Password cracking
- JOHN tools
- 1. User lock
- 2. Add and delete users
- Three.i lock and a lock
- Four remote login control
- Five password security mechanism
- Six historical command records
- Seven terminal automatic logout
- Eight restrict users who use the su command
- Nine Ordinary users' privilege escalation operations
- Ten view sudo operation record
- Eleven modify grub password
- Twelve prohibit ordinary users from logging in
JOHN tools
Enter the URL www.openwall.com/john/ to obtain the resource package, such as john-1.8.0.tar.gz to
download the John tool to the /opt directory
cd /opt
tar xzvf john-1.8.0.tar.gz #解压缩
cd john-1.8.0/src/
make clean linux-x86-64 #编译
cd ..
cd run
cp -p /etc/shadow /root/shadow.txt #把/etc/shadow复制到/root/shadow.txt文件夹下
cd /root
vi passwd.lst #加入常用密码123,123456
cd - 切回run目录下
./john --w:/root/passwd.lst /root/shadow.txt #字典匹配破解
./john /root/shadow.txt #暴力破解
The common weak password
dictionary cracking in the dictionary file passwd.lst.
/john --w:/root/passwd.lst /root/shadow.txt
Brute
force./john /root/shadow.txt
The cracked password is stored in the John.pot folder and you
can use the 100dd command to delete and
view the cracked user information. /
john --show /root/shadow.txt
System security settings
- JOHN tools
- 1. User lock
- 2. Add and delete users
- Three.i lock and a lock
- Four remote login control
- Five password security mechanism
- Six historical command records
- Seven terminal automatic logout
- Eight restrict users who use the su command
- Nine Ordinary users' privilege escalation operations
- Ten view sudo operation record
- Eleven modify grub password
- Twelve prohibit ordinary users from logging in
1. User lock
passwd -l cenjeal 锁定用户cenjeal使其无法登录
passwd -u cenjeal 解锁用户cenjeal
usermod -L cenjeal
usermod -U cenjeal
2. Add and delete users
useradd cenjeal1
cd /home/
ll
可见cenjeal1
userdel -r cenjeal1 删除用户cenjeal1
Three.i lock and a lock
ll /etc/passwd /etc/shadow 查看文件passwd和shadow
加i锁
chattr +i /etc/passwd 锁定文件passwd(此举将无法创建新用户)
chattr +i /etc/shadow 锁定文件shadow
chattr +i yun.txt 锁定文件yun.txt
去i锁(只能超级用户)
有i锁的情况下超级用户都无法进行写操作(echo "123" >> test 会permission denied )
chattr -i yun.txt
lsattr /etc/passwd /etc/shadow 查看
加a锁chattr +a yun.txt
echo "123" >> yun.txt( 可以)
vi yun.txt(拒绝)
(只能追加,不能修改)
Four remote login control
(1)chsh -s /sbin/nologin yang 拒绝远程登陆用户yang
(2)chsh yang 交互模式
(3)root用户vi /etc/passwd 直接进入文件进行修改
Five password security mechanism
vi /etc/login.defs (PASS_MAX_DAYS 99999修改为30)
chage -M 30 yang (适用于已有用户)
chage -d 0 yang (强制在下次登录时更改密码)
Six historical command records
history
history -c 清空历史记录
修改历史命令条数
vi /etc/profile 系统全局变量文件,所有和变量相关的都应该放在这里
HISTSIZE=1000 改成100
source /etc/profile 刷新
Seven terminal automatic logout
vi /etc/profile
export TMOUT=60 闲置60秒后自动注销
source /etc/profile 刷新生效
Eight restrict users who use the su command
gpasswd -a cenjeal wheel 将允许使用su命令的用户加入wheel组
vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_wheel.so use_uid
vi /etc/login.defs
SU_WHEEL_ONLY yes 追加到/etc/login.defs文件中
Nine Ordinary users' privilege escalation operations
在yang账户下ifconfig ens33:1 192.168.1.100 被拒绝
进行提权
vi /etc/sudoers
编辑sudoers文件,在末尾插入
yang localhost=/sbin/*,!sbin/reboot 表示yang用户可以在localhost下执行/sbin下所有命令,除了reboot
此时sudo ifconfig ens33:1 192.168.1.100 可以执行
Ten view sudo operation record
visudo
在末尾插入Defaults logfile = "var/log/sudo"
tail /var/log/sudo 查看sudo操作记录
Eleven modify grub password
Restart grub2-setpassword , press the e key to enter the grub menu, you need to enter the account password, because here is set with root, you need to use the root password
Twelve prohibit ordinary users from logging in
vi /etc/nologin
编辑模式插入用户yang
wq保存退出
发现无法登录
rm -rf /etc/nologin 删除该文件恢复登录