Sparta是一個集端口掃描、網絡掃描、服務探測以及暴力破解等多項功能於一身的工具,kali中已經預裝了該工具,可直接使用。ios
> 輸入目標IP,開始掃描便可探測出開放的端口及服務bash
> 選中ssh服務,對其進行暴力破解網絡
> 確認IP地址、端口、掃描服務等,上傳用戶名-密碼字典後Runoracle
> 查看掃描log,探測出一個密碼被破解ssh
Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2017-08-07 23:42:58
[DATA] max 16 tasks per 1 server, overall 64 tasks, 2754 login tries (l:27/p:10119.75.217.109), ~2 tries per task
[DATA] attacking service ssh on port 22
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[ATTEMPT] target 119.75.217.109 - login "root" - pass "root" - 1 of 2754 [child 0]
[ATTEMPT] target 119.75.217.109 - login "test" - pass "test" - 2 of 2754 [child 1]
[ATTEMPT] target 119.75.217.109 - login "oracle" - pass "oracle" - 3 of 2754 [child 2]
[ATTEMPT] target 119.75.217.109 - login "admin" - pass "admin" - 4 of 2754 [child 3]
[ATTEMPT] target 119.75.217.109 - login "info" - pass "info" - 5 of 2754 [child 4]
…
[ATTEMPT] target 119.75.217.109 - login "ftp" - pass "111111" - 174 of 2883 [child 8]
[ATTEMPT] target 119.75.217.109 - login "support" - pass "111111" - 175 of 2883 [child 12]
[ATTEMPT] target 119.75.217.109 - login "temp" - pass "111111" - 176 of 2883 [child 15]
[ATTEMPT] target 119.75.217.109 - login "nagios" - pass "111111" - 177 of 2883 [child 5]
[ATTEMPT] target 119.75.217.109 - login "user1" - pass "111111" - 178 of 2883 [child 8]
[ATTEMPT] target 119.75.217.109 - login "www" - pass "111111" - 179 of 2883 [child 9]
[ATTEMPT] target 119.75.217.109 - login "test1" - pass "111111" - 180 of 2883 [child 10]
[ATTEMPT] target 119.75.217.109 - login "nobody" - pass "111111" - 181 of 2883 [child 12]
[22][ssh] host: 119.75.217.109 login: oracle password: oracle
[STATUS] attack finished for 119.75.217.109 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2017-08-07 23:43:04