SSHLOGIN 扫描登录辅助模块
简介
sshlogin该模块是渗透测试框架MSF(MetaSploit)框架下常用的一个工具,它可以针对单个IP或者一组IP进行暴力破解。
➜ ~ msfconsole .:okOOOkdc' 'cdkOOOko:. .xOOOOOOOOOOOOc cOOOOOOOOOOOOx. :OOOOOOOOOOOOOOOk, ,kOOOOOOOOOOOOOOO: 'OOOOOOOOOkkkkOOOOO: :OOOOOOOOOOOOOOOOOO' oOOOOOOOO.MMMM.oOOOOoOOOOl.MMMM,OOOOOOOOo dOOOOOOOO.MMMMMM.cOOOOOc.MMMMMM,OOOOOOOOx lOOOOOOOO.MMMMMMMMM;d;MMMMMMMMM,OOOOOOOOl .OOOOOOOO.MMM.;MMMMMMMMMMM;MMMM,OOOOOOOO. cOOOOOOO.MMM.OOc.MMMMM'oOO.MMM,OOOOOOOc oOOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOOo lOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOl ;OOOO'MMM.OOOO.MMM:OOOO.MMM;OOOO; .dOOo'WM.OOOOocccxOOOO.MX'xOOd. ,kOl'M.OOOOOOOOOOOOO.M'dOk, :kk;.OOOOOOOOOOOOO.;Ok: ;kOOOOOOOOOOOOOOOk: ,xOOOOOOOOOOOx, .lOOOOOOOl. ,dOd, . =[ metasploit v4.16.64-dev-c1c6dc0d8516dbdecca04f17e41f48148f648f18] + -- --=[ 1777 exploits - 1018 auxiliary - 308 post ] + -- --=[ 538 payloads - 41 encoders - 10 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > use auxiliary/scanner/ssh/ssh_login msf auxiliary(scanner/ssh/ssh_login) > show options
使用
我们可以根据查看选项设置(show options),这里我们可能需要一些必要设置项 比如:我们需要设置扫描的IP或者IP段,可以这样设置:
msf auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.1.100 RHOSTS => 192.168.0.1
msf auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.1.100 RHOSTS => 192.168.0.1/24
我们可以设置指定的用户名和密码,也可以引入弱口令密码表。
msf auxiliary(scanner/ssh/ssh_login) > set USERNAME root msf auxiliary(scanner/ssh/ssh_login) > set USERPASS 123456
msf auxiliary(scanner/ssh/ssh_login) > set USERPASS_FILE ~/pwd.txt
但如果需要用公私钥登录需要切换至sshloginpubkey模块,
msf auxiliary(scanner/ssh/ssh_login) > use auxiliary/scanner/ssh/ssh_login_pubkey
具体配置项可以 show options, 这里不再赘述:
msf auxiliary(scanner/ssh/ssh_login_pubkey) > set KEY_FILE ~/.ssh/id_rsa
我们也可以设置并发线程数:
msf auxiliary(scanner/ssh/ssh_login) > set THREADS 10
也可以设置是否打印输出:
msf auxiliary(scanner/ssh/ssh_login) > set VERBOSE true
设置完成后即可运行:
msf auxiliary(scanner/ssh/ssh_login) > run
扫描完后,我们可以看sessions或hosts
msf auxiliary(scanner/ssh/ssh_login_pubkey) > sessions -i 1 msf auxiliary(scanner/ssh/ssh_login_pubkey) > hosts
最后
如果你第一次使用,在安装完MSF框架后,需要设置一个postgresql数据库: 安装不说了,注意查看是否开启:
systemctl start postgresql
mac上查看
brew services start postgresql
在命令后下初始化一个数据库:
➜ ~ msfdb init
进入MSF框架查看是否连接成功
msf > db_status
查看工作区
msf > workspace
创建工作区
msf > workspace -a xxx
切换工作区
msf > workspace xxx
删除工作区
msf > workspace -d xxx
其他可以查看帮助
msf > workspace -h
msf > help
导入和扫描
msf > db_import /root/msfu/nmapScan
msf > db_nmap -A 172.16.194.134
备份
msf > db_export -h
hosts 命令
msf > hosts -c address,os_flavor
参考
SRC0:https://www.offensive-security.com/metasploit-unleashed/using-databases/ SRC1:https://www.offensive-security.com/metasploit-unleashed/scanner-ssh-auxiliary-modules/
Comments:
Email questions, comments, and corrections to hi@smartisan.dev.
Submissions may appear publicly on this website, unless requested otherwise in your email.