切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
208 暴力破解 ncrack[复制链接]
发表于 2012-10-4 22:25:34 | 显示全部楼层 |!read_mode!
安装
  1. root@Dis9Team:/tmp# wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
  2. root@Dis9Team:/tmp/ncrack-0.4ALPHA# ./configure --prefix=/pen/passwd/ncrack
  3. root@Dis9Team:/tmp/ncrack-0.4ALPHA# make
  4. root@Dis9Team:/tmp/ncrack-0.4ALPHA# make install
  5. root@Dis9Team:/tmp/ncrack-0.4ALPHA# cd /pen/passwd/ncrack/bin/
  6. root@Dis9Team:/pen/passwd/ncrack/bin# ./ncrack
  7. Ncrack 0.4ALPHA ( http://ncrack.org )
  8. Usage: ncrack [Options] {target and service specification}
  9. TARGET SPECIFICATION:
  10.   Can pass hostnames, IP addresses, networks, etc.
  11.   Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  12.   -iX <inputfilename>: Input from Nmap's -oX XML output format
  13.   -iN <inputfilename>: Input from Nmap's -oN Normal output format
  14.   -iL <inputfilename>: Input from list of hosts/networks
  15.   --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  16.   --excludefile <exclude_file>: Exclude list from file
  17. SERVICE SPECIFICATION:
  18.   Can pass target specific services in <service>://target (standard) notation or
  19.   using -p which will be applied to all hosts in non-standard notation.
  20.   Service arguments can be specified to be host-specific, type of service-specific
  21.   (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
  22.   Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
  23.   -p <service-list>: services will be applied to all non-standard notation hosts
  24.   -m <service>:<options>: options will be applied to all services of this type
  25.   -g <options>: options will be applied to every service globally
  26.   Misc options:
  27.     ssl: enable SSL over this service
  28.     path <name>: used in modules like HTTP ('=' needs escaping if used)
  29. TIMING AND PERFORMANCE:
  30.   Options which take <time> are in seconds, unless you append 'ms'
  31.   (miliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  32.   Service-specific options:
  33.     cl (min connection limit): minimum number of concurrent parallel connections
  34.     CL (max connection limit): maximum number of concurrent parallel connections
  35.     at (authentication tries): authentication attempts per connection
  36.     cd (connection delay): delay <time> between each connection initiation
  37.     cr (connection retries): caps number of service connection attempts
  38.     to (time-out): maximum cracking <time> for service, regardless of success so far
  39.   -T<0-5>: Set timing template (higher is faster)
  40.   --connection-limit <number>: threshold for total concurrent connections
  41. AUTHENTICATION:
  42.   -U <filename>: username file
  43.   -P <filename>: password file
  44.   --user <username_list>: comma-separated username list
  45.   --pass <password_list>: comma-separated password list
  46.   --passwords-first: Iterate password list for each username. Default is opposite.
  47. OUTPUT:
  48.   -oN/-oX <file>: Output scan in normal and XML format, respectively, to the given filename.
  49.   -oA <basename>: Output in the two major formats at once
  50.   -v: Increase verbosity level (use twice or more for greater effect)
  51.   -d[level]: Set or increase debugging level (Up to 10 is meaningful)
  52.   --nsock-trace <level>: Set nsock trace level (Valid range: 0 - 10)
  53.   --log-errors: Log errors/warnings to the normal-format output file
  54.   --append-output: Append to rather than clobber specified output files
  55. MISC:
  56.   --resume <file>: Continue previously saved session
  57.   -f: quit cracking service after one found credential
  58.   -6: Enable IPv6 cracking
  59.   -sL or --list: only list hosts and services
  60.   --datadir <dirname>: Specify custom Ncrack data file location
  61.   -V: Print version number
  62.   -h: Print this help summary page.
  63. MODULES:
  64.   FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, VNC
  65. EXAMPLES:
  66.   ncrack -v --user root localhost:22
  67.   ncrack -v -T5 https://192.168.0.1
  68.   ncrack -v -iX ~/nmap.xml -g CL=5,to=1h
  69. SEE THE MAN PAGE (http://nmap.org/ncrack/man.html) FOR MORE OPTIONS AND EXAMPLES
  70. root@Dis9Team:/pen/passwd/ncrack/bin#
复制代码

首先看他的模块    FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, VNC 支持这么多
他自带了一些字典:
  1. root@Dis9Team:/pen/passwd/ncrack# find
  2. .
  3. ./share
  4. ./share/ncrack
  5. ./share/ncrack/default.usr
  6. ./share/ncrack/myspace.pwd
  7. ./share/ncrack/top50000.pwd
  8. ./share/ncrack/phpbb.pwd
  9. ./share/ncrack/ncrack-services
  10. ./share/ncrack/minimal.usr
  11. ./share/ncrack/jtr.pwd
  12. ./share/ncrack/default.pwd
  13. ./share/ncrack/common.usr
  14. ./share/man
  15. ./share/man/man1
  16. ./share/man/man1/ncrack.1
  17. ./bin
  18. ./bin/ncrack
  19. root@Dis9Team:/pen/passwd/ncrack#
复制代码
使用方法:破解3389
  1. root@Dis9Team:/pen/passwd/ncrack# ./bin/ncrack -vv  -U name -P pass 5.5.5.3:3389,CL=1
复制代码

关于指定协议用端口指定 如果我要破解FTP那么就是 5.5.5.2:21
尝试破解本地22端口的SSH服务 用他自带的密码字典:
  1. root@Dis9Team:/pen/passwd/ncrack/bin# ./ncrack -v --user root 127.0.0.1:22

  2. Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2012-07-29 23:41 PDT

  3. Discovered credentials on ssh://127.0.0.1:22 'root' '123456'
复制代码
用户密码
-U <filename>: 用字典  -P <filename>:  用字典  --user <username_list>:指定单个  --pass <password_list>: 指定单个






操千曲而后晓声,观千剑而后识器。
发表于 2015-4-6 18:31:32 | 显示全部楼层
来看看
发表于 2015-7-20 17:19:06 | 显示全部楼层
这个是从NMAP里面提取出来的一部分功能??能爆破整个C段IP?
发表于 2015-7-20 19:24:36 | 显示全部楼层
试了之后就知道

代码区

GMT+8, 2020-10-26 09:48

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部