Web penetration test - 5. Brute force cracking vulnerability - (4) telnet password cracking

Telnet Protocol （teletype network：Telnet） yes TCP/IP A member of the protocol family , yes Internet The standard protocol and main way of remote login service . It provides users with the ability to complete remote host work on the local computer . Use on the end user's computer telnet Program , Use it to connect to the server . The end user can be in telnet Enter the command in the program , These commands run on the server , It's like typing directly into the server's console . You can control the server locally . To start a telnet conversation , You must enter a user name and password to log in to the server .Telnet It's a common remote control Web Server method .
Default port ：23

One 、hydra

Hydra Is a parallel login cracker , It supports multiple attack protocols . It's very fast and flexible , And new modules are easy to add .kali Toolset integrated .

hydra Project address ：https://github.com/vanhauser-thc/thc-hydra/releases Full version

hydra Support ：
Cisco AAA、Cisco auth、Cisco enable、CVS、FTP、HTTP(S)-FORM-GET、HTTP(S)-FORM-POST、HTTP(S)-GET、HTTP(S)-HEAD、HTTP- agent 、ICQ、IMAP、IRC、LDAP、MS-SQL、MySQL、NNTP、Oracle The listener 、Oracle SID、PC-Anywhere、PC-NFS、POP3、PostgreSQL、RDP、Rexec、Rlogin、Rsh、SIP、SMB(NT) 、SMTP、SMTP enumeration 、SNMP v1+v2+v3、SOCKS5、SSH（v1 and v2）、SSHKEY、Subversion、Teamspeak (TS2)、Telnet、VMware-Auth、VNC and XMPP`.

hydra -L /root/Desktop/user.txt -P /root/Desktop/pass.txt IP telnet

-L： Specify the user name dictionary path
-P： Specify password dictionary path

Two 、Ncrack

Ncrack Is a high-speed network authentication cracking tool . It aims to help companies protect their networks by proactively testing all their hosts and network devices for password errors .Ncrack Is to use a modular approach 、 Be similar to Nmap Command line syntax and dynamic engine design that can adjust its behavior according to network feedback . It allows fast and reliable large-scale auditing of multiple hosts .kali Toolset integrated .

Ncrack The functionality of the includes a very flexible interface , Allow users to have complete control over network operations , Allow very complex brute force attacks , Easy to use timing templates , Be similar to Nmap The runtime interaction of . Supported protocols include SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , and DICOM

Project address ：https://nmap.org/ncrack/

ncrack -U /root/Desktop/user.txt –P /root/Desktop/pass.txt IP:23

-U： Indicates the path to the user name list
-P： Indicates the path to the password list
-v： Increase the level of detail （ Use twice or more for better results

3、 ... and 、Patator

Patator For the use of Hydra、Medusa、Ncrack、Metasploit Module and Nmap NSE The script is written to thwart password guessing attacks . I chose a different approach , So as not to create another brute force cracking tool and avoid repeating the same shortcomings .Patator It's a use. Python Write multithreading tools , It strives to be more reliable and flexible than its predecessors .

Project address ：https://github.com/lanjelot/patator

patator telnet_login host=IP inputs='FILE0\nFILE1' 0=/root/Desktop/user.txt 1=/root/Desktop/pass.txt  persistent=0 prompt_re='Username: | Password:'

Four 、Metasploit

use auxiliary/scanner/telnet/telnet_login
msf exploit (telnet_login)>set rhosts IP ( Remote host IP)
msf exploit (telnet_login)>set user_file /root/Desktop/user txt
msf exploit (telnet_login)>set pass_file /root/Desktop/pass.txt
msf exploit (telnet_login)>set stop_on_success true
msf exploit (telnet_login)> exploit