Linux
主目錄中名為 Typescript 的奇怪文件
突然間,我開始在我的使用者主目錄中看到這個“Typescript”文件,我很好奇並打開它只是為了看到這個:
Script started on 2020-04-11 20:59:06+0600 ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# i a Command 'i' not found, but can be installed with: apt install iprint ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# iprint Command 'iprint' not found, did you mean: command 'qprint' from deb qprint command 'print' from deb mime-support Try: apt install <deb name> ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# list Command 'list' not found, did you mean: command 'hist' from deb loki command 'bist' from deb bist command 'klist' from deb heimdal-clients command 'klist' from deb krb5-user command 'flist' from deb mmh command 'flist' from deb nmh command 'mlist' from deb mblaze command 'last' from deb util-linux command 'dist' from deb mmh command 'dist' from deb nmh command 'lift' from deb lift command 'gist' from deb yorick Try: apt install <deb name> ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# kclose Command 'kclose' not found, did you mean: command 'gclose' from deb gnustep-gui-runtime Try: apt install <deb name> ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# close Command 'close' not found, did you mean: command 'gclose' from deb gnustep-gui-runtime Try: apt install <deb name> ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# help GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu) These shell commands are defined internally. Type `help' to see this list. Type `help name' to find out more about the function `name'. Use `info bash' to find out more about the shell in general. Use `man -k' or `info' to find out more about commands not in this list. A star (*) next to a name means that the command is disabled. job_spec [&] history [-c] [-d offset] [n] or hist> (( expression )) if COMMANDS; then COMMANDS; [ elif C> . filename [arguments] jobs [-lnprs] [jobspec ...] or jobs > : kill [-s sigspec | -n signum | -sigs> [ arg... ] let arg [arg ...] [[ expression ]] local [option] name[=value] ... alias [-p] [name[=value] ... ] logout [n] bg [job_spec ...] mapfile [-d delim] [-n count] [-O or> bind [-lpsvPSVX] [-m keymap] [-f file> popd [-n] [+N | -N] break [n] printf [-v var] format [arguments] builtin [shell-builtin [arg ...]] pushd [-n] [+N | -N | dir] caller [expr] pwd [-LP] case WORD in [PATTERN [| PATTERN]...)> read [-ers] [-a array] [-d delim] [-> cd [-L|[-P [-e]] [-@]] [dir] readarray [-n count] [-O origin] [-s> command [-pVv] command [arg ...] readonly [-aAf] [name[=value] ...] o> compgen [-abcdefgjksuv] [-o option] [> return [n] complete [-abcdefgjksuv] [-pr] [-DE] > select NAME [in WORDS ... ;] do COMM> compopt [-o|+o option] [-DE] [name ..> set [-abefhkmnptuvxBCHP] [-o option-> continue [n] shift [n] coproc [NAME] command [redirections] shopt [-pqsu] [-o] [optname ...] declare [-aAfFgilnrtux] [-p] [name[=v> source filename [arguments] dirs [-clpv] [+N] [-N] suspend [-f] disown [-h] [-ar] [jobspec ... | pid > test [expr] echo [-neE] [arg ...] time [-p] pipeline enable [-a] [-dnps] [-f filename] [na> times eval [arg ...] trap [-lp] [[arg] signal_spec ...] exec [-cl] [-a name] [command [argume> true exit [n] type [-afptP] name [name ...] export [-fn] [name[=value] ...] or ex> typeset [-aAfFgilnrtux] [-p] name[=v> false ulimit [-SHabcdefiklmnpqrstuvxPT] [l> fc [-e ename] [-lnr] [first] [last] o> umask [-p] [-S] [mode] fg [job_spec] unalias [-a] name [name ...] for NAME [in WORDS ... ] ; do COMMAND> unset [-f] [-v] [-n] [name ...] for (( exp1; exp2; exp3 )); do COMMAN> until COMMANDS; do COMMANDS; done function name { COMMANDS ; } or name > variables - Names and meanings of so> getopts optstring name [arg] wait [-n] [id ...] hash [-lr] [-p pathname] [-dt] [name > while COMMANDS; do COMMANDS; done help [-dms] [pattern ...] { COMMANDS ; } ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# helpclosekclose[2Plistiprint[3P aclear[3Pfgclearfgclea[1Pclear[3Pfgclearwifiteeifite[4Psuunsuputhon ./home/abartoha/script.py [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cclear[Kpython[1Pclearpythonscript.py[6Pdirclearscript.pyu --loginh[Kclearsuundo --loginabartoha[6Pclearsu abartoha[1PCOMMAND[5Pclearsu -shclearclear[6Phelp[1P--h[1Ph-help[4Pfgwifiteexit()[Kwifite[4Pjjwifite clee[Kar [32m .;' `;, [32m .;' ,;' `;, `;, [0mWiFite v2 (r87) [32m.;' ,;' ,;' `;, `;, `;, [32m:: :: : [37m( )[32m : :: :: [37mautomated wireless auditor [32m':. ':. ':. [37m/_\[32m ,:' ,:' ,:' [32m ':. ':. [37m/___\[32m ,:' ,:' [37mdesigned for Linux [32m ':. [37m/_____\[32m ,:' [32m [37m/ \[32m [0m usage: wifite [-h] [--check CHECK] [--cracked] [--recrack] [--all] [-i INTERFACE] [--mac] [--mon-iface MONITOR_INTERFACE] [-c CHANNEL] [-e ESSID] [-b BSSID] [--showb] [--nodeauth] [--power POWER] [--tx TX] [--quiet] [--wpa] [--wpat WPAT] [--wpadt WPADT] [--strip] [--crack] [--dict DIC] [--aircrack] [--pyrit] [--tshark] [--cowpatty] [--wep] [--pps PPS] [--wept WEPT] [--chopchop] [--arpreplay] [--fragment] [--caffelatte] [--p0841] [--hirte] [--nofakeauth] [--wepca WEPCA] [--wepsave WEPSAVE] [--wps] [--pixie] [--wpst WPST] [--wpsratio WPSRATIO] [--wpsretry WPSRETRY] wifite: error: unrecognized arguments: clear ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# clear [3J[H[2J]0;root@abar: /home/abartoharoot@abar:/home/abartoha# history 0c bash: history: 0c: numeric argument required ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# clear [3J[H[2J]0;root@abar: /home/abartoharoot@abar:/home/abartoha# help\[K GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu) These shell commands are defined internally. Type `help' to see this list. Type `help name' to find out more about the function `name'. Use `info bash' to find out more about the shell in general. Use `man -k' or `info' to find out more about commands not in this list. A star (*) next to a name means that the command is disabled. job_spec [&] history [-c] [-d offset] [n] or hist> (( expression )) if COMMANDS; then COMMANDS; [ elif C> . filename [arguments] jobs [-lnprs] [jobspec ...] or jobs > : kill [-s sigspec | -n signum | -sigs> [ arg... ] let arg [arg ...] [[ expression ]] local [option] name[=value] ... alias [-p] [name[=value] ... ] logout [n] bg [job_spec ...] mapfile [-d delim] [-n count] [-O or> bind [-lpsvPSVX] [-m keymap] [-f file> popd [-n] [+N | -N] break [n] printf [-v var] format [arguments] builtin [shell-builtin [arg ...]] pushd [-n] [+N | -N | dir] caller [expr] pwd [-LP] case WORD in [PATTERN [| PATTERN]...)> read [-ers] [-a array] [-d delim] [-> cd [-L|[-P [-e]] [-@]] [dir] readarray [-n count] [-O origin] [-s> command [-pVv] command [arg ...] readonly [-aAf] [name[=value] ...] o> compgen [-abcdefgjksuv] [-o option] [> return [n] complete [-abcdefgjksuv] [-pr] [-DE] > select NAME [in WORDS ... ;] do COMM> compopt [-o|+o option] [-DE] [name ..> set [-abefhkmnptuvxBCHP] [-o option-> continue [n] shift [n] coproc [NAME] command [redirections] shopt [-pqsu] [-o] [optname ...] declare [-aAfFgilnrtux] [-p] [name[=v> source filename [arguments] dirs [-clpv] [+N] [-N] suspend [-f] disown [-h] [-ar] [jobspec ... | pid > test [expr] echo [-neE] [arg ...] time [-p] pipeline enable [-a] [-dnps] [-f filename] [na> times eval [arg ...] trap [-lp] [[arg] signal_spec ...] exec [-cl] [-a name] [command [argume> true exit [n] type [-afptP] name [name ...] export [-fn] [name[=value] ...] or ex> typeset [-aAfFgilnrtux] [-p] name[=v> false ulimit [-SHabcdefiklmnpqrstuvxPT] [l> fc [-e ename] [-lnr] [first] [last] o> umask [-p] [-S] [mode] fg [job_spec] unalias [-a] name [name ...] for NAME [in WORDS ... ] ; do COMMAND> unset [-f] [-v] [-n] [name ...] for (( exp1; exp2; exp3 )); do COMMAN> until COMMANDS; do COMMANDS; done function name { COMMANDS ; } or name > variables - Names and meanings of so> getopts optstring name [arg] wait [-n] [id ...] hash [-lr] [-p pathname] [-dt] [name > while COMMANDS; do COMMANDS; done help [-dms] [pattern ...] { COMMANDS ; } ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# helpclearhistory 0c[5Pclearwifite clear[8Phelpclosekclose[2Plistiprint[3P aclear[3Pfgclearfgclea[1Pclear[3Pfgclearwifiteeifite[4Psuunsuputhon ./home/abartoha/script.py [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cclear[Kpython[1Pclearpythonscript.py[6Pdirclearscript.pyu --loginh[Kclearsuundo --loginabartoha[6Pclearsu abartoha[1PCOMMAND[5Pclearsu -shclearclear[6Phelp[1P--h[1Ph-help[4Pfgwifiteexit()[Kwifite[4Pjjwifite jj[Kwifite[2Pexit()wifite[4Pfg--help[Kh-hhelpclearclear[Ksu -hsclearsu COMMANDabartoha[6Pclearsu abartoha[1P--login[4Pundo[1Pclearsu -h-login[1Pcript.py[4Pclear[2Pdirscript.py[3Ppython[1Pclearpython[1Pclearputhon ./home/abartoha/script.py [C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[C[Cunsu[K[2Psueifitewifite[1Pclear[3Pfgclearfgclea[1Pclear[3Pfgclear[2Pi aprint[2Plistkclose[1Pclose[1Phelpwifite clear[7Pclearhistory 0c[5Pclear[1Phelp[Khistory -c ]0;root@abar: /home/abartoharoot@abar:/home/abartoha# e[Kexit我不知道,雖然我有一些猜測,但我希望從一個好人那裡得到一些現實。我正在使用 Linux Mint、SSD 上的 Windows、HDD 上的 Linux。謝謝你住這麼遠。
去年(2020 年)4 月 11 日,您執行了
script命令(請參閱 參考資料man script)。當它執行時,它會擷取終端的所有輸入和輸出並將其寫入日誌文件。預設情況下,此文件被呼叫typescript並寫入目前目錄。例子
擷取會話日誌
script Script started, file is typescript ~$ date 19 Feb 2021 10:07:29 ~$ exit exit Script done, file is typescript查看日誌文件
cat typescript Script started on 2021-02-19 10:07:27+00:00 [TERM="xterm" TTY="/dev/pty0" COLUMNS="112" LINES="24"] ~$ date 19 Feb 2021 10:07:29 ~$ exit exit Script done on 2021-02-19 10:07:31+00:00 [COMMAND_EXIT_CODE="0"]您會注意到實際上所有內容都被擷取,包括 shell 提示符、轉義程式碼序列和從錯誤輸入中刪除。(在研究這樣的日誌文件時,試圖理解全屏編輯會話幾乎是不可能的,除非你只是簡單地理解
cat它。)