hydra [海德拉]
hydra:希腊神话中的九头蛇,传说有九头,斩一头,生两头
hydra是世界顶级密码暴力破解工具,支持几乎所有协议的在线密码破解,功能强大,密码能否被批结破解取决于字典是否足够强大
指定用户破解
hydra -l user -P passlist.txt ftp://192.168.0.1 hydra -L userlist -P imap://192.168.0.1/PLAIN hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5 hydra -l admin -p password ftp://[192.168.0.0/24]/ hydra -L logins.txt -P pws.txt -M targets.txt ssh hydra -l user -P passlist.dic ftp://192.168.0.1 ssh
用户列表破解
cat userlist.txt cat passlist.txt hydra -L userlist.txt -P passlist.txt -t 20 192.168.1.1 ssh hydra -L userlist.txt -P passlist.txt -M hosts.txt ssh -o ssh-hydra.ok
Medusa [美杜莎]
Medusa速度快,支持大规模并行,模块化,爆破登录
语法参数
Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT] -h [TEXT] : Target hostname or IP address -H [FILE] : File containing target hostnames or IP addresses -u [TEXT] : Username to test -U [FILE] : File containing usernames to test -p [TEXT] : Password to test -P [FILE] : File containing passwords to test -C [FILE] : File containing combo entries. See README for more information. -O [FILE] : File to append log information to -e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username) -M [TEXT] : Name of the module to execute (without the .mod extension) -m [TEXT] : Parameter to pass to the module. This can be passed multiple times with a different parameter each time and they will all be sent to the module (i.e. -m Param1 -m Param2, etc.) -d : Dump all known modules -n [NUM] : Use for non-default TCP port number -s : Enable SSL -g [NUM] : Give up after trying to connect for NUM seconds (default 3) -r [NUM] : Sleep NUM seconds between retry attempts (default 3) -R [NUM] : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1. -c [NUM] : Time to wait in usec to verify socket is available (default 500 usec). -t [NUM] : Total number of logins to be tested concurrently -T [NUM] : Total number of hosts to be tested concurrently -L : Parallelize logins using one username per thread. The default is to process the entire username before proceeding. -f : Stop scanning host after first valid username/password found. -F : Stop audit after first valid username/password found on any host. -b : Suppress startup banner -q : Display module's usage information -v [NUM] : Verbose level [0 - 6 (more)] -w [NUM] : Error debug level [0 - 10 (more)] -V : Display version -Z [TEXT] : Resume scan based on map of previous scan
破解SSH密码
medusa -M ssh -h 192.168.1.1 -u root -P passlist.txt
patator
强大的命令行暴力破解器
可用模块
+ ftp_login : Brute-force FTP + ssh_login : Brute-force SSH + telnet_login : Brute-force Telnet + smtp_login : Brute-force SMTP + smtp_vrfy : Enumerate valid users using SMTP VRFY + smtp_rcpt : Enumerate valid users using SMTP RCPT TO + finger_lookup : Enumerate valid users using Finger + http_fuzz : Brute-force HTTP + rdp_gateway : Brute-force RDP Gateway + ajp_fuzz : Brute-force AJP + pop_login : Brute-force POP3 + pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/) + imap_login : Brute-force IMAP4 + ldap_login : Brute-force LDAP + dcom_login : Brute-force DCOM + smb_login : Brute-force SMB + smb_lookupsid : Brute-force SMB SID-lookup + rlogin_login : Brute-force rlogin + vmauthd_login : Brute-force VMware Authentication Daemon + mssql_login : Brute-force MSSQL + oracle_login : Brute-force Oracle + mysql_login : Brute-force MySQL + mysql_query : Brute-force MySQL queries + rdp_login : Brute-force RDP (NLA) + pgsql_login : Brute-force PostgreSQL + vnc_login : Brute-force VNC + dns_forward : Forward DNS lookup + dns_reverse : Reverse DNS lookup + snmp_login : Brute-force SNMP v1/2/3 + ike_enum : Enumerate IKE transforms + unzip_pass : Brute-force the password of encrypted ZIP files + keystore_pass : Brute-force the password of Java keystore files + sqlcipher_pass : Brute-force the password of SQLCipher-encrypted databases + umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes + tcp_fuzz : Fuzz TCP services + dummy_test : Testing module
(kali㉿kali)-[~] └─$ patator ssh_login --help 2 ⨯ Patator 0.9 (https://github.com/lanjelot/patator) with python-3.9.8 Usage: ssh_login <module-options ...> [global-options ...] Examples: ssh_login host=10.0.0.1 user=root password=FILE0 0=passwords.txt -x ignore:mesg='Authentication failed.' Module options: host : target host port : target port [22] user : usernames to test password : passwords to test auth_type : type of password authentication to use [password|keyboard-interactive|auto] keyfile : file with RSA, DSA or ECDSA private key to test persistent : use persistent connections [1|0]
BrutesPray
BruteSpray是一款基于nmap扫描输出的gnmap/XML文件,自动调用Medusa对服务进行爆破
Kali端安装
apt-get update apt-get install brutespray rm -rf /var/cache/apt/archieves/lock
nmap扫描
nmap -v 192.168.1.0/24 -oX nmap.xml nmap -A -p22 -v 192.168.1.0/24 -oX 22.xml nmap -sP 192.168.1.0/24 -oX nmaplive.xml nmap -sV -O 192.168.1.0/24 -oX nmap.xml
字典爆破SSH
brutespray --file 22.xml -U userlist.txt -P passlist.txt --threads 5 --hosts 5 cat /root/brutespray-output/ssh-success.txt
MSF
Metasploit Framework (MSF) 是一个编写、测试和使用exploit代码的完善环境。
SSH模块
msfconsole
暴力破解防御
1、useradd shell
useradd tyler -s /sbin/nologin
2、密码的复杂性
复杂密码+定期更换
3、修改默认端口
/etc/ssh/sshd_config Port 22222
4、限制登录的用户或组
#PermitRootLogin yes AllowUser tyler man sshd_config AllowUsers AllowGroups DenyUsers DenyGroups
5、使用sudo
6、设置允许的IP访问
/etc/hosts.allow sshd:192.168.1.1:allow
7、使用DenyHosts自动统计,并将其加入到/etc/hosts.deny
8、基于PAM实现登录限制
模块:pam_tally2.so
功能:登录统计
示例:实现防止对sshd暴力破解
grep tally2 /etc/pam.d/sshd
9、禁用密码改用公钥方式验证
10、保护xshell导出会话
11、GRUB加密
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
