本文主要是介绍linux密码破解[离线]--john 探测(爆破)弱口令(包含linux机器,aix小机)/linux上的shadow文件破解,亲测可用,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
linux密码破解[离线]–john 探测(爆破)弱口令(包含linux机器,aix小机),linux上的shadow文件破解
手头上上面的机器居多,而且这些机器也是几经转折到了奴家的手上,前期已经出现了有几个密码是1234的情况,非常的头疼,这些账户也不是我们在用的,最主要的是我们的机器都在机房,没有机器的所有权,只有使用权,只要一旦扫出来弱口令,那我们也就只能背锅,好多的账户都是前期的遗留问题,不知道是否有人在用,机房也在用,好多部门也都在用,我们只是使用了其中的两个主要的用户,所以说为了安全期间,还是要自己测一下,自己的这些账户上面,有没有弱口令
基本思路
- 安装部署john
注意的是这个千万不要在生产环境上部署安装,这个可以部署在自己电脑或者其他的虚机上面,最好可以联网,因为联网安装的比较方便,直接可以yum安装相关的依赖包,切记,破解工作期间可以断网,同时也要做到保密措施 - 批量获取机器的shadow文件
建议使用ansible,可以将远程机的shadow文件,以ip进行命名,方便区分对应ip. - 利用john对shadow进行爆破
可以结合shell对指定目录下面的shadow文件进行for循环破解,破解速度的快慢,主要看你的密码本是否强大 - 本人建议哈,由于是咱们自己找是不是弱密码,建议不要把密码本设置的那么强大,能够满足基本的探测出来弱密码即可
所有涉及的安装包:
链接:https://pan.baidu.com/s/1oItHEHCEdmAMWGY0thQM3g
提取码:hgdr
–来自百度网盘超级会员V3的分享
一、安装john
我这边使用的是john-1.9.0-jumbo-1.tar这个版本的,这个是我这个时候官网上面的最新的版本,还是建议大家使用最新版本的,多年来的吃亏经验分享一下
[root@localhost ~]# tar xvf john-1.9.0-jumbo-1.tar
john-1.9.0-jumbo-1/.ci/Dockerfile
john-1.9.0-jumbo-1/.ci/disable_formats.sh
john-1.9.0-jumbo-1/.circleci/circle-ci.sh
john-1.9.0-jumbo-1/.circleci/config.yml
john-1.9.0-jumbo-1/.editorconfig
john-1.9.0-jumbo-1/.gitattributes
john-1.9.0-jumbo-1/.github/issue_template.md
以下的省略。。。。
上图就是刚解压出来的(红框框里面二点是刚解压出来的哈,其余两个是我已经安装好了)
告诉大家一个小秘密,这个john只要不是在一个目录里面,只要你解压的目录不同,可以多个john同时开始探测,就好比我上面那样,我就可以开着两个john一起来进行弱密码的破解。
[root@localhost ~]# ls
anaconda-ks.cfg check-ip.sh check-re.txt ip-adder.txt ip.txt john john-1.9.0-jumbo-1 john-1.9.0-jumbo-1.tar john-2
[root@localhost ~]# mv john-1.9.0-jumbo-1 john-3 重新命名一下目录
[root@localhost ~]# ls
anaconda-ks.cfg check-ip.sh check-re.txt ip-adder.txt ip.txt john john-1.9.0-jumbo-1.tar john-2 john-3
[root@localhost john-3]# ls
CONTRIBUTING.md doc README.md run src
##其中doc为文档目录 run为john命令所在目录 src为需要编译的目录 ------->大概就这样理解把
[root@localhost john-3]# cd src/
[root@localhost src]# ls
7z_fmt_plug.c diskcryptor_common.h KeccakSponge.h opencl_bf_fmt_plug.c packaging simd-intrinsics.c
adxcrypt_fmt_plug.c diskcryptor_common_plug.c keepass2john.c opencl_bf_std.h padlock_fmt_plug.c simd-intrinsics.h
aes diskcryptor_fmt_plug.c keepass_common.h opencl_bf_std_plug.c palshop_fmt_plug.c simd-intrinsics-load-flags.h
aes_ccm.h django_fmt_plug.c keepass_common_plug.c opencl_bitlocker_fmt_plug.c panama.c single.c
aes_ccm_plug.c django_scrypt_fmt_plug.c keepass_fmt_plug.c opencl_bitlocker.h panama_fmt_plug.c single.h
aes_gcm.h DMD5_fmt_plug.c keychain_common.h opencl_bitwarden_fmt_plug.c params.c SIPdump.c
aes_gcm_plug.c dmg2john.c keychain_common_plug.c opencl_blockchain_fmt_plug.c params.h SIPdump.h
aes.h dmg_common.h keychain_fmt_plug.c opencl_blowfish.h pa-risc.h sip_fmt_plug.c
aes_ige.h dmg_common_plug.c keyring_fmt_plug.c opencl_cast.h path.c sip_fmt_plug.h
aes_ige_plug.c dmg_fmt_plug.c keystore_common.h opencl_chacha.h path.h skein.c
AFS_fmt.c DOMINOSEC8_fmt_plug.c keystore_common_plug.c opencl_cloudkeychain_fmt_plug.c pbkdf2_hmac_common.h skein_fmt_plug.c
agilekeychain_common.h DOMINOSEC_fmt_plug.c keystore_fmt_plug.c opencl_cmac.h pbkdf2_hmac_common_plug.c SKEY_fmt_plug.c
agilekeychain_common_plug.c dpapimk_fmt_plug.c known_hosts_fmt_plug.c opencl_common.c pbkdf2-hmac-md4_fmt_plug.c SKEY_jtr.h
agilekeychain_fmt_plug.c dragonfly3_fmt_plug.c KRB4_fmt_plug.c opencl_common.h pbkdf2_hmac_md4.h SKEY_jtr_plug.c
aix_ssha_fmt_plug.c dragonfly4_fmt_plug.c KRB4_std.h opencl_dashlane_fmt_plug.c pbkdf2-hmac-md5_fmt_plug.c sl3_common.h
aligned.h drupal7_common.h KRB4_std_plug.c opencl_DES_bs_b_plug.c pbkdf2_hmac_md5.h sl3_common_plug.c
alpha.h drupal7_fmt_plug.c krb5_asrep_common.h opencl_DES_bs_f_plug.c pbkdf2_hmac_ripemd160.h sl3_fmt_plug.c
alpha.S dummy.c krb5_asrep_common_plug.c opencl_DES_bs.h pbkdf2-hmac-sha1_fmt_plug.c slow_hash.h
andotp_fmt_plug.c dyna-compiler-test.sh krb5_asrep_fmt_plug.c opencl_DES_bs_h_plug.c pbkdf2_hmac_sha1.h slow_hash_plug.c
androidbackup_common.h dynamic_big_crypt_chopper.pl krb5_common.h opencl_DES_bs_plug.c pbkdf2_hmac_sha256_fmt_plug.c snefru_fmt_plug.c
androidbackup_common_plug.c dynamic_big_crypt_generator.sh krb5_common_plug.c opencl_DES_fmt_plug.c pbkdf2_hmac_sha256.h snefru.h
androidbackup_fmt_plug.c dynamic_big_crypt_hash.cin krb5_db_fmt_plug.c opencl_des.h pbkdf2-hmac-sha512_fmt_plug.c snefru_plug.c
androidfde_fmt_plug.c dynamic_big_crypt_header.cin KRB5_fmt_plug.c opencl_DES_hst_dev_shared.h pbkdf2_hmac_sha512.h snmp_fmt_plug.c
ansible_common.h dynamic_compiler.c krb5pa-md5_fmt_plug.c opencl_DES_kernel_params.h pbkdf2_hmac_whirlpool.h solarwinds_common.h
ansible_common_plug.c dynamic_compiler_fmt_plug.c krb5pa-sha1_fmt_plug.c opencl_device_info.h pdfcrack_md5.h solarwinds_common_plug.c
ansible_fmt_plug.c dynamic_compiler.h KRB5_std.h opencl_diskcryptor_aes_fmt_plug.c pdfcrack_md5_plug.c solarwinds_fmt_plug.c
argon2_core.h dynamic_compiler_lib.c KRB5_std_plug.c opencl_diskcryptor_fmt_plug.c pdf_fmt_plug.c sparc32.h
argon2_core_plug.c dynamic_fmt.c krb5_tgs_fmt_plug.c opencl_dmg_fmt_plug.c pem_common.h sparc64.h
argon2_encoding.h dynamic.h kwallet_fmt_plug.c opencl_electrum_modern_fmt_plug.c pem_common_plug.c sph_haval.h
argon2_encoding_plug.c dynamic_parser.c lastpass_cli_common.h opencl_encfs_fmt_plug.c pem_fmt_plug.c sph_md2.h
argon2_fmt_plug.c dynamic_preloads.c lastpass_cli_common_plug.c opencl_enpass_fmt_plug.c pfx_common.h sph_panama.h
argon2.h dynamic_types.h lastpass_cli_fmt_plug.c opencl_ethereum_fmt_plug.c pfx_common_plug.c sph_ripemd.h
argon2_opt.h dynamic_utils.c lastpass_common.h opencl_ethereum_presale_fmt_plug.c pfx_fmt_plug.c sph_skein.h
argon2_opt_plug.c dyna_salt.c lastpass_common_plug.c opencl_fvde_fmt_plug.c pgpdisk_common.h sph_tiger.h
argon2_plug.c dyna_salt.h lastpass_fmt_plug.c opencl_geli_fmt_plug.c pgpdisk_common_plug.c sph_types.h
argon2_ref.h dyna-speed.pl lastpass_sniffed_fmt_plug.c opencl_gpg_fmt_plug.c pgpdisk_fmt_plug.c sph_whirlpool.h
argon2_ref_plug.c dyna-speed.sh leet_cc_fmt_plug.c opencl_hash_check_128.h pgpsda_common.h ssha512_fmt_plug.c
arm32le.h eapmd5tojohn.c LICENSE.gost opencl_hash_check_128_plug.c pgpsda_common_plug.c ssh_common.h
arm64le.h ecryptfs_fmt_plug.c list.c opencl_hmac_sha1.h pgpsda_fmt_plug.c ssh_common_plug.c
as400_des_fmt_plug.c ed25519-donna listconf.c opencl_hmac_sha256.h pgpwde_common.h ssh_fmt_plug.c
as400_ssha1_fmt_plug.c ed25519.h listconf.h opencl_hmac_sha512.h pgpwde_common_plug.c ssh_variable_code.h
asaMD5_fmt_plug.c eigrp_fmt_plug.c list.h opencl_iwork_fmt_plug.c pgpwde_fmt_plug.c sspr_common.h
asn1.h electrum_fmt_plug.c LM_fmt.c opencl_keccak.h phpass_common.h sspr_common_plug.c
asn1_plug.c encfs_common.h loader.c opencl_keepass_fmt_plug.c phpass_common_plug.c sspr_fmt_plug.c
autoconf_arch.h encfs_common_plug.c loader.h opencl_keychain_fmt_plug.c phpassMD5_fmt_plug.c status.c
autoconfig.h.in encfs_fmt_plug.c logger.c opencl_keyring_fmt_plug.c PHPS2_fmt_plug.c status.h
axcrypt_common.h encoding_data.h logger.h opencl_keystore_fmt_plug.c PHPS_fmt_plug.c stdbool.h
axcrypt_common_plug.c enpass_common.h lotus5_fmt_plug.c opencl_krb5_asrep_aes_fmt_plug.c pixMD5_fmt_plug.c stribog_fmt_plug.c
axcrypt_fmt_plug.c enpass_common_plug.c lotus85_fmt_plug.c opencl_krb5pa-md5_fmt_plug.c pkcs12.h strip_common.h
axcrypt_variable_code.h enpass_fmt_plug.c luks_fmt_plug.c opencl_krb5pa-sha1_fmt_plug.c pkcs12_plug.c strip_common_plug.c
AzureAD_common.h EPI_fmt_plug.c luks_insane_tests.h opencl_lastpass_cli_fmt_plug.c pkzip.c strip_fmt_plug.c
AzureAD_common_plug.c episerver_fmt_plug.c lzma opencl_lastpass_fmt_plug.c pkzip_fmt_plug.c subsets.c
AzureAD_fmt_plug.c ethereum_common.h m4 opencl_lm_b_plug.c pkzip.h subsets.h
base64_convert.c ethereum_common_plug.c Makefile.dep opencl_lm_finalize_keys.h pkzip_inffixed.h sunmd5_fmt_plug.c
base64_convert.h ethereum_fmt_plug.c Makefile.in opencl_lm_fmt_plug.c plaintext_fmt_plug.c SybaseASE_fmt_plug.c
batch.c external.c Makefile.legacy opencl_lm.h plugin_deps.pl SybasePROP_fmt_plug.c
batch.h external.h Makefile.stub opencl_lm_hst_dev_shared.h PO_fmt_plug.c syb-prop_repro.h
bcrypt_pbkdf.h fake_salts.c mask.c opencl_lm_kernel_params.h postgres_fmt_plug.c syb-prop_repro_plug.c
bcrypt_pbkdf_plug.c fake_salts.h mask_ext.c opencl_lm_plug.c pp.c symlink.c
bench.c feal8.h mask_ext.h opencl_lotus5_fmt.h ppc32alt.h tacacs_plus_fmt_plug.c
bench.h feal8_plug.c mask.h opencl_lotus5_fmt_plug.c ppc32.h tcphdr.h
best.c FG2_fmt_plug.c md2.c opencl_mask_extras.h ppc64alt.h tcp_md5_fmt_plug.c
bestcrypt_fmt_plug.c FGT_fmt_plug.c md2_fmt_plug.c opencl_mask.h ppc64.h telegram_common.h
best.sh filevault.h md4.c opencl_md4_ctx.h ppc_cpuid.c telegram_common_plug.c
BF_common.c formats.c md4.h opencl_md4.h prince.h telegram_fmt_plug.c
BF_common.h formats.h md5.c opencl_md5crypt_fmt_plug.c pseudo_intrinsics.h testparas.pl
BFEgg_fmt_plug.c formspring_fmt_plug.c md5crypt_common.c opencl_md5_ctx.h pst_fmt_plug.c tests
BF_fmt.c fuzz.c md5crypt_common.h opencl_md5.h putty2john.c tezos_common.h
BF_std.c fuzz.h md5crypt_long_fmt.c opencl_misc.h putty_fmt_plug.c tezos_common_plug.c
BF_std.h fvde_common.h MD5_fmt.c opencl_mscash2_fmt_plug.c pwsafe_common.h tezos_fmt_plug.c
bf_tab.h fvde_common_plug.c md5.h opencl_mscash2_helper_plug.c pwsafe_common_plug.c tgtsnarf.c
bitcoin_fmt_plug.c fvde_fmt_plug.c MD5_std.c opencl_mscash2_helper_plug.h pwsafe_fmt_plug.c tiger.c
bitlocker2john.c geli_common.h MD5_std.h opencl_mscash_fmt_plug.c qnx_common.h tiger_fmt_plug.c
bitlocker_common.h geli_common_plug.c mdc2dgst_plug.c opencl_mysqlsha1_fmt_plug.c qnx_fmt_plug.c timer.c
bitlocker_common_plug.c geli_fmt_plug.c mdc2_fmt_plug.c opencl_nonstd.h racf2john.c timer.h
bitlocker_fmt_plug.c genmkvpwd.c mdc2-JtR.h opencl_notes_fmt_plug.c racf_fmt_plug.c times.h
bitlocker_variable_code.h getopt.c md_helper.c opencl_nt_fmt_plug.c racf_kdfaes_fmt_plug.c trip_fmt.c
bitshares_fmt_plug.c getopt.h mediawiki_fmt_plug.c opencl_ntlmv2_fmt_plug.c radius_fmt_plug.c truecrypt_fmt_plug.c
bitwarden_common.h gost3411-2012-sse41.h memory.c opencl_o5logon_fmt_plug.c radmin_fmt_plug.c truth.pl
bitwarden_common_plug.c gost3411-2012-sse41_plug.c memory.h opencl_odf_fmt_plug.c rakp_fmt_plug.c tty.c
bitwarden_fmt_plug.c gost3411-tables.h mic.h opencl_office_fmt_plug.c rar2john.c tty.h
bks_fmt_plug.c gost3411-tables_plug.c mips32.h opencl_oldoffice_fmt_plug.c rar2john.h twofish.h
blackberry_ES10_fmt_plug.c gost.c mips64.h opencl_openbsdsoftraid_fmt_plug.c rar5_common.h twofish_plug.c
blake256.h gost_fmt_plug.c misc.c opencl_pbkdf1_hmac_sha1.h rar5_fmt_plug.c uaf2john.c
blake256_plug.c gost.h misc.h opencl_pbkdf2_hmac_md4_fmt_plug.c rar_common.c uaf_encode.c
blake2b-load-sse2.h gpg2john.c missing_getopt.c opencl_pbkdf2_hmac_md4.h rar_fmt_plug.c uaf_encode.h
blake2b-load-sse41.h gpg_common.h missing_getopt.h opencl_pbkdf2_hmac_md5_fmt_plug.c raw2dyna.c uaf_hash.c
blake2b_plug.c gpg_common_plug.c mkv.c opencl_pbkdf2_hmac_md5.h rawBLAKE2_512_fmt_plug.c uaf_raw.h
blake2b-ref_plug.c gpg_fmt_plug.c mkvcalcproba.c opencl_pbkdf2_hmac_sha1_fmt_plug.c rawKeccak_256_fmt_plug.c unafs.c
blake2b-round.h gpu_common.c mkv.h opencl_pbkdf2_hmac_sha1.h rawKeccak_512_fmt_plug.c undrop.c
blake2.h gpu_common.h mkvlib.c opencl_pbkdf2_hmac_sha256_fmt_plug.c rawMD4_fmt_plug.c unicode.c
blake2-impl.h gpu_sensors.h mkvlib.h opencl_pbkdf2_hmac_sha256.h rawMD5flat_fmt_plug.c UnicodeData.h
blamka-round-opt.h groestl.h mmap-windows.c opencl_pbkdf2_hmac_sha512_fmt_plug.c rawMD5_fmt_plug.c unicode.h
blamka-round-ref.h groestl_plug.c monero_fmt_plug.c opencl_pem_fmt_plug.c rawmd5u_fmt_plug.c unicode_range.c
blf.h groestl_tables.h money_fmt_plug.c opencl_pfx_fmt_plug.c rawSHA1_common.h unicode_range.h
blf_plug.c has160_fmt_plug.c mongodb_fmt_plug.c opencl_pgpdisk_fmt_plug.c rawSHA1_common_plug.c unique.c
blockchain_common.h has160.h mongodb_scram_fmt_plug.c opencl_pgpsda_fmt_plug.c rawSHA1_fmt_plug.c unrar.c
blockchain_common_plug.c has160_plug.c mozilla_ng_fmt_plug.c opencl_pgpwde_fmt_plug.c rawSHA1_linkedIn_fmt_plug.c unrarcmd.c
blockchain_fmt_plug.c haval.c mpz_int128.h opencl_phpass_fmt_plug.c rawSHA224_fmt_plug.c unrarcmd.h
blowfish.c haval_fmt_plug.c mscash1_fmt_plug.c opencl_pkcs12.h rawSHA256_common.h unrarfilter.c
blowfish.h haval_helper.c mscash2_fmt_plug.c opencl_pwsafe_fmt_plug.c rawSHA256_common_plug.c unrarfilter.h
brg_endian.h hccap2john.c mscash_common.h opencl_rakp_fmt_plug.c rawSHA256_fmt_plug.c unrar.h
BSDI_fmt.c hccap.h mscash_common_plug.c opencl_rar5_fmt_plug.c rawSHA384_fmt_plug.c unrarhlp.c
bt.c HDAA_fmt_plug.c MSCHAPv2_bs_fmt_plug.c opencl_rar_fmt_plug.c rawSHA512_common.h unrarhlp.h
bt_hash_type_128.c hmacmd5.c mssql05_fmt_plug.c opencl_rawmd4_fmt_plug.c rawSHA512_common_plug.c unrarppm.c
bt_hash_type_192.c hmacMD5_fmt_plug.c mssql12_fmt_plug.c opencl_rawmd5_fmt_plug.c rawSHA512_fmt_plug.c unrarppm.h
bt_hash_type_64.c hmacmd5.h mssql-old_fmt_plug.c opencl_rawsha1_fmt_plug.c rc4.c unrarvm.c
bt_hash_types.h hmacSHA1_fmt_plug.c multibit_fmt_plug.c opencl_rawsha256_fmt_plug.c rc4.h unrarvm.h
bt_interface.h hmacSHA256_fmt_plug.c mysql_fmt_plug.c opencl_rawsha256.h recovery.c unshadow.c
bt_twister.c hmacSHA512_fmt_plug.c mysql_netauth_fmt_plug.c opencl_rawsha512_fmt_plug.c recovery.h unused
bt_twister.h hmac_sha.h mysqlSHA1_fmt_plug.c opencl_rawsha512_gpl_fmt_plug.c regex.c vax.h
byteorder.h hmac_sha_plug.c net_ah_fmt_plug.c opencl_rawsha512.h regex.h vdi_fmt_plug.c
c3_fmt.c hmailserver_fmt_plug.c NETLM_fmt_plug.c opencl_rc4.h ripemd.c vms_fmt_plug.c
calc_stat.c hsrp_fmt_plug.c NETLMv2_fmt_plug.c opencl_ripemd.h ripemd_fmt_plug.c vms_std.h
chacha.h ia64.h net_md5_fmt_plug.c opencl_salted_sha_fmt_plug.c rpp.c vmx_common.h
chacha_plug.c idea-JtR.h NETNTLM_bs_fmt_plug.c opencl_sappse_fmt_plug.c rpp.h vmx_common_plug.c
chap_fmt_plug.c idea_plug.c NETNTLMv2_fmt_plug.c opencl_sboxes.h rsvp_fmt_plug.c vmx_fmt_plug.c
charset.c idle.c net_sha1_fmt_plug.c opencl_sboxes-s.h rules.c vnc_fmt_plug.c
charset.h idle.h NETSPLITLM_fmt_plug.c opencl_sha1crypt_fmt_plug.c rules.h vncpcap2john.c
citrix_ns_fmt_plug.c ike-crack.h nonstd.c opencl_sha1_ctx.h rules_init_classes.h vtp_fmt_plug.c
clipperz_srp_fmt_plug.c ike_fmt_plug.c notes_common.h opencl_sha1.h rules_init_convs.h wbb3_fmt_plug.c
cloudkeychain_common.h inc.c notes_common_plug.c opencl_sha256crypt_fmt_plug.c salted_sha1_common.h whirlpool.c
cloudkeychain_common_plug.c inc.h notes_fmt_plug.c opencl_sha256crypt.h salted_sha1_common_plug.c whirlpool_fmt_plug.c
cloudkeychain_fmt_plug.c install-sh nsec3_fmt_plug.c opencl_sha256.h salted_sha1_fmt_plug.c Win32-dlfcn-port.h
cmpt_cp.pl int128.h NS_fmt_plug.c opencl_sha2_common.h sapB_fmt_plug.c win32_memmap.c
common.c int-util.h nt2_fmt_plug.c opencl_sha2_common_plug.c sapG_fmt_plug.c win32_memmap.h
common-get-hash.h IPB2_fmt_plug.c ntlmv1_mschapv2_fmt_plug.c opencl_sha2_ctx.h sapH_fmt_plug.c wordlist.c
common.h itunes_common.h nukedclan_fmt_plug.c opencl_sha2.h sap_pse_common.h wordlist.h
common-simd-getpos.h itunes_common_plug.c o10glogon_fmt_plug.c opencl_sha512crypt_fmt_plug.c sap_pse_common_plug.c wow_srp_fmt_plug.c
common-simd-setkey32.h itunes_fmt_plug.c o3logon_fmt_plug.c opencl_sha512crypt.h sap_pse_fmt_plug.c wpapcap2john.c
common-simd-setkey64.h iwork_common.h o5logon_fmt_plug.c opencl_sha512.h sboxes.c wpapcap2john.h
compile iwork_common_plug.c oaes_lib.h opencl_sl3_fmt_plug.c sboxes-s.c wpapmk_fmt_plug.c
compiler.c iwork_fmt_plug.c oaes_lib_plug.c opencl_solarwinds_fmt_plug.c sboxes-t.c wpapsk_fmt_plug.c
compiler.h jh.h odf_common.h opencl_ssh_fmt_plug.c scrypt_fmt.c wpapsk.h
config.c jh_plug.c odf_common_plug.c opencl_sspr_fmt_plug.c scrypt_platform.h x86-64.h
config.guess john.asm odf_fmt_plug.c opencl_strip_fmt_plug.c secp256k1 x86-64.S
config.h john.c office_common.h opencl_tc_fmt_plug.c secp256k1.h x86-any.h
config.sub john.com office_common_plug.c opencl_telegram_fmt_plug.c securezip_common.h x86-mmx.h
configure john.h office_fmt_plug.c opencl_tezos_fmt_plug.c securezip_common_plug.c x86-mmx.S
configure.ac john_mpi.c oldoffice_fmt_plug.c opencl_twofish.h securezip_fmt_plug.c x86.S
cprepair.c john_mpi.h omp_autotune.c opencl_unicode.h serpent.h x86-sse.h
cq_fmt_plug.c johnswap.h omp_autotune.h opencl_vmx_fmt_plug.c serpent_plug.c x86-sse.S
cracker.c jtr_sha2.h openbsdsoftraid_common.h opencl_wpapmk_fmt_plug.c sha1crypt_common.h xmpp_scram_fmt_plug.c
cracker.h jumbo.c openbsdsoftraid_common_plug.c opencl_wpapsk_fmt_plug.c sha1crypt_common_plug.c XSHA512_fmt_plug.c
crc32.c jumbo.h openbsdsoftraid_fmt_plug.c opencl_xsha512_fmt_plug.c sha1crypt_fmt_plug.c XSHA_fmt_plug.c
crc32_fmt_plug.c KeccakDuplex.c openbsdsoftraid_variable_code.h opencl_zip_fmt_plug.c sha256crypt_common.h xts.h
crc32.h KeccakDuplex.h opencl openssl_code.h sha256crypt_fmt_plug.c xts_plug.c
cygwin_ethernet.h KeccakF-1600-64.macros opencl_7z_fmt_plug.c openssl_code_plug.c sha2.c yescrypt
dahua_fmt_plug.c KeccakF-1600-interface.h opencl_aes_bitslice.h openssl_enc_fmt_plug.c sha2.h zip2john.c
dashlane_common.h KeccakF-1600-opt64.c opencl_aes.h openssl_local_overrides.h sha3_512_fmt_plug.c zip_fmt_plug.c
dashlane_common_plug.c KeccakF-1600-opt64-settings.h opencl_aes_plain.h options.c sha512crypt_common.h zipmonster_fmt_plug.c
dashlane_fmt_plug.c KeccakF-1600-reference32BI.c opencl_agilekeychain_fmt_plug.c options.h sha512crypt_fmt_plug.c ztex
DES_bs_b.c KeccakF-1600-reference.h opencl_androidbackup_fmt_plug.c oracle11_fmt_plug.c sha.h ztex_bcrypt.c
DES_bs.c KeccakF-1600-unrolling.macros opencl_ansible_fmt_plug.c oracle12c_fmt_plug.c showformats.c ztex_descrypt.c
DES_bs.h keccak.h opencl_asn1.h oracle_fmt_plug.c showformats.h ztex_drupal7.c
DES_fmt.c KeccakHash.c opencl_autotune.c os-autoconf.h siemens-s7_fmt_plug.c ztex_md5crypt.c
DES_std.c KeccakHash.h opencl_autotune.h osc_fmt_plug.c signal_fmt_plug.c ztex_phpass.c
DES_std.h keccak_plug.c opencl_axcrypt2_fmt_plug.c os.h signals.c ztex_sha256crypt.c
detect.c KeccakSponge.c opencl_axcrypt_fmt_plug.c ospf_fmt_plug.c signals.h ztex_sha512crypt.c
[root@localhost src]# ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking whether to compile using MPI... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking additional paths... -L/usr/local/lib -I/usr/local/include
checking arg check macro for -m with gcc... yes
checking arg check macro for -Q with gcc... yes
checking if gcc supports -funroll-loops... yes
checking if gcc supports -Os... yes
checking if gcc supports -finline-functions... yes
checking if gcc supports -Og... yes
checking if gcc supports -Wall... yes
checking if gcc supports -Wno-stringop-truncation... no
checking if gcc supports -Wno-format-overflow... no
checking if gcc supports -Wno-format-truncation... no
checking if gcc supports -Wno-tautological-constant-out-of-range-compare... no
checking if gcc supports -fno-omit-frame-pointer... yes
checking if gcc supports --param allow-store-data-races=0... yes
checking if gcc supports -Wno-deprecated-declarations... yes
checking if gcc supports -Wformat-extra-args... no
checking if gcc supports -Wunused-but-set-variable... yes
checking if gcc supports -Qunused-arguments... no
checking if gcc supports -std=gnu89... yes
checking if gcc supports -Wdate-time... no
checking if gcc supports -m64 w/ linking... yes
checking for 32/64 bit... 64-bit
checking additional paths (64 bit)... -L/usr/local/lib64 -L/usr/lib64 -L/lib64
checking whether ln -s works... yes
checking for grep that handles long lines and -e... /usr/bin/grep
checking for a sed that does not truncate output... /usr/bin/sed
checking for GNU make... make
checking whether make sets $(MAKE)... yes
checking how to run the C preprocessor... gcc -E
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for sort... /usr/bin/sort
checking for find... /usr/bin/find
checking for perl... /usr/bin/perl
checking for ar... ar
checking for strip... strip
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking if pkg-config will be used... no
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking size of short... 2
checking size of int... 4
checking size of long... 8
checking size of long long... 8
checking size of wchar_t... 4
checking size of int *... 8
checking size of void *... 8
checking for extra ASFLAGS... None needed
checking for X32 ABI... no
checking special compiler flags... Intel x86
configure: Testing build host's native CPU features
checking for MMX... yes
checking for SSE2... yes
checking for SSSE3... yes
checking for SSE4.1... yes
checking for SSE4.2... yes
checking for AVX... yes
checking for XOP... no
checking for AVX2... no
checking for arch.h alternative... x86-64.h
checking for byte ordering according to target triple... little
checking supplied paths for OpenSSL...
checking additional paths for OpenSSL... none
checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking for SSL_CTX_new in -lssl... yes
checking for MD5_Update in -lcrypto... yes
checking for sqrt in -lm... yes
checking for deflate in -lz... yes
checking for library containing crypt... -lcrypt
checking gmp.h usability... no
checking gmp.h presence... no
checking for gmp.h... no
checking gmp/gmp.h usability... no
checking gmp/gmp.h presence... no
checking for gmp/gmp.h... no
checking skey.h usability... no
checking skey.h presence... no
checking for skey.h... no
checking for S/Key... using our own code
checking bzlib.h usability... no
checking bzlib.h presence... no
checking for bzlib.h... no
checking for main in -lkernel32... no
checking for dlopen in -ldl... yes
checking intrin.h usability... no
checking intrin.h presence... no
checking for intrin.h... no
checking openssl/cmac.h usability... yes
checking openssl/cmac.h presence... yes
checking for openssl/cmac.h... yes
configure: rexgen check not enabled
checking pcap.h usability... no
checking pcap.h presence... no
checking for pcap.h... no
checking pcap/pcap.h usability... no
checking pcap/pcap.h presence... no
checking for pcap/pcap.h... no
checking for pcap.h... (cached) no
checking for pcap/pcap.h... (cached) no
checking whether time.h and sys/time.h may both be included... yes
checking whether string.h and strings.h may both be included... yes
checking for SHA256... yes
checking for WHIRLPOOL... yes
checking for RIPEMD160... yes
checking for AES_encrypt... yes
checking for DSA_get0_pqg... no
checking for gcc option to support OpenMP... -fopenmp
checking additional paths for OpenCL... none
checking if compiler needs -Werror to reject unknown flags... no
checking for the pthreads library -lpthreads... no
checking whether pthreads work without any flags... no
checking whether pthreads work with -Kthread... no
checking whether pthreads work with -kthread... no
checking for the pthreads library -llthread... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking whether we are using the Microsoft C compiler... no
checking CL/cl.h usability... no
checking CL/cl.h presence... no
checking for CL/cl.h... no
checking OpenCL/cl.h usability... no
checking OpenCL/cl.h presence... no
checking for OpenCL/cl.h... no
checking windows.h usability... no
checking windows.h presence... no
checking for windows.h... no
checking for OpenCL library... no
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking malloc.h usability... yes
checking malloc.h presence... yes
checking for malloc.h... yes
checking net/ethernet.h usability... yes
checking net/ethernet.h presence... yes
checking for net/ethernet.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/ethernet.h usability... no
checking sys/ethernet.h presence... no
checking for sys/ethernet.h... no
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/times.h usability... yes
checking sys/times.h presence... yes
checking for sys/times.h... yes
checking for sys/types.h... (cached) yes
checking termios.h usability... yes
checking termios.h presence... yes
checking for termios.h... yes
checking for unistd.h... (cached) yes
checking unixlib/local.h usability... no
checking unixlib/local.h presence... no
checking for unixlib/local.h... no
checking for windows.h... (cached) no
checking for net/if.h... yes
checking for net/if_arp.h... yes
checking for netinet/if_ether.h... yes
checking for netinet/ip.h... yes
checking for stdbool.h that conforms to C99... yes
checking for _Bool... yes
checking for inline... inline
checking for int32_t... yes
checking for int64_t... yes
checking for off_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for uint8_t... yes
checking for ptrdiff_t... yes
checking for int128... no
checking for __int128... yes
checking for __int128_t... yes
checking for error_at_line... yes
checking for pid_t... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for fseek64... no
checking for fseeko... yes
checking for fseeko64... yes
checking for _fseeki64... no
checking for lseek64... yes
checking for lseek... yes
checking for ftell64... no
checking for ftello... yes
checking for ftello64... yes
checking for _ftelli64... no
checking for fopen64... yes
checking for _fopen64... no
checking for memmem... yes
checking for mmap... yes
checking for sleep... yes
checking for setenv... yes
checking for putenv... yes
checking for strcasecmp... yes
checking for strncasecmp... yes
checking for stricmp... no
checking for strcmpi... no
checking for _stricmp... no
checking for _strcmpi... no
checking for strnicmp... no
checking for strncmpi... no
checking for _strnicmp... no
checking for _strncmpi... no
checking for strnlen... yes
checking for strlwr... no
checking for strupr... no
checking for strrev... no
checking for atoll... yes
checking for _atoi64... no
checking for snprintf... yes
checking for sprintf_s... no
checking for strcasestr... yes
checking for clGetKernelArgInfo... no
checking for posix_memalign... yes
checking for yasm that supports "-g dwarf2 -f elf64"...
checking for OS-specific feature macros needed... -D_POSIX_SOURCE -D_GNU_SOURCE -D_XOPEN_SOURCE=600
checking size of size_t... 8
checking size of off_t... 8
configure: Fuzz check disabled
configure: Fuzzing (using libFuzzer) check disabled
configure: creating *_plug.c rules, WITHOUT OpenCL objects
configure: creating Makefile dependencies
configure: creating ./john_build_rule.h
configure: creating ./config.status
config.status: creating Makefile
config.status: creating aes/Makefile
config.status: creating aes/aesni/Makefile
config.status: creating aes/openssl/Makefile
config.status: creating secp256k1/Makefile
config.status: creating ed25519-donna/Makefile
config.status: creating autoconfig.h
config.status: linking x86-64.h to arch.h
config.status: executing default commands
configure: creating ./fmt_externs.h
configure: creating ./fmt_registers.hConfigured for building John the Ripper jumbo:Target CPU ................................. x86_64 AVX, 64-bit LE
AES-NI support ............................. depends on OpenSSL
Target OS .................................. linux-gnu
Cross compiling ............................ no
Legacy arch header ......................... x86-64.hOptional libraries/features found:
Memory map (share/page large files) ........ yes
Fork support ............................... yes
OpenMP support ............................. yes (not for fast formats)
OpenCL support ............................. no
Generic crypt(3) format .................... yes
libgmp (PRINCE mode and faster SRP formats) no
128-bit integer (faster PRINCE mode) ....... yes
libz (pkzip and some other formats) ........ yes
libbz2 (gpg2john extra decompression logic) no
libpcap (vncpcap2john and SIPdump) ......... no
OpenMPI support (default disabled) ......... no
ZTEX USB-FPGA module 1.15y support ......... noInstall missing libraries to get any needed features that were omitted.Configure finished. Now "make -s clean && make -sj4" to compile. ##提示接下来需要执行这个命令####如果期间报错,缺少依赖包,这个时候就体现epel源的强大了,直接yum -y install 包名* 安装即可[root@localhost src]# make -s clean && make -sj4
ar: 正在创建 aes.a
ar: 正在创建 ed25519-donna.a
ar: 正在创建 secp256k1.aMake process completed.####安装完之后 在john-3/run下面就会多出来一个john的可执行的二进制文件
[root@localhost src]# ll ../run/john
-rwxr-xr-x. 1 root root 18732304 8月 2 22:51 ../run/john
[root@localhost src]# cd ../run/
[root@localhost run]# ls
1password2john.py bestcrypt2john.py dns hccap2john keystore2john.py luks2john.py padlock2john.py raw2dyna tgtsnarf
7z2john.pl bitcoin2john.py DPAPImk2john.py hccapx2john.py kirbi2john.py mac2john-alt.py pass_gen.pl regex_alphabets.conf truecrypt2john.py
adxcsouf2john.py bitlocker2john dumb16.conf hextoraw.pl known_hosts2john.py mac2john.py password.lst relbench uaf2john
aem2john.py bitshares2john.py dumb32.conf htdigest2john.py korelogic.conf mailer pcap2john.py repeats16.conf unafs
aix2john.pl bitwarden2john.py dynamic.conf hybrid.conf krb2john.py makechr pdf2john.pl repeats32.conf undrop
aix2john.py bks2john.py dynamic_disabled.conf ibmiscanner2john.py kwallet2john.py mcafee_epo2john.py pem2john.py rexgen2rules.pl unique
alnum.chr blockchain2john.py dynamic_flat_sse_formats.conf ikescan2john.py lanman.chr mkvcalcproba pfx2john.py rules unrule.pl
alnumspace.chr calc_stat ecryptfs2john.py ios7tojohn.pl lastpass2john.py monero2john.py pgpdisk2john.py rulestack.pl unshadow
alpha.chr ccache2john.py ejabberd2john.py itunes_backup2john.pl latin1.chr money2john.py pgpsda2john.py sap2john.pl upper.chr
andotp2john.py cisco2john.pl electrum2john.py iwork2john.py ldif2john.pl mongodb2john.js pgpwde2john.py sha-dump.pl uppernum.chr
androidbackup2john.py codepage.pl encfs2john.py john leet.pl mozilla2john.py potcheck.pl sha-test.pl utf8.chr
androidfde2john.py cprepair enpass2john.py john.bash_completion lib multibit2john.py prosody2john.py signal2john.py vdi2john.pl
ansible2john.py cracf2john.py ethereum2john.py john.conf libreoffice2john.py neo2john.py pse2john.py sipdump2john.py vmx2john.py
apex2john.py dashlane2john.py filezilla2john.py john.zsh_completion lion2john-alt.pl netntlm.pl ps_token2john.py ssh2john.py wpapcap2john
applenotes2john.py deepsound2john.py fuzz.dic jtrconf.pm lion2john.pl netscreen.py putty2john sspr2john.py zip2john
aruba2john.py dictionary.rfc2865 fuzz_option.pl jtr_rulez.pm lm_ascii.chr network2john.lua pwsafe2john.py staroffice2john.py ztex
ascii.chr digits.chr geli2john.py kdcdump2john.py lotus2john.py office2john.py racf2john stats
axcrypt2john.py diskcryptor2john.py genincstats.rb keepass2john lower.chr openbsd_softraid2john.py radius2john.pl strip2john.py
base64conv dmg2john genmkvpwd keychain2john.py lowernum.chr openssl2john.py radius2john.py telegram2john.py
benchmark-unify dmg2john.py gpg2john keyring2john.py lowerspace.chr oui.txt rar2john tezos2john.py
二、来吧,测试一下
我的虚机的密码是A123456
[root@localhost run]# echo "A123456" >> password.lst ###这个就是密码本,可以用john自带的,也可以用我文章末100亿种的密码组合
###我这里使用追加,是为了自己更方便的探测我的密码,如果想探测成功,密码必须存在在密码本里面
[root@localhost run]# ./john -w:password.lst /etc/shadow
Using default input encoding: UTF-8
Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Warning: OpenMP is disabled; a non-OpenMP build may be faster
Press 'q' or Ctrl-C to abort, almost any other key for status
A123456 (root)
1g 0:00:00:10 DONE (2022-08-02 22:55) 0.09425g/s 334.3p/s 668.6c/s 668.6C/s paagal..A123456
Use the "--show" option to display all of the cracked passwords reliably
Session completed
可以看出来,已经给破解或者探测出来了。
三、针对aix小机
aix小机没有/etc/shadow文件,他的文件是在/etc/security/passwd,如果需要探测,还请使用这个文件
由于aix小机的shadow文件与linux的不是很一致,需要重新的调整下,格式利用下面的shell即可
cat 文件名|egrep ":|password" | sed 's/password = //g' | tr -d "\t " |sed ':a;N;$!ba;s/:\n/:/g' > passwd-aix
###l利用john探测passwd-aix文件即可
小结
- 第一次密码探测成功后,第二次他就不会再探测出密码,这是因为john会将之前的探测结果沈城缓存放起来,只要把缓存清理了,john就会继续进行探测的
> john.pot 文件即可清空缓存
-
可以多安装部署几个目录 john-4 john-5 …
由于我的机器比较多,我是用了6个john跑了一晚上跑完的。 -
john还是比较强大的,还请大家自行百度摸索
-
结合shell脚本,可以把所有的shadow文件放到一个目录下面,利用for循环,自动的进行破解并将结果输出到文件,第二天一早,就可以看到所有的结果,走正常的流程进行变更,申请修改扫出来的弱密码
###本脚本需要结合实际,请调整后在用
[root@localhost zzz-shell]# cat check.sh
#!/bin/bash[ -f check.txt ] || touch check.txt
for i in `ls ~/john/run/zzz-sha/shadow/`
doecho $iecho "$i" >> check.txt`/root/john/run/john -w:/root/john/run/password.lst ~/john/run/zzz-sha/shadow/$i/etc/shadow >> check.txt`
done
- 本文档说是探测弱口令,但是也存在破解口令的情况,还请大家自重
100亿以上精准密码字典
https://download.csdn.net/download/guijianchouxyz/86272783
这篇关于linux密码破解[离线]--john 探测(爆破)弱口令(包含linux机器,aix小机)/linux上的shadow文件破解,亲测可用的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!