Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 21:24:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md
Translator workflow a21a0e7217 Translated to Chinese
2023-08-03 19:12:22 +00:00

5.2 KiB
Raw Blame History

☁️ HackTricks云 ☁️ -🐦 推特 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

枚举

nmap -sV --script "http-vmware-path-vuln or vmware-version" -p <PORT> <IP>
msf> use auxiliary/scanner/vmware/esx_fingerprint
msf> use auxiliary/scanner/http/ms15_034_http_sys_memory_dump

暴力破解

Bruteforce is a common technique used in penetration testing to gain unauthorized access to a target system by systematically trying all possible combinations of usernames and passwords until a successful login is achieved.

暴力破解是一种常见的渗透测试技术,通过系统地尝试所有可能的用户名和密码组合,直到成功登录目标系统为止,以获取未经授权的访问权限。

This technique is often used when there is no other known vulnerability or weakness in the system that can be exploited. It relies on the assumption that the correct username and password combination exists within the set of all possible combinations.

当系统中没有其他已知的漏洞或弱点可供利用时,通常会使用这种技术。它依赖于这样一个假设,即正确的用户名和密码组合存在于所有可能的组合集合中。

Bruteforce attacks can be time-consuming and resource-intensive, especially if the target system has implemented security measures such as account lockouts or rate limiting. However, with the help of powerful hardware and specialized software, attackers can significantly speed up the process.

暴力破解攻击可能会耗费大量时间和资源,特别是当目标系统实施了诸如账户锁定或速率限制等安全措施时。然而,借助强大的硬件和专门的软件,攻击者可以显著加快这个过程。

To mitigate the risk of a successful bruteforce attack, it is important to enforce strong password policies, implement account lockouts after a certain number of failed login attempts, and monitor for any suspicious activity.

为了降低成功暴力破解攻击的风险,重要的是执行强密码策略,在一定数量的登录尝试失败后实施账户锁定,并监控任何可疑活动。

msf> auxiliary/scanner/vmware/vmware_http_login

如果您找到有效的凭据可以使用更多的Metasploit扫描模块来获取信息。

☁️ HackTricks云 ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥