Weak password blasting
1. Password security threats
Current password security
@ weak password
Similar to common weak commands such as 123456, 654321, and admin123.
@Default password
The default password that exists in both the application and the system. For example, phpstudy's mysql database default account password [root/root]
@ clear text transmission services
such as HTTP|FTP|TELNET. The data streams transmitted on the network are all in plaintext, including password authentication information, etc., and there is a risk of being sniffed. 1234567
Cracking method
Online cracking
account and password, need to be authenticated.
User name is unknown, password is unknown,
user name is known, password is unknown,
user name is unknown, password is known
hydra (Hydra) 123456
Options
-----
-l specify a user name
-p specify a password
-P specify a password dictionary
-L specify a user name dictionary
-vV show details of blasting
-o save blasting results
-f stop blasting if you find the correct password
-e
n null
s same
r reverse
-t thread
-----
the process of restoring ciphertext to plaintext in
offline cracking mode 12345678910111213141516
Brute force
Use all possible characters to form a password to try to crack. (The most primitive and rude cracking method)
[If you bear the time cost, you will eventually burst the password]
The space size
of the password generated according to different digits Character set Password digits password space
[0-9] 8 digits 10^8= 100000000
[0-9][az] 8 bits 36^8=2821109907456
[0-9][az] 1-8 bits ??
[crunch 1 8 abcdefghijklmnopgrstuvwxyz0123456789]12345678910
Dictionary cracking
Significantly reduce costs. (The real password may be missed)
Password dictionary classification:
@ Weak password dictionary
such as 123456, admin and other default passwords or weak password
@社工 dictionary (more specific, the accuracy rate will be higher)
Password content and combination will be related to the individual Information about the
tool for generating dictionary: cupp *(cupp -i)
------
apt-get update
apt-get install cupp
*cupp -i
------
[wc -l (file name)\.txt] Check the number of lines in the file content
@ Character set dictionary
If the character set of the password can be determined, the cost of blasting will also be greatly reduced
------
###crunch [Password Generation Tool]###
------
[https ://sourceforge.net/projects/crunch-wordlist/]
*Commands can be run directly in Kali (included in Kali, download without using mkdir crunch)
------123456789101112131415161718192021
Simple dictionary introduction:
Subdomain dictionary
default account dictionary
file path dictionary
directory file
web directory
commonly used variable name dictionary
commonly used file name dictionary
weak password dictionary 12345678
Windows password blasting
*Windows password remote blasting 【*hudra HYDRA】
[hydra -l administrator -P ../dic/pwd.dic 172.16.132.163 smb]
*Windows account hash value cracking
can not only blast windows password remotely, but also locally blast windows password.
There are two main ways to crack windows local accounts:
@ Read windows password from memory
You can use gatpass to read the dealer password directly from the windows system memory.
@windows hash value cracking
windows hash value cracking requires two steps:
1. Use the QuarksPwDump tool to read (export) the windows account password hash value
2. Use the john tool to crack.