标签归档:工具

暴力破解工具 – Medusa

此工具官方网址:http://foofus.net,这个工具支持的协议相对比较丰富。

安装:

tar zxvf medusa-2.1.1.tar.gz
cd medusa-2.1.1
./configure
##................
configure: *******************************************************
configure:     Medusa Module Build Summary
configure: 
configure:     AFP             ** Disabled **
configure:     CVS             Enabled
configure:     FTP             Enabled
configure:     HTTP            Enabled
configure:     IMAP            Enabled
configure:     MSSQL           Enabled
configure:     MYSQL           Enabled
configure:     NCP             ** Disabled **
configure:     NNTP            Enabled
configure:     PCANYWHERE      Enabled
configure:     POP3            Enabled
configure:     POSTGRES        ** Disabled **
configure:     REXEC           Enabled
configure:     RLOGIN          Enabled
configure:     RSH             Enabled
configure:     SMBNT           Enabled
configure:     SMTP            Enabled
configure:     SMTP-VRFY       Enabled
configure:     SNMP            Enabled
configure:     SSH             Enabled
configure:     SVN             ** Disabled **
configure:     TELNET          Enabled
configure:     VMAUTHD         Enabled
configure:     VNC             Enabled
configure:     WRAPPER         Enabled
configure:     WEB-FORM        Enabled
##................
make 
make install

如果提示SSH是Disabled,说明搜索不到libssh2,这个是一个实现了SSH2协议的C库,Medusa的SSH模块依赖这个库以实现SSH通信(PHP也提供了针对libssh2库的包装器,http://cn2.php.net/manual/zh/book.ssh2.php),安装libssh2:

#查询libssh2是否已经安装
rpm -qa | grep libssh
libssh2-1.4.2-1.el6_6.1.x86_64

#更新
yum install libssh2 libssh2-devel

#获取安装的文件列表
rpm -ql libssh2-1.4.2-1.el6_6.1.x86_64
/usr/lib64/libssh2.so.1
/usr/lib64/libssh2.so.1.0.1
/usr/share/doc/libssh2-1.4.2
/usr/share/doc/libssh2-1.4.2/AUTHORS
/usr/share/doc/libssh2-1.4.2/COPYING
/usr/share/doc/libssh2-1.4.2/ChangeLog
/usr/share/doc/libssh2-1.4.2/NEWS
/usr/share/doc/libssh2-1.4.2/README

rpm -ql libssh2-devel.x86_64
/usr/include/libssh2.h
/usr/include/libssh2_publickey.h
/usr/include/libssh2_sftp.h
/usr/lib64/libssh2.so
/usr/lib64/pkgconfig/libssh2.pc
/usr/share/doc/libssh2-devel-1.4.2
/usr/share/doc/libssh2-devel-1.4.2/COPYING

实际上,我们需要的是libssh2-devel,动态链接库/usr/lib64/libssh2.so。

这样,Medusa安装完成,命令位置:/usr/local/bin/medusa。

基本用法:
1 单个SSH目标
/usr/local/bin/medusa -h ip -u root -P /root/psswd/1.txt -M ssh
2 多个SSH目标
/usr/local/bin/medusa -H ip.txt -u root -P /root/psswd/2.txt -M ssh
3 尝试不同用户
/usr/local/bin/medusa -H ip.txt -U account.txt -P /root/psswd/3.txt -M ssh

很显然,如果要是文件,对应的HUP必须是大写的(使用文件表示多个)。M指定要使用的模块,这里是SSH。

测试:

#手动建立一个字典文件
cat pwd.txt 
12323
123
df324
43rre
root

#暴力本地Mysql的root
/usr/local/bin/medusa -h 127.0.0.1 -u root -P pwd.txt -M mysql
Medusa v2.1.1 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [mysql] Host: 127.0.0.1 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 12323 (1 of 5 complete)
ACCOUNT CHECK: [mysql] Host: 127.0.0.1 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123 (2 of 5 complete)
ACCOUNT CHECK: [mysql] Host: 127.0.0.1 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: df324 (3 of 5 complete)
ACCOUNT CHECK: [mysql] Host: 127.0.0.1 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 43rre (4 of 5 complete)
ACCOUNT CHECK: [mysql] Host: 127.0.0.1 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: root (5 of 5 complete)
ACCOUNT FOUND: [mysql] Host: 127.0.0.1 User: root Password: root [SUCCESS]

以上,root用户匹配了密码root。可见,暴力破解关键在于字典。