环境介绍
物理机:win10+wireshark
靶机:win7+phpstudy+DVWA
攻击手段
使用BurpSuite做爆破动作,爆了就行,不用在意结果
在爆破之前,做wireshark抓包并过滤数据
编写规则
alert tcp any any -> any any (msg:"DVWA-brute漏洞攻击"; flow:to_server,established; uricontent:"DVWA-master/vulnerabilities/brute"; fast_pattern:only; detection_filter:track by_dst, count 60, seconds 60; uricontent:"username="; pcre:"/username[\s=]+?.+?password[\s=]\w+?/iU"; metadata:service http; sid:7; rev:1;)
分析
在终端(powershell)中输入
snort -de -c C:\Snort\etc\snort.conf -l C:\Snort\log -r C:\dvwa抓包\Brute-Force.pcapng