Cd libnids-1.16

./Configure -- prefix =/usr/local & make install

RPM installation:

Rpm-Uvh libnids-1.23-1.el5.x86_64.rpm

After installation, you can use RPM to view: rpm-ql libnids

6. Install dsniff

Set the two environment variables $ PKG_CONFIG_PATH and $ LD_LIBRARY_PATH before installing dsniff;

Export PKG_CONFIG_PATH =/usr/local/lib/pkgconfig: $ PKG_CONFIG_PATH

Export LD_LIBRARY_PATH =/usr/local/lib: $ LD_LIBRARY_PATH

Run the following command to check whether the usr/local/lib/pkgconfig and usr/local/lib paths are set in the PKG_CONFIG_PATH and LD_LIBRARY_PATH environment variables respectively:

Echo $ PKG_CONFIG_PATH

Echo $ LD_LIBRARY_PATH

(Note: To set the specific usage of these two environment variables, refer to my articles ld. so. conf and PKG_CONFIG_PATH variables)

Install dsniff

CFLAGS =-I/usr/kerberos/include./configure & make install

 

After the installation is successful, dsniff puts the tool into usr/local/sbin by default.

Or use RPM to directly install:

Rpm-ihv dsniff-2.4-0.3.b1.el5.x86_64.rpm

You can install it directly!