今天给大家介绍的是一款名叫 Swap Digger 的工具, 大家可以利用这款工具自动化搜索并提取 Linux 用户凭证, web 表单凭证, Web 表单邮件, HTTP 认证数据, Wi-Fi SSID 和密钥等等.
Swap_Digger 是一个 Bash 脚本, 它可以自动对目标 Linux 系统进行数据提取和分析, 它不仅能给取证人员提供数据支持, 而且还能给渗透测试人员提供后渗透阶段所需的信息.
下载并运行工具
在本地主机上打开命令行终端, 输入下列命令下载并运行 Swap_Digger 脚本:
- alice@1nvuln3r4bl3:~$Git clone https://github.com/sevagas/swap_digger.git
- alice@1nvuln3r4bl3:~$cd swap_digger
- alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
- alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -v
在加载的硬盘驱动器上, 首先使用下列命令下载脚本:
- alice@1nvuln3r4bl3:~$Git clone https://github.com/sevagas/swap_digger.git
- alice@1nvuln3r4bl3:~$cd swap_digger
- alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
接下来, 寻找目标 swap 文件 / 分区:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -S
最后, 运行下列命令对目标进行分析:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx -r path/to/mounted/target/root/fs -spath/to/target/swap/device
在第三方设备上, 使用下列命令下载并运行脚本 (可用于渗透测试和 CTF):
- alice@1nvuln3r4bl3:~$wget
- alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
- alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx
简单运行
如果你只需要恢复出 Linux 用户的明文密码, 可以直接运行下列命令:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh
可用选项
- ./swap_digger.sh[ OPTIONS ]
- Options :
- -x, --extended Run Extended tests on the target swap toretrieve other interesting data
- (Web passwords, emails, Wi-Fi creds,most accessed urls, etc)
- -g, --guessing Try to guess potential passwords based onobservations and stats
- Warning: This option is not reliable,it may dig more passwords as well as hundreds false positives.
- -h, --help Display this help.
- -v, --verbose Verbose mode.
- -l, --log Log all outputs in a log file(protected inside the generated working directory).
- -c, --clean Automatically erase the generatedworking directory at end of script (will also remove log file)
- -r PATH, --root-path=PATH Location of the target file-system root(default value is /)
- Change this value for forensic analysiswhen target is a mounted file system.
- This option has to be used along the -s option to indicate pathto swap device.
- -s PATH, --swap-path=PATH Location of swap device or swap dump toanalyse
- Use this option for forensic/remoteanalysis of a swap dump or a mounted external swap partition.
- This option should be used with the -roption where at least /<root-path>/etc/shadow exists.
- -S, --swap-search Search for all available swap devices (usefor forensics).
来源: http://www.tuicool.com/articles/ZfIzMfm