当前位置:网站首页>Web penetration test - 5. Brute force cracking vulnerability - (3) FTP password cracking
Web penetration test - 5. Brute force cracking vulnerability - (3) FTP password cracking
2022-06-24 03:38:00 【Seven days】
List of articles
File transfer protocol (File Transfer Protocol:FTP) Is a set of standard protocols for file transfer on the network , It works in OSI The seventh layer of the model , TCP The fourth layer of the model , The application layer , Use TCP Transmission, not UDP, The client has to go through a “ Three handshakes ” The process of , Ensure that the connection between the client and the server is reliable , And it's connection oriented , Provide reliable guarantee for data transmission .
FTP Allow users to operate in the form of files ( Such as the addition of documents 、 Delete 、 Change 、 check 、 Transmission, etc ) Communicate with another host . However , Users do not really log in to the computer they want to access and become full users , You can use FTP Programs access remote resources , Realize the round-trip transmission of files by users 、 Directory management, access to e-mail, etc , Even though both computers may be equipped with different operating systems and file storage methods . Default TCP port 21.
One 、hydra
Hydra Is a parallel login cracker , It supports multiple attack protocols . It's very fast and flexible , And new modules are easy to add .kali Toolset integrated .
hydra Project address :
https://github.com/vanhauser-thc/thc-hydra/releases Full version
hydra Support :
Cisco AAA、Cisco auth、Cisco enable、CVS、FTP、HTTP(S)-FORM-GET、HTTP(S)-FORM-POST、HTTP(S)-GET、HTTP(S)-HEAD、HTTP- agent 、ICQ、IMAP、IRC、LDAP、MS-SQL、MySQL、NNTP、Oracle The listener 、Oracle SID、PC-Anywhere、PC-NFS、POP3、PostgreSQL、RDP、Rexec、Rlogin、Rsh、SIP、SMB(NT)、SMTP、SMTP enumeration、SNMP v1+v2+v3、SOCKS5、SSH(v1 and v2)、SSHKEY、Subversion、Teamspeak (TS2)、Telnet、VMware-Auth、VNC and XMPP`.
hydra -L /root/Desktop/user.txt -P /root/Desktop/pass.txt IP ftp
-L: Specify the user name dictionary path-P: Specify password dictionary path
Two 、Medusa
Medusa It's a fast one 、 A parallel and modular login brute force cracker . The goal is to support as many services as possible that allow remote authentication .kalikali Toolset integrated .
file :
www.foofus.net/jmk/medusa/medusa.html
Source code :https://github.com/jmk-foofus/medusahttps://github.com/jmk-foofus/medusa/archive/2.2.tar.gz
The main functions are as follows :
1、Thread based parallel testing: It can target multiple hosts at the same time 、 The user or password performs a brute force test .
2、Flexible user input: Target information can be specified in a number of ways ( host / user / password ). for example , Each item can be a single item , It can also be a file that contains multiple entries . Besides , The combined file format allows users to refine their target list .
3、Modular design: Each service module acts as an independent .mod File exists . This means that the list of supported services can be extended for brute force cracking without any modification to the core application .
4、Support multiple protocols: Many services are currently supported ( for example SMB、HTTP、POP3、MS-SQL、SSHv2 etc. ).
medusa -h IP -U /root/Desktop/user.txt -P /root/Desktop/pass.txt -M ftp
-U: Indicates the path to the user name list-P: Indicates the path to the password list-M: Specify the burst parameter type
3、 ... and 、Ncrack
Ncrack Is a high-speed network authentication cracking tool . It aims to help companies protect their networks by proactively testing all their hosts and network devices for password errors .Ncrack Is to use a modular approach 、 Be similar to Nmap Command line syntax and dynamic engine design that can adjust its behavior according to network feedback . It allows fast and reliable large-scale auditing of multiple hosts .kali Toolset integrated .
Ncrack The functionality of the includes a very flexible interface , Allow users to have complete control over network operations , Allow very complex brute force attacks , Easy to use timing templates , Be similar to Nmap The runtime interaction of . Supported protocols include
SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , and DICOM
Project address :
https://nmap.org/ncrack/
ncrack –v -U /root/Desktop/user.txt -P /root/Desktop/pass.txt IP:21
-U: Indicates the path to the user name list-P: Indicates the path to the password list-v: Increase the level of detail ( Use twice or more for better results )
Four 、Patator
Patator For the use of Hydra、Medusa、Ncrack、Metasploit Module and Nmap NSE The script is written to thwart password guessing attacks . I chose a different approach , So as not to create another brute force cracking tool and avoid repeating the same shortcomings .Patator It's a use. Python Write multithreading tools , It strives to be more reliable and flexible than its predecessors .
Project address :
https://github.com/lanjelot/patator
patator ftp_login host=IP user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt
5、 ... and 、Metasploit
use auxiliary/scanner/ftp/ftp_login
msf exploit (ftp_login)>set rhosts IP
msf exploit (ftp_login)>set user_file /root/Desktop/user.txt
msf exploit (ftp_login)>set pass_file /root/Desktop/pass.txt
msf exploit (ftp_login)>set stop_on_success true
msf exploit (ftp_login)> exploit
边栏推荐
- Principle of efficient animation Implementation-A preliminary exploration of jetpack compose
- [see you] on October 24, we met at Tencent Binhai building
- Self built DNS to realize the automatic intranet resolution of tke cluster apiserver domain name
- What is elastic scaling in cloud computing? What are the main applications of elastic scaling in cloud computing?
- What protocol does FTP belong to in Fortress machine and how to use FTP in Fortress machine
- 3D visualization of Metro makes everything under control
- Modstartcms theme introductory development tutorial
- What is the difference between elasticity and scalability of cloud computing? What does elastic scaling of cloud computing mean?
- What is the impact on the server rental or server hosting price?
- How to choose excellent server hosting or server leasing in Beijing
猜你喜欢
【代码随想录-动态规划】T392.判断子序列
ModStartCMS 主题入门开发教程
在pycharm中pytorch的安装
Thank you for your recognition! One thank-you note after another
Get to know MySQL database
Modstartcms enterprise content site building system (supporting laravel9) v4.2.0
Ar 3D map technology
Community pycharm installation visual database
QT creator tips
618大促:手机品牌“神仙打架”,高端市场“谁主沉浮”?
随机推荐
TRTC audio quality problem
What is the price of the elastic public network IP bandwidth
What is the fortress machine? What role does the fortress machine play?
LeetCode 1047. Delete all adjacent duplicates in the string
What is edge computing? What are the characteristics of the Internet platform edge calculator?
How the new operator works
Does the user need a code signing certificate? What is the use of a code signing certificate
The quick login of QQ cannot be directly invoked through remote login, and the automatic login of QQ can be invoked using VNC
What port does the fortress machine use? What is the role of the fortress machine?
Understand Devops from the perspective of leader
Record the creation process of a joke widget (I)
在pycharm中pytorch的安装
Thank you for your recognition! One thank-you note after another
General scheme for improving reading and writing ability of online es cluster
What protocols do fortress computers have and what protocols do fortress computers generally use
News | detailed explanation of network security vulnerabilities of branch enterprises
内存泄漏之KOOM-Shark中的Hprof信息
RPM 包的构建 - SPEC 基础知识
Grpc: how to implement the restful API for file uploading?
What is elastic scaling in cloud computing? What are the main applications of elastic scaling in cloud computing?