Shulou(Shulou.com)06/01 Report--

For the discovered systems and file management network services, such as Telnet,SSH,FTP, we can guess the weak password and sniff the password transmitted in plaintext, so as to obtain the channel to enter the target network directly through these services.

1. The guessing of the SSH service password We can use the NMAP tool to scan the target machine. If we find that the other party has opened port 22 or SSH service, then I can continue the experiment. Before carrying out the password, we need to have a good user name dictionary and password dictionary. (how to make a good dictionary is closely related to social engineering, which is beyond our consideration here.) first of all, after we load the ssh_login module, we need to set the RHOSTS parameter to specify our * object, which can make an IP address or an IP segment, or we can also use the address segment represented by CIDR. Then use USERNAME to specify a user name (or use the USER_FILE parameter to specify a text file containing multiple usernames, each user name on a line), and use PASSWORD to specify a special password string (or use the PASS_FILE parameter to specify a text file containing multiple passwords, each password on a line) You can also use USERPASS_FILE to specify a file in which usernames and passwords are paired (separated by spaces, each username and password occupy one line)

2. Guessing of Telnet service password the method of guessing Telnet service password is the same as that of SSH password, but the speed is different.

3. Psnuffle password sniffing psnuffle password sniffing tool is the only password sniffing tool in metasploit. Its function is not powerful, but it is very useful. It can be used to intercept the authentication process of common protocols and save user name and password information.

Here we can see that the account is captured when logging in anonymously. In the actual testing process, only after getting the accident access point that can satisfy the other party's network, can we easily use the psnuffle module in metasploit for password sniffing. If conditions permit, it is recommended to keep the sniffer running throughout the access to the network to increase the possibility of intercepting passwords.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.