FTP(21端口)

匿名登录

cat /var/log/vsftpd.log | grep 'anonymous'| grep 'PASS <password>'

image-20210908145529547

暴力破解

查看暴力破解记录

1
cat /var/log/vsftpd.log | grep '530'

查看ip尝试次数

1
cat /var/log/vsftpd.log | awk '/530/{print $(NF-3)}' |sort|uniq -c|sort -k 1 -rn

image-20210908153214081

查看可疑ip是否登录成功

1
2
3
4
cat /var/log/vsftpd.log | grep '230' | grep '192.168.79.132'


Wed Sep  8 22:22:15 2021 [pid 342022] [longer] FTP response: Client "192.168.79.132", "230 Login successful."

查看上传下载

1
2
Tue Sep  7 16:07:29 2021 1 ::ffff:192.168.79.132 0 /test/testfile.txt a _ o a anonymous ftp 0 * c
Tue Sep  7 17:27:27 2021 1 192.168.79.132 0 /test_ftp.txt a _ i r longer ftp 0 * i

windows下成功登录

image-20210909095642142

上传文件

1
2021-09-09 02:02:33 192.168.79.132 - 192.168.77.175 21 STOR test.exe 226 0 0 399fdf8e-2a13-4105-b8ad-20048579c070 /test.exe

下载文件

1
2021-09-09 02:14:01 192.168.79.132 - 192.168.77.175 21 RETR 123.txt 226 0 0 1ac045c4-5b7a-44f9-95cc-f0e47e079fc5 /test/123.txt

ssh

/var/log/secure

image-20210907143236260

Telnet

linux 日志位置:/var/log/secure

成功登录的日志 特征词LOGIN ON

image-20210909161004322

失败登录日志 FAILED LOGIN

image-20210909161821753

RDP

image-20210910101048477