First, the basic definitions
1, blasting = blasting tool (BP / hydra) + dictionary (user dictionary / dictionaries password).
Dictionary: is a collection of some user name or password (weak passwords / use software to generate social worker) of.
2、BurpSuite
Artifact penetration testing, the use of Java development, functional and easy penetration testers to test Web sites, Web explodes here login window.
3、Hydra
Hydra, a powerful blast open source tools, there are many support services, the use of hydra blasting C / S structure of the service.
4, DVWA: Web application vulnerabilities drilling platform, open-source, integrated common Web vulnerabilities, using Apache + MySQL support.
Second, use a password BurpSuite blasting login page
Preparation before exercise: Open phpstudy, open the apache and MySQL, login DVWA.
Send intercept data packets, packets need to login page intercepted, the intercepted data to the "intruder", shortcut keys:: Step1 CTRL + i.
Step2: enter "positions" under the "intruder", first click "clear" button to remove the item does not require blasting, select the item you need, click "add", for example: "password = §123§", meaning to Blow "password", the blasting process, the dictionary to replace "123."
Step3: enter "payload", the "payload option" in the "Load" Add dictionary, select the dictionary location, loaded in.
Step4: In the "options", you can set a blasting some rules, such as: thread, matching rules, exclusion rules.
Step5: In "payloads", click on "start attack", or in the menu "Intruder" drop-down menu in the "start attack" blasting
Step6: After the blast, click on the "Length", sort the results, test results on the first few rows, probably the correct password. These account numbers and passwords used to test
How quickly locate the correct result blasting out of
- The string returned after successful registration record needs to know, such as: Welcome
- 将该字符添加到“options”中匹配规则“Grep-Match”中,在“Resuit”中,添加的字符下面,有选中的payload就是正确结果
三、使用BP爆破登录页面的账号和密码
Step1:拦截数据包,登录页面的数据包需要拦截下来,将拦截到的数据发送到“intruder” CTRL+I
Step2:静进入“positions”,先点击一下clear键去除不需要爆破的项,再去选择需要爆破的值,点击add,例如:username=§user§&password=§123§,然后选择攻击方式
Step3:Payload set 选择1,payload type中选择需要的攻击载荷类型,然后在payload options中加载所需要的数据,然后在Payload set中选择2,重复操作。
Step4:在Options选择线程等规则。start attack
四、使用Hydra爆破SSH/FTP等服务
Step1:hydra -h查看帮助信息,爆破单项(爆破密码)
hydra -l admin -P password.txt ftp://ftp的IP 或者hydra -l admin -P password.txt ftp的IP ftp -l 知道账号 -P 后跟密码字典
Step2:爆破账号和密码
hydra -L user.txt -P password.txt ssh://192.168.2.101 -L 后跟用户名字典 -P 后跟密码字典 多个字典 hydra -L user.txt -P password.txt -M password2.txt ssh://192.168.2.101 192.168.1.0/24 C端 hydra -l user.txt -p password.txt ftp://[192.168.2.0/24]/
