当前位置:网站首页>Web penetration test - 5. Brute force cracking vulnerability - (3) FTP password cracking
Web penetration test - 5. Brute force cracking vulnerability - (3) FTP password cracking
2022-06-24 03:38:00 【Seven days】
List of articles
File transfer protocol (File Transfer Protocol:FTP) Is a set of standard protocols for file transfer on the network , It works in OSI The seventh layer of the model , TCP The fourth layer of the model , The application layer , Use TCP Transmission, not UDP, The client has to go through a “ Three handshakes ” The process of , Ensure that the connection between the client and the server is reliable , And it's connection oriented , Provide reliable guarantee for data transmission .
FTP Allow users to operate in the form of files ( Such as the addition of documents 、 Delete 、 Change 、 check 、 Transmission, etc ) Communicate with another host . However , Users do not really log in to the computer they want to access and become full users , You can use FTP Programs access remote resources , Realize the round-trip transmission of files by users 、 Directory management, access to e-mail, etc , Even though both computers may be equipped with different operating systems and file storage methods . Default TCP port 21.
One 、hydra
Hydra Is a parallel login cracker , It supports multiple attack protocols . It's very fast and flexible , And new modules are easy to add .kali Toolset integrated .
hydra Project address :
https://github.com/vanhauser-thc/thc-hydra/releases Full version
hydra Support :
Cisco AAA、Cisco auth、Cisco enable、CVS、FTP、HTTP(S)-FORM-GET、HTTP(S)-FORM-POST、HTTP(S)-GET、HTTP(S)-HEAD、HTTP- agent 、ICQ、IMAP、IRC、LDAP、MS-SQL、MySQL、NNTP、Oracle The listener 、Oracle SID、PC-Anywhere、PC-NFS、POP3、PostgreSQL、RDP、Rexec、Rlogin、Rsh、SIP、SMB(NT)、SMTP、SMTP enumeration、SNMP v1+v2+v3、SOCKS5、SSH(v1 and v2)、SSHKEY、Subversion、Teamspeak (TS2)、Telnet、VMware-Auth、VNC and XMPP`.
hydra -L /root/Desktop/user.txt -P /root/Desktop/pass.txt IP ftp
-L: Specify the user name dictionary path-P: Specify password dictionary path
Two 、Medusa
Medusa It's a fast one 、 A parallel and modular login brute force cracker . The goal is to support as many services as possible that allow remote authentication .kalikali Toolset integrated .
file :
www.foofus.net/jmk/medusa/medusa.html
Source code :https://github.com/jmk-foofus/medusahttps://github.com/jmk-foofus/medusa/archive/2.2.tar.gz
The main functions are as follows :
1、Thread based parallel testing: It can target multiple hosts at the same time 、 The user or password performs a brute force test .
2、Flexible user input: Target information can be specified in a number of ways ( host / user / password ). for example , Each item can be a single item , It can also be a file that contains multiple entries . Besides , The combined file format allows users to refine their target list .
3、Modular design: Each service module acts as an independent .mod File exists . This means that the list of supported services can be extended for brute force cracking without any modification to the core application .
4、Support multiple protocols: Many services are currently supported ( for example SMB、HTTP、POP3、MS-SQL、SSHv2 etc. ).
medusa -h IP -U /root/Desktop/user.txt -P /root/Desktop/pass.txt -M ftp
-U: Indicates the path to the user name list-P: Indicates the path to the password list-M: Specify the burst parameter type
3、 ... and 、Ncrack
Ncrack Is a high-speed network authentication cracking tool . It aims to help companies protect their networks by proactively testing all their hosts and network devices for password errors .Ncrack Is to use a modular approach 、 Be similar to Nmap Command line syntax and dynamic engine design that can adjust its behavior according to network feedback . It allows fast and reliable large-scale auditing of multiple hosts .kali Toolset integrated .
Ncrack The functionality of the includes a very flexible interface , Allow users to have complete control over network operations , Allow very complex brute force attacks , Easy to use timing templates , Be similar to Nmap The runtime interaction of . Supported protocols include
SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , and DICOM
Project address :
https://nmap.org/ncrack/
ncrack –v -U /root/Desktop/user.txt -P /root/Desktop/pass.txt IP:21
-U: Indicates the path to the user name list-P: Indicates the path to the password list-v: Increase the level of detail ( Use twice or more for better results )
Four 、Patator
Patator For the use of Hydra、Medusa、Ncrack、Metasploit Module and Nmap NSE The script is written to thwart password guessing attacks . I chose a different approach , So as not to create another brute force cracking tool and avoid repeating the same shortcomings .Patator It's a use. Python Write multithreading tools , It strives to be more reliable and flexible than its predecessors .
Project address :
https://github.com/lanjelot/patator
patator ftp_login host=IP user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt
5、 ... and 、Metasploit
use auxiliary/scanner/ftp/ftp_login
msf exploit (ftp_login)>set rhosts IP
msf exploit (ftp_login)>set user_file /root/Desktop/user.txt
msf exploit (ftp_login)>set pass_file /root/Desktop/pass.txt
msf exploit (ftp_login)>set stop_on_success true
msf exploit (ftp_login)> exploit
边栏推荐
- Disk partition extension using graphical interface and PowerShell code
- What does elastic public IP mean? The advantages of elastic public IP
- Troubleshooting and resolution of errors in easycvr calling batch deletion interface
- What is distributed configuration center Nacos? What are the functions of distributed configuration center Nacos?
- What protocol does FTP belong to in Fortress machine and how to use FTP in Fortress machine
- Self built DNS to realize the automatic intranet resolution of tke cluster apiserver domain name
- Several options of F8 are very useful
- [competition experience sharing] design of intelligent guide rod
- Understanding Devops from the perspective of decision makers
- LeetCode 129. Find the sum of numbers from root node to leaf node
猜你喜欢
随机推荐
What are the advantages of EIP? What is the relationship between EIP and fixed IP?
A figure showing the price and expense structure of Tencent cloud real-time audio and video TRTC
Grpc: how to add API log interceptors / Middleware?
[see you] on October 24, we met at Tencent Binhai building
What is the fortress machine? What role does the fortress machine play?
How to build glasses website what are the functions of glasses website construction
Case analysis | interpret the truth that multi branch enterprises choose sd-wan network reconstruction in combination with real cases
在pycharm中pytorch的安装
Micro build low code enterprise exchange day · Shenzhen station opens registration
Does the user need a code signing certificate? What is the use of a code signing certificate
Tencent cloud launched its new 100g+ cloud server product!! Expect more than 400g+ in the future!
Using RDM (Remote Desktop Manager) to import CSV batch remote
ModStartCMS 主题入门开发教程
A Tencent interview question
The medical technology giant was blackmailed and Microsoft announced 74 security vulnerabilities | global network security hotspot
Why use code signing? What certificates are required for code signing?
How to select a server with appropriate configuration when planning to build a live broadcast platform
EIP maximum EIP EIP remote desktop access
Disk partition extension using graphical interface and PowerShell code
What does elastic public IP mean? The advantages of elastic public IP