質問編集履歴
5
補足のWebサーバ出力を追加
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -152,7 +152,11 @@
|
|
|
152
152
|
|
|
153
153
|
Webサーバ(192.168.179.5)
|
|
154
154
|
|
|
155
|
+
※何回か試したところ、攻撃終了後の出力として3パターンほどに分かれました。
|
|
156
|
+
|
|
157
|
+
|
|
158
|
+
|
|
155
|
-
```
|
|
159
|
+
```output1
|
|
156
160
|
|
|
157
161
|
[DATA] max 4 tasks per 1 server, overall 4 tasks, 10 login tries (l:1/p:10), ~3 tries per task
|
|
158
162
|
|
|
@@ -200,6 +204,104 @@
|
|
|
200
204
|
|
|
201
205
|
```
|
|
202
206
|
|
|
207
|
+
```output2
|
|
208
|
+
|
|
209
|
+
[DATA] max 4 tasks per 1 server, overall 4 tasks, 10 login tries (l:1/p:10), ~3 tries per task
|
|
210
|
+
|
|
211
|
+
[DATA] attacking ssh://192.168.179.5:22/
|
|
212
|
+
|
|
213
|
+
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
|
|
214
|
+
|
|
215
|
+
[INFO] Testing if password authentication is supported by ssh://root@192.168.179.5:22
|
|
216
|
+
|
|
217
|
+
[INFO] Successful, password authentication is supported by ssh://192.168.179.5:22
|
|
218
|
+
|
|
219
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "abc" - 1 of 10 [child 0] (0/0)
|
|
220
|
+
|
|
221
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "bcd" - 2 of 10 [child 1] (0/0)
|
|
222
|
+
|
|
223
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "cde" - 3 of 10 [child 2] (0/0)
|
|
224
|
+
|
|
225
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 4 of 10 [child 3] (0/0)
|
|
226
|
+
|
|
227
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "efg" - 5 of 10 [child 2] (0/0)
|
|
228
|
+
|
|
229
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "fgh" - 6 of 11 [child 0] (0/1)
|
|
230
|
+
|
|
231
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ghi" - 7 of 11 [child 1] (0/1)
|
|
232
|
+
|
|
233
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "root" - 8 of 11 [child 3] (0/1)
|
|
234
|
+
|
|
235
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "guest" - 9 of 12 [child 0] (0/2)
|
|
236
|
+
|
|
237
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ログイン用パスワード" - 10 of 12 [child 3] (0/2)
|
|
238
|
+
|
|
239
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 11 of 12 [child 2] (1/2)
|
|
240
|
+
|
|
241
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "fgh" - 12 of 12 [child 1] (2/2)
|
|
242
|
+
|
|
243
|
+
[STATUS] attack finished for 192.168.179.5 (waiting for children to complete tests)
|
|
244
|
+
|
|
245
|
+
[VERBOSE] Disabled child 2 because of too many errors
|
|
246
|
+
|
|
247
|
+
1 of 1 target completed, 0 valid passwords found
|
|
248
|
+
|
|
249
|
+
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-10 11:37:28
|
|
250
|
+
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
|
|
254
|
+
|
|
255
|
+
```output3
|
|
256
|
+
|
|
257
|
+
[INFO] Successful, password authentication is supported by ssh://192.168.179.5:22
|
|
258
|
+
|
|
259
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "abc" - 1 of 10 [child 0] (0/0)
|
|
260
|
+
|
|
261
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "bcd" - 2 of 10 [child 1] (0/0)
|
|
262
|
+
|
|
263
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "cde" - 3 of 10 [child 2] (0/0)
|
|
264
|
+
|
|
265
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 4 of 10 [child 3] (0/0)
|
|
266
|
+
|
|
267
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "efg" - 5 of 12 [child 3] (0/2)
|
|
268
|
+
|
|
269
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "fgh" - 6 of 12 [child 2] (0/2)
|
|
270
|
+
|
|
271
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ghi" - 7 of 12 [child 1] (0/2)
|
|
272
|
+
|
|
273
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "root" - 8 of 12 [child 0] (0/2)
|
|
274
|
+
|
|
275
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "guest" - 9 of 12 [child 2] (0/2)
|
|
276
|
+
|
|
277
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ログイン用パスワード" - 10 of 12 [child 3] (0/2)
|
|
278
|
+
|
|
279
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 11 of 12 [child 0] (1/2)
|
|
280
|
+
|
|
281
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "cde" - 12 of 12 [child 1] (2/2)
|
|
282
|
+
|
|
283
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "ログイン用パスワード" - 13 of 13 [child 2] (3/3)
|
|
284
|
+
|
|
285
|
+
[STATUS] attack finished for 192.168.179.5 (waiting for children to complete tests)
|
|
286
|
+
|
|
287
|
+
[VERBOSE] Disabled child 0 because of too many errors
|
|
288
|
+
|
|
289
|
+
[VERBOSE] Disabled child 1 because of too many errors
|
|
290
|
+
|
|
291
|
+
1 of 1 target completed, 0 valid passwords found
|
|
292
|
+
|
|
293
|
+
[WARNING] Writing restore file because 1 final worker threads did not complete until end.
|
|
294
|
+
|
|
295
|
+
[ERROR] 1 target did not resolve or could not be connected
|
|
296
|
+
|
|
297
|
+
[ERROR] 4 targets did not complete
|
|
298
|
+
|
|
299
|
+
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-10 11:35:59
|
|
300
|
+
|
|
301
|
+
|
|
302
|
+
|
|
303
|
+
```
|
|
304
|
+
|
|
203
305
|
|
|
204
306
|
|
|
205
307
|
メールサーバ(192.168.179.7)
|
4
補足修正
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -134,7 +134,7 @@
|
|
|
134
134
|
|
|
135
135
|
|
|
136
136
|
|
|
137
|
-
|
|
137
|
+
▼10/10補足▼
|
|
138
138
|
|
|
139
139
|
パスワードリストを使った際の出力も記載いたします。
|
|
140
140
|
|
3
[10/10補足]追加
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -131,3 +131,121 @@
|
|
|
131
131
|
なお、当方が使用しているKali linuxはアップデート済みのもので、
|
|
132
132
|
|
|
133
133
|
hydraではBasic認証、pop、ftpなどのクラッキングは問題なく成功しております。
|
|
134
|
+
|
|
135
|
+
|
|
136
|
+
|
|
137
|
+
[10/10補足]
|
|
138
|
+
|
|
139
|
+
パスワードリストを使った際の出力も記載いたします。
|
|
140
|
+
|
|
141
|
+
なお、パスワードファイルは10行あり、10行目がログイン用のパスワードです。
|
|
142
|
+
|
|
143
|
+
|
|
144
|
+
|
|
145
|
+
入力コマンド
|
|
146
|
+
|
|
147
|
+
hydra -vV -t 4 -l root -P パスファイル ssh://対象IP
|
|
148
|
+
|
|
149
|
+
※詳細出力用に-vV、タスク数を4に設定しています。
|
|
150
|
+
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
Webサーバ(192.168.179.5)
|
|
154
|
+
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
[DATA] max 4 tasks per 1 server, overall 4 tasks, 10 login tries (l:1/p:10), ~3 tries per task
|
|
158
|
+
|
|
159
|
+
[DATA] attacking ssh://192.168.179.5:22/
|
|
160
|
+
|
|
161
|
+
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
|
|
162
|
+
|
|
163
|
+
[INFO] Testing if password authentication is supported by ssh://root@192.168.179.5:22
|
|
164
|
+
|
|
165
|
+
[INFO] Successful, password authentication is supported by ssh://192.168.179.5:22
|
|
166
|
+
|
|
167
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "abc" - 1 of 10 [child 0] (0/0)
|
|
168
|
+
|
|
169
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "bcd" - 2 of 10 [child 1] (0/0)
|
|
170
|
+
|
|
171
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "cde" - 3 of 10 [child 2] (0/0)
|
|
172
|
+
|
|
173
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 4 of 10 [child 3] (0/0)
|
|
174
|
+
|
|
175
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "efg" - 5 of 12 [child 1] (0/2)
|
|
176
|
+
|
|
177
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "fgh" - 6 of 12 [child 3] (0/2)
|
|
178
|
+
|
|
179
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ghi" - 7 of 12 [child 2] (0/2)
|
|
180
|
+
|
|
181
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "root" - 8 of 12 [child 0] (0/2)
|
|
182
|
+
|
|
183
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "guest" - 9 of 14 [child 1] (0/4)
|
|
184
|
+
|
|
185
|
+
[ATTEMPT] target 192.168.179.5 - login "root" - pass "ログインパスワード" - 10 of 14 [child 2] (0/4)
|
|
186
|
+
|
|
187
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "bcd" - 11 of 14 [child 3] (1/4)
|
|
188
|
+
|
|
189
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "def" - 12 of 14 [child 0] (2/4)
|
|
190
|
+
|
|
191
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "fgh" - 13 of 14 [child 1] (3/4)
|
|
192
|
+
|
|
193
|
+
[REDO-ATTEMPT] target 192.168.179.5 - login "root" - pass "root" - 14 of 14 [child 3] (4/4)
|
|
194
|
+
|
|
195
|
+
[STATUS] attack finished for 192.168.179.5 (waiting for children to complete tests)
|
|
196
|
+
|
|
197
|
+
1 of 1 target completed, 0 valid passwords found
|
|
198
|
+
|
|
199
|
+
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-10 11:21:18
|
|
200
|
+
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
|
|
204
|
+
|
|
205
|
+
メールサーバ(192.168.179.7)
|
|
206
|
+
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
[DATA] max 4 tasks per 1 server, overall 4 tasks, 10 login tries (l:1/p:10), ~3 tries per task
|
|
210
|
+
|
|
211
|
+
[DATA] attacking ssh://192.168.179.7:22/
|
|
212
|
+
|
|
213
|
+
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
|
|
214
|
+
|
|
215
|
+
[INFO] Testing if password authentication is supported by ssh://root@192.168.179.7:22
|
|
216
|
+
|
|
217
|
+
[INFO] Successful, password authentication is supported by ssh://192.168.179.7:22
|
|
218
|
+
|
|
219
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "abc" - 1 of 10 [child 0] (0/0)
|
|
220
|
+
|
|
221
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "bcd" - 2 of 10 [child 1] (0/0)
|
|
222
|
+
|
|
223
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "cde" - 3 of 10 [child 2] (0/0)
|
|
224
|
+
|
|
225
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "def" - 4 of 10 [child 3] (0/0)
|
|
226
|
+
|
|
227
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "efg" - 5 of 10 [child 1] (0/0)
|
|
228
|
+
|
|
229
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "fgh" - 6 of 10 [child 2] (0/0)
|
|
230
|
+
|
|
231
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "ghi" - 7 of 10 [child 0] (0/0)
|
|
232
|
+
|
|
233
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "root" - 8 of 10 [child 3] (0/0)
|
|
234
|
+
|
|
235
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "guest" - 9 of 10 [child 1] (0/0)
|
|
236
|
+
|
|
237
|
+
[ATTEMPT] target 192.168.179.7 - login "root" - pass "ログインパスワード" - 10 of 10 [child 2] (0/0)
|
|
238
|
+
|
|
239
|
+
[22][ssh] host: 192.168.179.7 login: root password: ログインパスワード
|
|
240
|
+
|
|
241
|
+
[STATUS] attack finished for 192.168.179.7 (waiting for children to complete tests)
|
|
242
|
+
|
|
243
|
+
1 of 1 target successfully completed, 1 valid password found
|
|
244
|
+
|
|
245
|
+
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-10 11:23:57
|
|
246
|
+
|
|
247
|
+
```
|
|
248
|
+
|
|
249
|
+
|
|
250
|
+
|
|
251
|
+
挙動の違いとしては、後者(攻撃成功する方)は4タスク試行するごとに出力が一瞬止まりますが、前者(攻撃失敗する方)は一度に全てが出力されます。
|
2
1つめのログのIPアドレス修正
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -68,17 +68,15 @@
|
|
|
68
68
|
|
|
69
69
|
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
|
|
70
70
|
|
|
71
|
-
[INFO] Testing if password authentication is supported by ssh://root@192.168.179.
|
|
71
|
+
[INFO] Testing if password authentication is supported by ssh://root@192.168.179.5:22
|
|
72
72
|
|
|
73
|
-
[INFO] Successful, password authentication is supported by ssh://192.168.179.
|
|
73
|
+
[INFO] Successful, password authentication is supported by ssh://192.168.179.5:22
|
|
74
74
|
|
|
75
|
-
[STATUS] attack finished for 192.168.179.
|
|
75
|
+
[STATUS] attack finished for 192.168.179.5 (waiting for children to complete tests)
|
|
76
76
|
|
|
77
77
|
1 of 1 target completed, 0 valid passwords found
|
|
78
78
|
|
|
79
|
-
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-0
|
|
79
|
+
Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-10 11:03:28
|
|
80
|
-
|
|
81
|
-
|
|
82
80
|
|
|
83
81
|
```
|
|
84
82
|
|
1
初心者アイコンに変更
test
CHANGED
|
File without changes
|
test
CHANGED
|
File without changes
|