好记性不如铅笔头

安全, 操作系统

某《魔鬼训练营》读书笔记:特定服务密码猜测

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

CONTENTS

ssh密码猜测:

使用Metasploit自带扫描模块:

msf> search ssh_login

Matching Modules
================

   Name                                    Disclosure Date  Rank    Description
   ----                                    ---------------  ----    -----------
   auxiliary/scanner/ssh/ssh_login                          normal  SSH Login Check Scanner
。。。。。

ssh_login模块:

路径:auxiliary/scanner/ssh/ssh_login

msf> use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > show options

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   PASSWORD                           no        A specific password to authenticate with #某个特定的密码
   PASS_FILE                          no        File containing passwords, one per line  #密码文件
   RHOSTS                             yes       The target address range or CIDR identifier #目标IP地址
   RPORT             22               yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERNAME                           no        A specific username to authenticate as   #某个特定的用户名
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line #用户名:密码文件
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line  #用户名文件
   VERBOSE           true             yes       Whether to print output for all attempts

msf auxiliary(ssh_login) > cd /usr/share/metasploit-framework/data/wordlists
msf auxiliary(ssh_login) > set USERNAME root
USERNAME => root
msf auxiliary(ssh_login) > head unix_passwords.txt
[*] exec: head unix_passwords.txt

123456
12345
123456789
password
iloveyou
princess
1234567
12345678
abc123
nicole
msf auxiliary(ssh_login) > set PASS_FILE  /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
PASS_FILE => /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
msf auxiliary(ssh_login) > set THREADS 50
THREADS => 50
msf auxiliary(ssh_login) > exploit
。。。
。。。

telnet密码猜测:

使用Metasploit自带扫描模块:

telnet_login模块:

路径:auxiliary/scanner/ssh/telnet_login

msf> use auxiliary/scanner/telnet/telnet_login
msf auxiliary(telnet_login) > show options

Module options (auxiliary/scanner/telnet/telnet_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   RHOSTS                             yes       The target address range or CIDR identifier
   RPORT             23               yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

后面和ssh_login类似,就不笔记了。

使用nmap脚本:

参考链接【 http://nmap.org/nsedoc/scripts/telnet-brute.html 】

发表评论

2 × 2 =

此站点使用 Akismet 来减少垃圾评论。了解我们如何处理您的评论数据