本文主要是介绍【密码守护者】让弱密码无处遁形,保护你的UOS系统安全!,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
欢迎点赞、关注、分享,后期将会有更多的工作小工具分享给大家,嘻嘻
密码,是守护我们数字世界的钥匙。一个强大、复杂的密码,能够有效地抵御黑客攻击和信息泄露的风险。但在日常使用中,许多人因为方便记忆而选择了简单易猜的“弱密码”,这无疑给自己的信息安全埋下了隐患。今天,我们就来使用john来探测下主机上面的弱密码用户,让弱密码无处可逃!
版本环境
系统版本 | 备注 |
uos 1050 桌面专业版 (需要root权限) | 来测试所有用户是否存在弱密码,不是修改密码 |
经测试,只要是系统架构匹配,部分桌面还是服务器都可以使用
效果展示:
小编测试完成后,会自动释放该主机,工作中千万不要学习小编的123456。
弱密码情报站
弱密码通常指的是那些容易被猜测或破解的密码,比如连续的数字(如"123456")、重复的字符(如"aaaaaa")、常见的组合(如"password")等。这些密码对于黑客来说,几乎是不设防的。
来看看你的系统里面有几个弱密码用户
思路
-
安装部署john
-
创建测试账号
-
进行弱密码探测
-
进行验证
john是一个专门的密码爆破工具,当然既然他能爆破密码,那他是不是也可以帮我们测试密码呢?是的,我们可以给john提供弱密码口令本,也可以使用john自己本身的暴力破解,对于弱密码来说,john是可以轻轻松松拿捏。
开搞
一、安装john软件包
1、在桌面空白处,邮件,【在终端中打开】
2、下载john的源码包。
liushuai@liushuai-PC:~/Desktop$ wget https://www.openwall.com/john/k/john-1.9.0.tar.gz
--2024-05-09 13:32:31-- https://www.openwall.com/john/k/john-1.9.0.tar.gz
正在解析主机 www.openwall.com (www.openwall.com)... 193.110.157.242
正在连接 www.openwall.com (www.openwall.com)|193.110.157.242|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:13110145 (13M) [application/octet-stream]
正在保存至: “john-1.9.0.tar.gz”
john-1.9.0.tar.gz 100%[===========================================================================================>] 12.50M 404KB/s 用时 1m 57s
2024-05-09 13:34:30 (110 KB/s) - 已保存 “john-1.9.0.tar.gz” [13110145/13110145])
等下载成100%。
3、检查是否下载成功
liushuai@liushuai-PC:~/Desktop$ ls
360safe.desktop com.tencent.wechat.desktop deepin-album.desktop uninstall360safe.desktop wps-office-pdf.desktop wps-office-wps.desktop
文件共享专用 dde-computer.desktop deepin-calculator.desktop wps-office-et.desktop wps-office-prometheus.desktop
新建Word文档.doc dde-trash.desktop john-1.9.0.tar.gz wps-office-officeassistant.desktop wps-office-wpp.desktop
4、创建解压后的目录。
liushuai@liushuai-PC:~/Desktop$ mkdir john
liushuai@liushuai-PC:~/Desktop$ ls
360safe.desktop com.tencent.wechat.desktop deepin-album.desktop john-1.9.0.tar.gz wps-office-officeassistant.desktop wps-office-wpp.desktop
文件共享专用 dde-computer.desktop deepin-calculator.desktop uninstall360safe.desktop wps-office-pdf.desktop wps-office-wps.desktop
新建Word文档.doc dde-trash.desktop john wps-office-et.desktop wps-office-prometheus.desktop
5、对源码进行解压到指定目录
liushuai@liushuai-PC:~/Desktop$ tar -xvf john-1.9.0.tar.gz -C john/
john-1.9.0/doc/CHANGES
john-1.9.0/doc/CONFIG
。
。
省略部分
。
。
john-1.9.0/src/x86-any.h
john-1.9.0/src/x86-mmx.S
john-1.9.0/src/x86-mmx.h
john-1.9.0/src/x86-sse.S
john-1.9.0/src/x86-sse.h
john-1.9.0/src/x86.S
6、检查解压情况。
liushuai@liushuai-PC:~/Desktop$ cd john/
liushuai@liushuai-PC:~/Desktop/john$ ls
john-1.9.0
liushuai@liushuai-PC:~/Desktop/john$ cd john-1.9.0/
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0$ ls
doc run src
其中doc为文档目录 run为john命令所在目录 src为需要编译的目录
7、切换到src目录里面,开始进行编译
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0$ cd src/
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ ls
AFS_fmt.c bench.h charset.c cracker.c DES_std.c getopt.c john.c logger.c memory.h options.h ppc32.h rules.h sparc32.h tty.h x86-64.S
alpha.h best.c charset.h cracker.h DES_std.h getopt.h john.com logger.h mic.h os.h ppc64alt.h sboxes.c sparc64.h unafs.c x86-any.h
alpha.S best.sh common.c crc32.c detect.c ia64.h john.h Makefile mips32.h params.c ppc64.h sboxes-s.c status.c unique.c x86-mmx.h
arm32le.h BF_fmt.c common.h crc32.h dummy.c idle.c list.c Makefile.dep mips64.h params.h recovery.c sboxes-t.c status.h unshadow.c x86-mmx.S
arm64le.h BF_std.c compiler.c DES_bs_b.c external.c idle.h list.h MD5_fmt.c misc.c pa-risc.h recovery.h signals.c symlink.c vax.h x86.S
batch.c BF_std.h compiler.h DES_bs.c external.h inc.c LM_fmt.c MD5_std.c misc.h path.c rpp.c signals.h times.h wordlist.c x86-sse.h
batch.h BSDI_fmt.c config.c DES_bs.h formats.c inc.h loader.c MD5_std.h nonstd.c path.h rpp.h single.c trip_fmt.c wordlist.h x86-sse.S
bench.c c3_fmt.c config.h DES_fmt.c formats.h john.asm loader.h memory.c options.c ppc32alt.h rules.c single.h tty.c x86-64.h
8、确认下支持的系统情况,通过“make"
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ make
To build John the Ripper, type:
make clean SYSTEM
where SYSTEM can be one of the following:
linux-x86-64-avx512 Linux, x86-64 with AVX-512 (some 2017+ Intel CPUs)
linux-x86-64-avx2 Linux, x86-64 with AVX2 (some 2013+ Intel CPUs)
linux-x86-64-xop Linux, x86-64 with AVX and XOP (some AMD CPUs)
linux-x86-64-avx Linux, x86-64 with AVX (some 2011+ Intel CPUs)
linux-x86-64 Linux, x86-64 with SSE2 (most common)
linux-x86-avx512 Linux, x86 32-bit with AVX-512 (some 2017+ Intel CPUs)
linux-x86-avx2 Linux, x86 32-bit with AVX2 (some 2013+ Intel CPUs)
linux-x86-xop Linux, x86 32-bit with AVX and XOP (some AMD CPUs)
linux-x86-avx Linux, x86 32-bit with AVX (2011+ Intel CPUs)
linux-x86-sse2 Linux, x86 32-bit with SSE2 (most common, if 32-bit)
linux-x86-mmx Linux, x86 32-bit with MMX (for old computers)
linux-x86-any Linux, x86 32-bit (for truly ancient computers)
linux-mic Linux, Intel MIC (first generation Xeon Phi)
linux-arm64le Linux, ARM 64-bit little-endian w/ASIMD (best)
linux-arm32le-neon Linux, ARM 32-bit little-endian w/NEON (best 32-bit)
linux-arm32le Linux, ARM 32-bit little-endian
linux-alpha Linux, Alpha
linux-sparc64 Linux, SPARC 64-bit
linux-sparc Linux, SPARC 32-bit
linux-ppc32-altivec Linux, PowerPC w/AltiVec (best)
linux-ppc32 Linux, PowerPC 32-bit
linux-ppc64-altivec Linux, PowerPC 64-bit w/AltiVec
linux-ppc64 Linux, PowerPC 64-bit
linux-ia64 Linux, IA-64
freebsd-x86-64 FreeBSD, x86-64 with SSE2 (best)
freebsd-x86-sse2 FreeBSD, x86 with SSE2 (best if 32-bit)
freebsd-x86-mmx FreeBSD, x86 with MMX
freebsd-x86-any FreeBSD, x86
freebsd-alpha FreeBSD, Alpha
openbsd-x86-64 OpenBSD, x86-64 with SSE2 (best)
openbsd-x86-sse2 OpenBSD, x86 with SSE2 (best if 32-bit)
openbsd-x86-mmx OpenBSD, x86 with MMX
openbsd-x86-any OpenBSD, x86
openbsd-alpha OpenBSD, Alpha
openbsd-sparc64 OpenBSD, SPARC 64-bit (best)
openbsd-sparc OpenBSD, SPARC 32-bit
openbsd-ppc32 OpenBSD, PowerPC 32-bit
openbsd-ppc64 OpenBSD, PowerPC 64-bit
openbsd-pa-risc OpenBSD, PA-RISC
openbsd-vax OpenBSD, VAX
netbsd-sparc64 NetBSD, SPARC 64-bit
netbsd-vax NetBSD, VAX
solaris-sparc64-cc Solaris, SPARC V9 64-bit, cc (best)
solaris-sparc64-gcc Solaris, SPARC V9 64-bit, gcc
solaris-sparcv9-cc Solaris, SPARC V9 32-bit, cc
solaris-sparcv8-cc Solaris, SPARC V8 32-bit, cc
solaris-sparc-gcc Solaris, SPARC 32-bit, gcc
solaris-x86-64-cc Solaris, x86-64 with SSE2, cc (best)
solaris-x86-64-gcc Solaris, x86-64 with SSE2, gcc
solaris-x86-sse2-cc Solaris 9 4/04+, x86 with SSE2, cc
solaris-x86-sse2-gcc Solaris 9 4/04+, x86 with SSE2, gcc
solaris-x86-mmx-cc Solaris, x86 with MMX, cc
solaris-x86-mmx-gcc Solaris, x86 with MMX, gcc
solaris-x86-any-cc Solaris, x86, cc
solaris-x86-any-gcc Solaris, x86, gcc
tru64-alpha Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32 AIX, PowerPC 32-bit
macosx-x86-64 Mac OS X 10.5+, Xcode 3.0+, x86-64 with SSE2 (best)
macosx-x86-sse2 Mac OS X, x86 with SSE2
macosx-ppc32-altivec Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32 Mac OS X, PowerPC 32-bit
macosx-ppc64 Mac OS X 10.4+, PowerPC 64-bit
macosx-universal Mac OS X, Universal Binary (x86 + x86-64 + PPC)
hpux-pa-risc-gcc HP-UX, PA-RISC, gcc
hpux-pa-risc-cc HP-UX, PA-RISC, ANSI cc
irix-mips64-r10k IRIX, MIPS 64-bit (R10K) (best)
irix-mips64 IRIX, MIPS 64-bit
irix-mips32 IRIX, MIPS 32-bit
dos-djgpp-x86-mmx DOS, DJGPP, x86 with MMX
dos-djgpp-x86-any DOS, DJGPP, x86
win32-cygwin-x86-sse2 Win32, Cygwin, x86 with SSE2 (best)
win32-cygwin-x86-mmx Win32, Cygwin, x86 with MMX
win32-cygwin-x86-any Win32, Cygwin, x86
beos-x86-sse2 BeOS, x86 with SSE2 (best)
beos-x86-mmx BeOS, x86 with MMX
beos-x86-any BeOS, x86
generic Any other Unix-like system with gcc
9、确认自己的系统架构
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
。。省略部分。。
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc cpuid pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 avx2 smep bmi2 invpcid rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves arat md_clear flush_l1d arch_capabilities
从返回结果来看,我的系统是X86_64。
10、进行编译
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ make clean linux-x86-64
rm -f ../run/john ../run/unshadow ../run/unafs ../run/unique ../run/john.bin ../run/john.com ../run/unshadow.com ../run/unafs.com ../run/unique.com ../run/john.exe ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe
rm -f ../run/john.exe john-macosx-* *.o *.bak core
rm -f detect bench generic.h arch.h tmp.s
cp /dev/null Makefile.dep
ln -sf x86-64.h arch.h
make ../run/john ../run/unshadow ../run/unafs ../run/unique \
JOHN_OBJS="DES_fmt.o DES_std.o DES_bs.o DES_bs_b.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o" \
CFLAGS="-c -Wall -O2 -fomit-frame-pointer -DHAVE_CRYPT" \
LDFLAGS="-s -lcrypt"
make[1]: 进入目录“/home/liushuai/Desktop/john/john-1.9.0/src”
gcc -c -Wall -O2 -fomit-frame-pointer -DHAVE_CRYPT -funroll-loops DES_fmt.c
。
。
省略部分
。
。
gcc DES_fmt.o DES_std.o DES_bs.o DES_bs_b.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o -s -lcrypt -o ../run/john
rm -f ../run/unshadow
ln -s john ../run/unshadow
rm -f ../run/unafs
ln -s john ../run/unafs
rm -f ../run/unique
ln -s john ../run/unique
make[1]: 离开目录“/home/liushuai/Desktop/john/john-1.9.0/src”
11、确认下上面的命令是否执行成功
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ echo $?
0
结果为0,说明执行成功,非0则失败。
12、切换目录到run里面,确认john命令是否正常
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/src$ cd ../run/
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/run$ ./john
John the Ripper password cracker, version 1.9.0
Copyright (c) 1996-2019 by Solar Designer
Homepage: http://www.openwall.com/john/
Usage: john [OPTIONS] [PASSWORD-FILES]
--single "single crack" mode
--wordlist=FILE --stdin wordlist mode, read words from FILE or stdin
--rules enable word mangling rules for wordlist mode
--incremental[=MODE] "incremental" mode [using section MODE]
--external=MODE external mode or word filter
--stdout[=LENGTH] just output candidate passwords [cut at LENGTH]
--restore[=NAME] restore an interrupted session [called NAME]
--session=NAME give a new session the NAME
--status[=NAME] print status of a session [called NAME]
--make-charset=FILE make a charset, FILE will be overwritten
--show show cracked passwords
--test[=TIME] run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only
--groups=[-]GID[,..] load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only
--salts=[-]N load salts with[out] at least N passwords only
--save-memory=LEVEL enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL this node's number range out of TOTAL count
--fork=N fork N processes
--format=NAME force hash type NAME: descrypt/bsdicrypt/md5crypt/
bcrypt/LM/AFS/tripcode/dummy/crypt
出现以上情况则代表命令是正常的,可以正常使用。
二、创建测试用户
1、切换到root用户,创建一个弱口令密码的用户
liushuai@liushuai-PC:~/Desktop/john/john-1.9.0/run$ sudo -i
请输入密码:
验证成功
root@liushuai-PC:~# useradd ceshi
root@liushuai-PC:~# passwd ceshi
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码
2、切换到john所在的目录
root@liushuai-PC:~# cd /home/liushuai/Desktop/john/john-1.9.0/run
root@liushuai-PC:/home/liushuai/Desktop/john/john-1.9.0/run# ls
alnum.chr alpha.chr ascii.chr digits.chr john john.conf lm_ascii.chr lower.chr lowernum.chr lowerspace.chr mailer makechr password.lst relbench unafs unique unshadow upper.chr uppernum.chr
cd /home/liushuai/Desktop/john/john-1.9.0/run ,如果你的这步执行报错,原因是你没有这个路径,请将路径中的 liushuai 换成安装john所用的 用户名
3、查看john自带的密码本
root@liushuai-PC:/home/liushuai/Desktop/john/john-1.9.0/run# cat password.lst
#!comment: This list has been compiled by Solar Designer of Openwall Project
#!comment: in 1996 through 2011. It is assumed to be in the public domain.
#!comment:
#!comment: This list is based on passwords most commonly seen on a set of Unix
#!comment: systems in mid-1990's, sorted for decreasing number of occurrences
#!comment: (that is, more common passwords are listed first). It has been
#!comment: revised to also include common website passwords from public lists
#!comment: of "top N passwords" from major community website compromises that
#!comment: occurred in 2006 through 2010.
#!comment:
#!comment: Last update: 2011/11/20 (3546 entries)
#!comment:
#!comment: For more wordlists, see http://www.openwall.com/wordlists/
123456
12345
password
password1
123456789
12345678
1234567890
以下进行省略
三、开始测试是否存在弱密码
1、开始测试
root@liushuai-PC:/home/liushuai/Desktop/john/john-1.9.0/run# ./john -w:password.lst /etc/shadow
Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
123456 (liushuai)
123456 (root)
123456 (ceshi)
123456 (test)
4g 0:00:00:00 100% 4.347g/s 104.3p/s 417.3c/s 417.3C/s 123456..pepper
Use the "--show" option to display all of the cracked passwords reliably
Session completed
本机上的弱口令用户,无处可逃了,统统拿下
结束语
加油吧!你一定会感谢现在努力的自己
如果你是linux,unix(含aix小机)的其他系统,还请查阅以下技术文档
linux密码破解[离线]--john 探测(爆破)弱口令(包含linux机器,aix小机)/linux上的shadow文件破解,亲测可用_john jumbo-CSDN博客
号外
小编最近在弄一个微信公众号,当前没有几篇文章,但是小编会努力的,博客和公众号同步更新,如果有需要的,还请关注下小编,谢谢
这篇关于【密码守护者】让弱密码无处遁形,保护你的UOS系统安全!的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!