System weak password detection and network scanning
System weak password detection
JR
A cryptanalysis tool that supports dictionary-style brute force cracking.
Through password analysis of shadow files, you can detect password strength.
Official website: http://www.openwall.com/john/
Install JR tools
Installation method: make clean system type
main program file is john
Detect weak password accounts
Obtain the shadow file of the Linux/Unix server
Execute the john program, and use the shadow file as a parameter
Brute force cracking of password files
Prepare the password dictionary file, the default is password.lst to
execute the john program, combined with -wordlist=dictionary file
Configuration command
cd /opt
tar zxf john-1.8.0.tar.gz #解压工具包
yum install -y gcc gcc-c++ make #安装软件编译工具
cd /opt/john-1.8.0/src #切换到src子目录
make clean linux-x86-64 #进行编译安装
cp /etc/shadow /opt/shadow.txt #准备待破解的密码文件
cd /opt/john-1.8.0/run
./john /opt/shadow.txt #执行暴力破解
./john --show /opt/shadow.txt #查看已破解出的账户列表
使用密码字典文件
> john.pot #清空已破解出的账户列表,以便重新分析
./john --wordlist=./password.lst /opt/shadow.txt #使用指定的字典文件进行破解
Because the password is too complicated and it takes a long time to decipher, I won’t post it here.
Network scan
Network scanning-
NMAP NMAP is a powerful port scanning security evaluation tool that supports ping scanning, multi-port detection and other technologies
#Install the NMAP software package
rpm -qa | grep nmap
yum install -y nmap
Common options and scan types of nmap command
-p: Specify the port to scan.
-n: Disable reverse DNS resolution (to speed up scanning).
-sS: TCP SYN scan (half-open scan), only SYN packets are sent to the target. If a SYN/ACK response packet is received, the target port is considered to be listening and the connection is immediately disconnected; otherwise, the target port is considered not open.
-sT: TCP connection scanning, this is a complete TCP scanning method (default scanning type), used to establish a TCP connection, if successful, the target port is considered to be listening for services, otherwise the target port is considered not open.
-sF: TCP FIN scan, open ports will ignore such packets, closed ports will respond to RST packets. Many firewalls only simply filter SYN packets and ignore other forms of TCP attack packets. This type of scan can indirectly detect the robustness of the firewall.
-sU: UDP scan, to detect which UDP services the target host provides, the speed of UDP scan will be slower.
-sP: ICMP scan, similar to ping detection, quickly judge whether the target host is alive, and do not perform other scans.
-P0: Skip ping detection. This method considers that all target hosts are alive. When the other party does not respond to ICMP requests, using this method can avoid abandoning scanning due to failure to ping.
netstat -natp 查看正在运行的使用TCP协议的网络状态信息
netstat -naup 查看正在运行的使用UDP协议的网络状态信息
nmap -sT 127.0.0.1 #查看本机开放的TCP端口
nmap -sU 127.0.0.1 #查看本机开放的UDP端口
#检测192.168.4.0/24网段有哪些主机提供HTTP服务
nmap -p 80 192.168.4.0/24
#检测192.168.4.0/24网段有哪些存活主机
nmap -n -sP 192.168.4.0/24
Common options of the natstat command:
-a: Display all active network connection information in the host (including service ports in listening and non-monitoring states).
-n: Display related host address, port and other information in the form of numbers.
-t: View TCP-related information.
-u: Display information related to UDP protocol.
-p: Display the process number and process name information associated with the network connection (this option requires root privileges).
-r: Display routing table information.
-l: Display the network connection and port information in the monitoring state.