美杜莎(Medusa)
(1).美杜莎介紹
Medusa(美杜莎)是一個速度快,支持大規模并行,模塊化的暴力破解工具。可以同時對多個主機,用戶或密碼執行強力測試。Medusa和hydra一樣,同樣屬于在線密碼破解工具。Medusa是支持AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare),NNTP,PcAnywhere, POP3, PostgreSQL, rexec, RDP、rlogin, rsh, SMBNT,SMTP(AUTH/VRFY),SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC、Generic Wrapper以及Web表單的密碼爆破工具。
官方網站:Foofus Networking Services - Medusa
GitHub地址:https://github.com/jmk-foofus/medusa
官網提供tar.gz包,GitHub提供zip包
(2).安裝Medusa
安裝依賴包
| 1 | [root@youxi1 ~]# yum -y install libssh2-devel libssh2-devel libtool?libtool-ltdl?libtool-ltdl-devel |
將下載好的壓縮包上傳,解壓編譯安裝
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@youxi1 ~]# tar xf medusa-2.2.tar.gz [root@youxi1 ~]# cd medusa-2.2/ [root@youxi1 medusa-2.2]# ./configure --enable-debug=yes --enable-module-afp=yes ?--enable-module-cvs=yes --enable-module-ftp=yes --enable-module-http=yes ?--enable-module-imap=yes --enable-module-mssql=yes --enable-module-mysql=yes ?--enable-module-ncp=yes --enable-module-nntp=yes --enable-module-pcanywhere=yes ?--enable-module-pop3=yes --enable-module-postgres=yes --enable-module-rexec=yes ?--enable-module-rlogin=yes --enable-module-rsh=yes --enable-module-smbnt=yes ?--enable-module-smtp=yes --enable-module-smtp-vrfy=yes --enable-module-snmp=yes ?--enable-module-ssh=yes --enable-module-svn=yes --enable-module-telnet=yes ?--enable-module-vmauthd=yes --enable-module-vnc=yes --enable-module-wrapper=yes ?--enable-module-web-form=yes [root@youxi1 medusa-2.2]# echo $? 0 [root@youxi1 medusa-2.2]# make && make install [root@youxi1 medusa-2.2]# echo $? 0 [root@youxi1 medusa-2.2]# ls /usr/local/lib/medusa/modules/ //查看已經生成的模塊 afp.mod??? mysql.mod?????? rexec.mod????? snmp.mod???? web-form.mod cvs.mod??? ncp.mod???????? rlogin.mod???? ssh.mod????? wrapper.mod ftp.mod??? nntp.mod??????? rsh.mod??????? svn.mod http.mod?? pcanywhere.mod? smbnt.mod????? telnet.mod imap.mod?? pop3.mod??????? smtp.mod?????? vmauthd.mod mssql.mod? postgres.mod??? smtp-vrfy.mod? vnc.mod |
(3).Medusa使用方法
Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
選項說明:
-h [TEXT]????? 目標主機名稱或者IP地址
-H [FILE]?????? 包含目標主機名稱或者IP地址文件
-u [TEXT]????? 測試的用戶名
-U [FILE]???? ? 包含測試的用戶名文件
-p [TEXT]????? 測試的密碼
-P [FILE]???? ? 包含測試的密碼文件
-C [FILE]?????? 組合條目文件
-O [FILE]??? ?? 日志信息文件
-e [n/s/ns]??? n代表空密碼,s代表為密碼與用戶名相同
-M [TEXT]????? 模塊執行名稱
-m [TEXT]????? 傳遞參數到模塊
-d?????????????? ? 顯示所有的模塊名稱
-n [NUM]?????? 使用非默認Tcp端口
-s???????????????? 啟用SSL
-r [NUM]?????? 重試間隔時間,默認為3秒
-t [NUM]?????? 設定線程數量
-T???????????? 同時測試的主機總數
-L??????????? ???? 并行化,每個用戶使用一個線程
-f????????????? ?? 在任何主機上找到第一個賬號/密碼后,停止破解
-F?????????? ???? 在任何主機上找到第一個有效的用戶名/密碼后停止審計。
-q????????????? ? 顯示模塊的使用信息
-v [NUM]??????詳細級別(0-6)
-w [NUM]?????錯誤調試級別(0-10)
-V??????????????? 顯示版本
-Z [TEXT]????? 繼續掃描上一次
(4).實例
指定主機,指定用戶,測試單個密碼
| 1 2 3 4 5 6 7 8 | [root@youxi1 medusa-2.2]# cd [root@youxi1 ~]# echo 192.168.5.101 > host.txt [root@youxi1 ~]# echo root > users.txt [root@youxi1 ~]# medusa -M ssh -H host.txt -U users.txt -p 123456 Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net> ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (1 of 1 complete) ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS] |
指定主機,指定用戶,測試多個密碼
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | [root@youxi1 ~]# vim p.txt //自己建立一個測試字典 1234567890 PASSWORD password 1234abcd abcd1234 ABCDEFGH abcdefgh 123456 [root@youxi1 ~]# medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net> ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234567890 (1 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: PASSWORD (2 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (3 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234abcd (4 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcd1234 (5 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: ABCDEFGH (6 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcdefgh (7 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (8 of 8 complete) ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS] |
使用-O選項將破解的密碼保存到指定文件中
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [root@youxi1 ~]# medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt -O password.txt Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net> ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234567890 (1 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: PASSWORD (2 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (3 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234abcd (4 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcd1234 (5 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: ABCDEFGH (6 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcdefgh (7 of 8 complete) ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (8 of 8 complete) ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS] [root@youxi1 ~]# cat password.txt //查看 # Medusa v.2.2 (2019-09-02 11:46:53) # medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt -O password.txt ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS] # Medusa has finished (2019-09-02 11:47:07). |
總結
以上是生活随笔為你收集整理的美杜莎(Medusa)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 2G,3G与4G技术相关技术介绍
- 下一篇: 高职计算机应用专业课程,浅谈高职计算机应