Kali工具使用
对于这篇文章主要用来存帮助命令以及一些例子之类的,所以会比较长,大部分都可以用[命令] --help 在kali上直接看到
初期准备
软件更新
sudo apt-get update // 更新列表
sudo apt-get upgrade // 更新软件SSH允许root登录
配置SSH
打开配置文件:
sudo vi /etc/ssh/sshd_config
找到以下选项并取消注释:
Port 22
PermitRootLogin prohibit-password
PasswordAuthentication yes
如果要使用ssh登录root在原有的基础上改为这样:
PermitRootLogin yes
StrictModes yes
重启SSH服务:
/etc/init.d/ssh restart or: systemctl restart ssh
开机自启:
systemctl enable ssh or: update-rc.d ssh enable
常用工具
Fping
Usage: fping [options] [targets...]
Probing options:
-4, --ipv4 only ping IPv4 addresses
-6, --ipv6 only ping IPv6 addresses
-b, --size=BYTES amount of ping data to send, in bytes (default: 56)
-B, --backoff=N set exponential backoff factor to N (default: 1.5)
-c, --count=N count mode: send N pings to each target
-f, --file=FILE read list of targets from a file ( - means stdin)
-g, --generate generate target list (only if no -f specified)
(give start and end IP in the target list, or a CIDR address)
(ex. fping -g 192.168.1.0 192.168.1.255 or fping -g 192.168.1.0/24)
-H, --ttl=N set the IP TTL value (Time To Live hops)
-I, --iface=IFACE bind to a particular interface
-l, --loop loop mode: send pings forever
-m, --all use all IPs of provided hostnames (e.g. IPv4 and IPv6), use with -A
-M, --dontfrag set the Don't Fragment flag
-O, --tos=N set the type of service (tos) flag on the ICMP packets
-p, --period=MSEC interval between ping packets to one target (in ms)
(in loop and count modes, default: 1000 ms)
-r, --retry=N number of retries (default: 3)
-R, --random random packet data (to foil link data compression)
-S, --src=IP set source address
-t, --timeout=MSEC individual target initial timeout (default: 500 ms,
except with -l/-c/-C, where it's the -p period up to 2000 ms)
Output options:
-a, --alive show targets that are alive
-A, --addr show targets by address
-C, --vcount=N same as -c, report results in verbose format
-d, --rdns show targets by name (force reverse-DNS lookup)
-D, --timestamp print timestamp before each output line
-e, --elapsed show elapsed time on return packets
-i, --interval=MSEC interval between sending ping packets (default: 10 ms)
-n, --name show targets by name (reverse-DNS lookup for target IPs)
-N, --netdata output compatible for netdata (-l -Q are required)
-o, --outage show the accumulated outage time (lost packets * packet interval)
-q, --quiet quiet (don't show per-target/per-ping results)
-Q, --squiet=SECS same as -q, but add interval summary every SECS seconds
-s, --stats print final stats
-u, --unreach show targets that are unreachable
-v, --version show version
-x, --reachable=N shows if >=N hosts are reachable or not
Nping
Nping 0.7.92 ( https://nmap.org/nping )
Usage: nping [Probe mode] [Options] {target specification}
TARGET SPECIFICATION:
Targets may be specified as hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.*.1-24
PROBE MODES:
--tcp-connect : Unprivileged TCP connect probe mode.
--tcp : TCP probe mode.
--udp : UDP probe mode.
--icmp : ICMP probe mode.
--arp : ARP/RARP probe mode.
--tr, --traceroute : Traceroute mode (can only be used with
TCP/UDP/ICMP modes).
TCP CONNECT MODE:
-p, --dest-port <port spec> : Set destination port(s).
-g, --source-port <portnumber> : Try to use a custom source port.
TCP PROBE MODE:
-g, --source-port <portnumber> : Set source port.
-p, --dest-port <port spec> : Set destination port(s).
--seq <seqnumber> : Set sequence number.
--flags <flag list> : Set TCP flags (ACK,PSH,RST,SYN,FIN...)
--ack <acknumber> : Set ACK number.
--win <size> : Set window size.
--badsum : Use a random invalid checksum.
UDP PROBE MODE:
-g, --source-port <portnumber> : Set source port.
-p, --dest-port <port spec> : Set destination port(s).
--badsum : Use a random invalid checksum.
ICMP PROBE MODE:
--icmp-type <type> : ICMP type.
--icmp-code <code> : ICMP code.
--icmp-id <id> : Set identifier.
--icmp-seq <n> : Set sequence number.
--icmp-redirect-addr <addr> : Set redirect address.
--icmp-param-pointer <pnt> : Set parameter problem pointer.
--icmp-advert-lifetime <time> : Set router advertisement lifetime.
--icmp-advert-entry <IP,pref> : Add router advertisement entry.
--icmp-orig-time <timestamp> : Set originate timestamp.
--icmp-recv-time <timestamp> : Set receive timestamp.
--icmp-trans-time <timestamp> : Set transmit timestamp.
ARP/RARP PROBE MODE:
--arp-type <type> : Type: ARP, ARP-reply, RARP, RARP-reply.
--arp-sender-mac <mac> : Set sender MAC address.
--arp-sender-ip <addr> : Set sender IP address.
--arp-target-mac <mac> : Set target MAC address.
--arp-target-ip <addr> : Set target IP address.
IPv4 OPTIONS:
-S, --source-ip : Set source IP address.
--dest-ip <addr> : Set destination IP address (used as an
alternative to {target specification} ).
--tos <tos> : Set type of service field (8bits).
--id <id> : Set identification field (16 bits).
--df : Set Don't Fragment flag.
--mf : Set More Fragments flag.
--ttl <hops> : Set time to live [0-255].
--badsum-ip : Use a random invalid checksum.
--ip-options <S|R [route]|L [route]|T|U ...> : Set IP options
--ip-options <hex string> : Set IP options
--mtu <size> : Set MTU. Packets get fragmented if MTU is
small enough.
IPv6 OPTIONS:
-6, --IPv6 : Use IP version 6.
--dest-ip : Set destination IP address (used as an
alternative to {target specification}).
--hop-limit : Set hop limit (same as IPv4 TTL).
--traffic-class <class> : : Set traffic class.
--flow <label> : Set flow label.
ETHERNET OPTIONS:
--dest-mac <mac> : Set destination mac address. (Disables
ARP resolution)
--source-mac <mac> : Set source MAC address.
--ether-type <type> : Set EtherType value.
PAYLOAD OPTIONS:
--data <hex string> : Include a custom payload.
--data-string <text> : Include a custom ASCII text.
--data-length <len> : Include len random bytes as payload.
ECHO CLIENT/SERVER:
--echo-client <passphrase> : Run Nping in client mode.
--echo-server <passphrase> : Run Nping in server mode.
--echo-port <port> : Use custom <port> to listen or connect.
--no-crypto : Disable encryption and authentication.
--once : Stop the server after one connection.
--safe-payloads : Erase application data in echoed packets.
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m, 0.25h).
--delay <time> : Adjust delay between probes.
--rate <rate> : Send num packets per second.
MISC:
-h, --help : Display help information.
-V, --version : Display current version number.
-c, --count <n> : Stop after <n> rounds.
-e, --interface <name> : Use supplied network interface.
-H, --hide-sent : Do not display sent packets.
-N, --no-capture : Do not try to capture replies.
--privileged : Assume user is fully privileged.
--unprivileged : Assume user lacks raw socket privileges.
--send-eth : Send packets at the raw Ethernet layer.
--send-ip : Send packets using raw IP sockets.
--bpf-filter <filter spec> : Specify custom BPF filter.
OUTPUT:
-v : Increment verbosity level by one.
-v[level] : Set verbosity level. E.g: -v4
-d : Increment debugging level by one.
-d[level] : Set debugging level. E.g: -d3
-q : Decrease verbosity level by one.
-q[N] : Decrease verbosity level N times
--quiet : Set verbosity and debug level to minimum.
--debug : Set verbosity and debug to the max level.
EXAMPLES:
nping scanme.nmap.org
nping --tcp -p 80 --flags rst --ttl 2 192.168.1.1
nping --icmp --icmp-type time --delay 500ms 192.168.254.254
nping --echo-server "public" -e wlan0 -vvv
nping --echo-client "public" echo.nmap.org --tcp -p1-1024 --flags ack
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Arping
ARPing 2.22, by Thomas Habets <thomas@habets.se>
usage: arping [ -0aAbdDeFpPqrRuUv ] [ -w <sec> ] [ -W <sec> ] [ -S <host/ip> ]
[ -T <host/ip ] [ -s <MAC> ] [ -t <MAC> ] [ -c <count> ]
[ -C <count> ] [ -i <interface> ] [ -m <type> ] [ -g <group> ]
[ -V <vlan> ] [ -Q <priority> ] <host/ip/MAC | -B>
Options:
-0 Use this option to ping with source IP address 0.0.0.0. Use this
when you haven't configured your interface yet. Note that this
may get the MAC-ping unanswered. This is an alias for -S
0.0.0.0.
-a Audiable ping.
-A Only count addresses matching requested address (This *WILL*
break most things you do. Only useful if you are arpinging many
hosts at once. See arping-scan-net.sh for an example).
-b Like -0 but source broadcast source address (255.255.255.255).
Note that this may get the arping unanswered since it's not nor-
mal behavior for a host.
-B Use instead of host if you want to address 255.255.255.255.
-c count
Only send count requests.
-C count
Only wait for this many replies, regardless of -c and -w.
-d Find duplicate replies. Exit with 1 if there are answers from
two different MAC addresses.
-D Display answers as exclamation points and missing packets as dots.
-e Like -a but beep when there is no reply.
-F Don't try to be smart about the interface name. (even if this
switch is not given, -i overrides smartness)
-g group
setgid() to this group instead of the nobody group.
-h Displays a help message and exits.
-i interface
Use the specified interface.
-m type
Type of timestamp to use for incoming packets. Use -vv when
pinging to list available ones.
-q Does not display messages, except error messages.
-Q pri 802.1p priority to set. Should be used with 802.1Q (-V).
Defaults to 0.
-r Raw output: only the MAC/IP address is displayed for each reply.
-R Raw output: Like -r but shows "the other one", can be combined
with -r.
-s MAC Set source MAC address. You may need to use -p with this.
-S IP Like -b and -0 but with set source address. Note that this may
get the arping unanswered if the target does not have routing to
the IP. If you don't own the IP you are using, you may need to
turn on promiscious mode on the interface (with -p). With this
switch you can find out what IP-address a host has without tak-
ing an IP-address yourself.
-t MAC Set target MAC address to use when pinging IP address.
-T IP Use -T as target address when pinging MACs that won't respond to
a broadcast ping but perhaps to a directed broadcast.
Example:
To check the address of MAC-A, use knowledge of MAC-B and IP-B.
$ arping -S <IP-B> -s <MAC-B> -p <MAC-A>
-p Turn on promiscious mode on interface, use this if you don't
"own" the MAC address you are using.
-P Send ARP replies instead of requests. Useful with -U.
-u Show index=received/sent instead of just index=received when
pinging MACs.
-U Send unsolicited ARP.
-v Verbose output. Use twice for more messages.
-V num 802.1Q tag to add. Defaults to no VLAN tag.
-w sec Specify a timeout before ping exits regardless of how many
packets have been sent or received.
-W sec Time to wait between pings.
Report bugs to: thomas@habets.se
Arping home page: <http://www.habets.pp.se/synscan/>
Development repo: http://github.com/ThomasHabets/arpingNbtscan
nbtscan: invalid option -- '-'
NBTscan version 1.7.2.
This is a free software and it comes with absolutely no warranty.
You can use, distribute and modify it under terms of GNU GPL 2+.
Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
-v verbose output. Print all names received
from each host
-d dump packets. Print whole packet contents.
-e Format output in /etc/hosts format.
-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response.
Default 1000.
-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don't get dropped.
-r use local port 137 for scans. Win95 boxes
respond to this only.
You need to be root to use this option on Unix.
-q Suppress banners and error messages,
-s separator Script-friendly output. Don't print
column and record headers, separate fields with separator.
-h Print human-readable names for services.
Can only be used with -v option.
-m retransmits Number of retransmits. Default 0.
-f filename Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
<scan_range> what to scan. Can either be single IP
like 192.168.1.1 or
range of addresses in one of two forms:
xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.
Onesixtyone
onesixtyone: invalid option -- '-'
onesixtyone 0.3.3 [options] <host> <community>
-c <communityfile> file with community names to try
-i <inputfile> file with target hosts
-o <outputfile> output log
-p specify an alternate destination SNMP port
-d debug mode, use twice for more information
-s short mode, only print IP addresses
-w n wait n milliseconds (1/1000 of a second) between sending packets (default 10)
-q quiet mode, do not print log to stdout, use with -l
host is either an IPv4 address or an IPv4 address and a netmask
default community names are: public private
Max number of hosts : 65535
Max community length: 32
Max number of communities: 16384
examples: onesixtyone 192.168.4.0/24 public
onesixtyone -c dict.txt -i hosts -o my.log -w 100
NMAP-扫描
Nmap 7.92 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
hydra-破解密码
Syntax:
hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] |
[-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]]
[-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET]
[-c TIME] [-ISOuvVd46] [-m MODULE_OPT] [service://server[:PORT][/OPT]]
-R restore a previous aborted/crashed session
# 恢复之前的中止/崩溃的任务
-I ignore an existing restore file (do not wait 10 seconds)
# 忽略现有的还原文件(不要等待十秒)
-S perform an SSL connect
# 执行SSL连接
-s PORT if the service is on a different default port, define it here
# -s 端口 如果这个服务与默认端口不同, 在这定义
-l LOGIN or -L FILE login with LOGIN name, or load several logins from FILE
# -l 登陆 -L 文件 登陆用户名, 或者在文件中加载一些用户名
-p PASS or -P FILE try password PASS, or load several passwords from FILE
# -p 密码 -P 文件 尝试密码通过, 或从文件中加载一些密码尝试
-x MIN:MAX:CHARSET password brute force generation, type "-x -h" to get help
# 最小:最大:字符集 生成暴力密码, 可以输入"-x -h"获得帮助
-y disable use of symbols in brute force, see above
# 禁止在暴力密码中使用符号, 参见上文"-x"
-r use a non-random shuffling method for option -x
# 在-x 选项中使用不随机洗牌方法
-e nsr try "n" null password, "s" login as pass and/or "r" reversed login
# 尝试"n"空密码, "s" 作为通行证登陆 并且/或 "r" 反向登陆 --没理解
-u loop around users, not passwords (effective! implied with -x)
# 循环使用用户, 不是用密码(有效的! -x中有说明?)
-C FILE colon separated "login:pass" format, instead of -L/-P options
# -C 文件 冒号分离"用户名:密码"格式, 代替-L/-P选项
-M FILE list of servers to attack, one entry per line, ':' to specify port
# -M 文件 去攻击的服务器列表, 按行执行, ':'去指定特殊端口
-o FILE write found login/password pairs to FILE instead of stdout
# -o 文件 将找到的登录/密码对写入文件,而不是标准输出
-b FORMAT specify the format for the -o FILE: text(default), json, jsonv1
# -b FORMAT format(版式) 指定-o文件格式: 文本(默认), json, jsonv1
-f / -F exit when a login/pass pair is found (-M: -f per host, -F global)
# 当登陆/密码对已经找到就退出(-M: -f 每一个主机, -F 全部)
-t TASKS run TASKS number of connects in parallel per target (default: 16)
# 任务运行任务每个目标并行连接的数量
-T TASKS run TASKS connects in parallel overall (for -M, default: 64)
# 任务运行任务连接总体并行(使用-M, 默认:64)
-w / -W TIME wait time for a response (32) / between connects per thread (0)
# 等待回应时间(32)/ 在每个进程连接之间
-c TIME wait time per login attempt over all threads (enforces -t 1)
-4 / -6 use IPv4 (default) / IPv6 addresses (put always in [] also in -M)
-v / -V / -d verbose mode / show login+pass for each attempt / debug mode
-O use old SSL v2 and v3
-K do not redo failed attempts (good for -M mass scanning)
-q do not print messages about connection errors
-U service module usage details
-m OPT options specific for a module, see -U output for information
-h more command line options (COMPLETE HELP)
server the target: DNS, IP or 192.168.0.0/24 (this OR the -M option)
service the service to crack (see below for supported protocols)
OPT some service modules support additional input (-U for module help)
示例:
hydra -[l root / L /用户名路径] -P /字典路径 -t [1-64线程] [协议]://192.168.1.1
举例:
hydra -l root -P /home/zyx/password.txt -t 64 ssh://192.168.1.114
Hydra v9.2 (c) 2021 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-03-11 09:06:45
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 64 tasks per 1 server, overall 64 tasks, 147253 login tries (l:1/p:147253), ~2301 tries per task
[DATA] attacking ssh://192.168.1.114:22/
[22][ssh] host: 192.168.1.114 login: root password: passwd
1 of 1 target successfully completed, 1 valid password found
[WARNING] Writing restore file because 52 final worker threads did not complete until end.
[ERROR] 52 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-03-11 09:06:59
阅读剩余
版权声明:
作者:ZYX
链接:https://zyxweb.cn/kalitools/
文章版权归作者所有,未经允许请勿转载。
THE END
SSH启动失败: Bind to port ** on :: failed: permission deined
使用Centos 7.9
查看如何修改SSH端口号点这里
因为没有SE Linux的授权
// 安装semannage对SE Linux进行修改
yum -y install policycoreutils-python
// 查找……
Centos 7 SSH登录失败自动封禁
写在开头:
这个方法只有一个问题!!!!!!
只封用户!!!!!
不封IP!!!!!!
开启之后会导致被人恶意攻击后自己也进不了ssh,只能实体机操作,或者……
宝塔反向代理api.openai.com
在宝塔创建站点
如果出现504错误
proxy_ssl_ser……
