Remember an ubuntu password crack (unsuccessful)

Others 2020-04-11 14:12:50 views: null

ubuntu account password inquiry

View account information

cat /etc/passwd

As shown in the figure above, the format of each line is (take root as an example), and each piece of information is separated by:

root:x : 0 :0 : root : /root : /bin/bash

rootIndicates the account name

xIndicates a password, which means
0:0that the UID and GID cannot be expressed in plain text to
root:/rootexplain the user's information, and the home directory is marked at / root

/bin/bashWhen the user executes the shell command, it is / bin / bash

View password

Obviously, the above password is not displayed in clear text. After checking the information, you can know that the password is placed /etc/shadowin it, and root permission is required to open this file. Suppose we want to check ssozhthe password of this user:

su root
cat /etc/shadow | grep ssozh

The results are as follows:

ssozh:$6$pESj8oMO$F4CIfS3/G9TE5aQ34Ifvcq74wZQhiBc9AqGuxTUPfUyEJ6M1e/ZwIcmWjkbPvrmxt3xod4Z4XRo2lYNxgip4x/:18363:0:99999:7:::

How is the above password displayed? Each piece of information is also :separated by:

ssozh: Username
$6$pESj8oMO$F4CIfS3/G9TE5aQ34Ifvcq74wZQhiBc9AqGuxTUPfUyEJ6M1e/ZwIcmWjkbPvrmxt3xod4Z4XRo2lYNxgip4x/: Encrypted password
18363: The number of days since the last password modification (since January 1, 1970)
0: How many days after which the password can be changed
99999: How many days after which the password must be changed: How many days
7before the password expires reminds to change the password

  • The next few indicate the number of days after the password expires, the user account is disabled, the date the user is disabled (the number of days since January 1, 1970), and the reserved fields for future use

First, let's take a look at how to obtain the MD5 code in order:

  • The first half of the hash value is the salt value (using two $ signs to separate):$6$pESj8oMO$
  • The second half is the salt value + password hash value

verification. We know the face value $6$pESj8oMO$, the password is 123456:

import crypt 
if __name__ == '__main__':
    print(crypt.crypt('123456','$6$pESj8oMO$'))

Obviously correct.

What is the salt value?

The initial password is stored directly in the database:

mysql> select * from User;
+----------+----------+
| UserName | PassWord |
+----------+----------+
| lichao   | 123      |
| akasuna  | 456      |
+----------+----------+

Such plaintext storage is very easy to leak information. Once the database is leaked, then all user names and passwords will be leaked, with very serious consequences. See "CSDN detailed explanation of the password leak of 6 million users" .

In order to avoid the shortcomings of plaintext storage, people began to use md5 code (SHA1) hash after storage, this time the database is as follows:

mysql> select * from User;
+----------+----------------------------------+
| UserName | PwdHash                          |
+----------+----------------------------------+
| lichao   | 202cb962ac59075b964b07152d234b70 |
| akasuna  | 250cf8b51c773f3f8dc8b4be867a9a02 |
+----------+----------------------------------+

This hashing method was originally designed to be very good, but some people collect commonly used passwords, and then perform MD5 or SHA1 on them, and then make a very large data dictionary ( rainbow table ), and then the leaked database The password in is compared. If your original password is unfortunately included in this data dictionary, it will not take long to match your original password. This data dictionary is easy to collect. The 600w passwords leaked by CSDN are good original materials.

In order to cope with the fact that the user password is too simple and the salt value appears , the data storage form is as follows:

mysql> select * from User;
+----------+----------------------------+----------------------------------+
| UserName | Salt                       | PwdHash                          |
+----------+----------------------------+----------------------------------+
| lichao   | 1ck12b13k1jmjxrg1h0129h2lj | 6c22ef52be70e11b6f3bcf0f672c96ce |
| akasuna  | 1h029kh2lj11jmjxrg13k1c12b | 7128f587d88d6686974d6ef57c193628 |
+----------+----------------------------+----------------------------------+

Salt can be any letter, number, or combination of letters or numbers, but it must be randomly generated. The salt of each user is different. When the user registers, the database does not store the password in plain text, nor is it simple Hash the plaintext password, but MD5 (cleartext password + Salt), which means:

MD5('123' + '1ck12b13k1jmjxrg1h0129h2lj') = '6c22ef52be70e11b6f3bcf0f672c96ce'
MD5('456' + '1h029kh2lj11jmjxrg13k1c12b') = '7128f587d88d6686974d6ef57c193628'

When the user logs in, the same algorithm is used for authentication.

Due to the addition of Salt, even if the database is leaked, but because the password is hashed after adding Salt, the data dictionary of the bad guys can no longer be directly matched, and the probability of the plaintext password being cracked is greatly reduced.

Reference: https://blog.csdn.net/sinat_30440627/article/details/53487076

MD5 is the argument that there is no "decryption" in the digest algorithm. The so-called decryption is brute force cracking. There are many methods for brute force cracking. Lookup tables should be the fastest, but rainbow tables need to be prepared in advance. Like you, if the salt value is fixed and the number of encrypted characters is small. The resulting rainbow table will not be very large. Or use a tool like hashcat to run a dictionary or mask, etc., the speed is also very fast. Today's GPUs can quickly expose cracked passwords.

  • There is no such thing as a “decryption” in the hash algorithm, it is all a lookup table blast. Adding salt just to increase the difficulty of brute force cracking does not essentially change the encryption method. If the password itself is a complex multi-digit password. Do you know that the salt makes little difference?

  • In addition, we have no way to separate the "salt value" and "password", we can put the salt value in the middle or back of the front. For example, in the above ubuntu system, the salt value is directly loaded in front of the password, separated by a $ $gap. In fact, we can know the salt value through the data after MD5. In addition, if it can be separated, do you think I can separate the 7-digit abcdefg password into 7 separate abcdefg one-digit passwords to crack?

  • Reference: https://www.52pojie.cn/thread-1042699-1-1.html

MD5 salt value encryption of java security Shiro password

https://blog.csdn.net/changudeng1992/article/details/81914534

https://www.cnblogs.com/xiaowangxiao/p/10961384.html

Guess you like

Origin www.cnblogs.com/SsoZhNO-1/p/12678854.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com