Weak password blasting
1. Password security threats
Current password security @ weak password Similar to common weak commands such as 123456, 654321, and admin123. @Default password The default password that exists in both the application and the system. For example, phpstudy's mysql database default account password [root/root] @ clear text transmission services such as HTTP|FTP|TELNET. The data streams transmitted on the network are all in plaintext, including password authentication information, etc., and there is a risk of being sniffed. 1234567
Cracking method
Online cracking account and password, need to be authenticated. User name is unknown, password is unknown, user name is known, password is unknown, user name is unknown, password is known hydra (Hydra) 123456
Options
----- -l specify a user name -p specify a password -P specify a password dictionary -L specify a user name dictionary -vV show details of blasting -o save blasting results -f stop blasting if you find the correct password -e n null s same r reverse -t thread ----- the process of restoring ciphertext to plaintext in offline cracking mode 12345678910111213141516
Brute force
Use all possible characters to form a password to try to crack. (The most primitive and rude cracking method) [If you bear the time cost, you will eventually burst the password] The space size of the password generated according to different digits Character set Password digits password space [0-9] 8 digits 10^8= 100000000 [0-9][az] 8 bits 36^8=2821109907456 [0-9][az] 1-8 bits ?? [crunch 1 8 abcdefghijklmnopgrstuvwxyz0123456789]12345678910
Dictionary cracking
Significantly reduce costs. (The real password may be missed) Password dictionary classification: @ Weak password dictionary such as 123456, admin and other default passwords or weak password @社工 dictionary (more specific, the accuracy rate will be higher) Password content and combination will be related to the individual Information about the tool for generating dictionary: cupp *(cupp -i) ------ apt-get update apt-get install cupp *cupp -i ------ [wc -l (file name)\.txt] Check the number of lines in the file content @ Character set dictionary If the character set of the password can be determined, the cost of blasting will also be greatly reduced ------ ###crunch [Password Generation Tool]### ------ [https ://sourceforge.net/projects/crunch-wordlist/] *Commands can be run directly in Kali (included in Kali, download without using mkdir crunch) ------123456789101112131415161718192021
Simple dictionary introduction:
Subdomain dictionary default account dictionary file path dictionary directory file web directory commonly used variable name dictionary commonly used file name dictionary weak password dictionary 12345678
Windows password blasting
*Windows password remote blasting 【*hudra HYDRA】 [hydra -l administrator -P ../dic/pwd.dic 172.16.132.163 smb] *Windows account hash value cracking can not only blast windows password remotely, but also locally blast windows password. There are two main ways to crack windows local accounts: @ Read windows password from memory You can use gatpass to read the dealer password directly from the windows system memory. @windows hash value cracking windows hash value cracking requires two steps: 1. Use the QuarksPwDump tool to read (export) the windows account password hash value 2. Use the john tool to crack.
