System weak password detection and network port scanning

1. System weak password detection

(I. Overview

Joth the Ripper, referred to as JR

• An open source cryptanalysis tool that supports dictionary brute force cracking
• Through the password analysis of the shadow file, the password strength can be detected
• Official website: http://www.openwall.com/john/
  download dictionary package

(2) Install JR tools

1. Installation method //make clean system type
2. The main program file is john

(3) Detect weak password accounts

1. Obtain the shadow file of the Linux/Unix server
2. Execute the john program and use the shadow file as a parameter

(4) Brute force cracking of password files

1. Prepare the password dictionary file, the default is password.lst
2. Execute the john program, combined with the -wordlist= dictionary file

(5) Operation steps

cd /opt                                  
tar zxvf john-1.9.0.tar.gz            //解压工具包 
yum -y install gcc gcc-c++ make       //安装软件编译工具 

cd /opt/john-1.9.0/src
make clean linux-x86-64               //切换到src子目录，进行编译安装

cp /etc/shadow /opt/shadow.txt        //准备待破解的密码文件
 
cd /opt/john-1.9.0/run                   
./john /opt/shadow.txt                //切换到run子目录，执行暴力破解

./john --show /opt/shadow.txt          //查看已破解出的账户列表

>john.pot                        //清空已破解出的账户列表，已重新分析
./john --wordlist=./password.lst /opt/shadow.txt  //使用指定的字典文件进行破解

1. Copy and unzip the toolkit


2. Install the compilation tool (source installation requires c language and c++ language environment)

3. Compile and install in the /opt/john-1.8.0/src directory

4. Copy the password file to prepare for brute force cracking, execute cracking in the /opt/jhon-.8.0/run directory

Supplement: The password.lst file in the john-1.8.0/run directory is a dictionary file. The content of this file will be run when cracking the password.

Two, network port scanning NMAP

(1) Overview of NMAP

1. It is a powerful port scanning security evaluation tool that supports multiple technologies such as ping scanning and multi-port detection.
2. Official website: http://nmap.org/

(2) Install the NMAP software package

mount /dev/sr0 /mnt //First mount the local disk
yum install -y nmap //Then install the nmap software package

(3) Common options of nmap command and corresponding scan types

• -p: Specify the port to scan.
• -n: Disable reverse DNS resolution (to speed up scanning).
• -sS: TCP SYN scan (half-open scan), only SYN packets are sent to the target. If a SYN/ACK response packet is received, the target port is considered to be listening and the connection is immediately disconnected; otherwise, the target port is considered not open.
• -sT : TCP connection scan, this is a complete TCP scan method (default scan type), used to establish a TCP connection, if successful, the target port is considered to be listening for services, otherwise the target port is considered not open.
• -sF: TCP FIN scan, open ports will ignore this kind of packet, and closed ports will respond to RST packets. Many firewalls only simply filter SYN packets and ignore other forms of TCP attack packets. This type of scan can indirectly detect the robustness of the firewall.
• - sU : What UDP services UDP scanning probe target hosts provide, UDP scanning speed will be slower.
• -sP: ICMP scan, similar to ping detection, quickly judge whether the target host is alive, and do not perform other scans.
• -P0: Skip ping detection. This method considers that all target hosts are alive. When the other party does not respond to ICMP requests, this method can avoid abandoning scanning due to failure to ping.

nmap -sT 127.0.0.1   //查看本机开放的TCP端口

nmap -sU 127.0.0.1   //查看本机开放的UDP端口 

Three, network port scanning netstat

netstat -natp   // 查看正在运行的使用TCP协议的网络状态信息

netstat -naup     查看正在运行的使用UDP协议的网络状态信息