4种方法测试telnet
hydra
hydra -L user.txt -P pass-top1000.txt 192.168.127.235 telnet |
ncrack
ncrack -v -T5 -U user.txt -P pass.txt 192.168.127.235:23 |
patator
patator telnet_login host=192.168.127.235 inputs='FILE0\nFILE1' 0=user.txt 1=pass.txt persistent=0 prompt_re='Username: | Password:' |
metasploit
msfconsole use auxiliary/scanner/telnet/telnet_login msf exploit (telnet_login)>set rhosts 192.168.127.235 msf exploit (telnet_login)>set user_file /root/Pentest/user txt msf exploit (telnet_login)>set pass_file /root/Pentest/pass.txt msf exploit (telnet_login)>set stop_on_success true msf exploit (telnet_login)>exploit |
4种方法测试smtp
telnet
telnet 192.168.127.235 25 测试25端口,使用vrfy验证用户是否存在,返回550是不存在用户,返回220表示用户存在 |
metasploit
use auxiliary/scanner/smtp/smtp_enum msf auxiliary(smtp_enum) > set rhosts 192.168.127.235 msf auxiliary(smtp_enum) > set rport 25 msf auxiliary(smtp_enum) > set USER_FILE /root/Pentest/user.txt msf auxiliary(smtp_enum) > exploit |
smtp-user-enum
smtp-user-enum -M VRFY -U /root/Pentest/user.txt -t 192.168.127.235 |
ismtp
ismtp -h 192.168.127.235:25 -e /root/Pentest/email.txt |
爬网站
metasploit
use auxiliary/crawler/msfcrawler msf auxiliary(msfcrawler)>set rhosts www.qq.com msf auxiliary(msfcrawler)>exploit |
httrack
httrack http://www.qq.com –O /root/Pentest/outfiles |
Website Ripper Copier
这图形界面工具,很推荐,下载地址:http://download.tensons.com/download/WRCsetup.exe |
Burp Suite Spider
5种方法抓取版本
nmap
nmap -sV --script=banner 192.168.127.235 根据抓取出来的结果进行进一步探测 nmap -Pn -p 80 -sV --script=banner 192.168.127.235 |
curl
curl -s -I 192.168.127.235 | grep -e "Server: " |
telnet
telnet 192.168.127.235 22 |
netcat
nc -v 192.168.127.235 22 |
dmitry
dmitry -b 192.168.127.235 |
上文内容不用于商业目的,如涉及知识产权问题,请权利人联系博为峰小编(021-64471599-8017),我们将立即处理