Shulou(Shulou.com)06/02 Report--

This article will explain in detail how the Python password attack test is, and the content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.

1 how is the password attack test carried out

Password attack is probably the most common type of brute force cracking, which is widely used in various fields of penetration testing, such as Web applications, WiFi password cracking and so on. Password attack is also known as password attack, as long as the attacker gets the password of the user, he can obtain all the permissions that the user has. One of the main ways of password attack is dictionary attack, usually after scanning the background directory of the website through the scanning detector of the website, you can use the dictionary to test the password.

As for why dictionaries are used for password attacks, of course, it is because many users choose to set weak passwords to facilitate memory; there are more and more websites, and more and more people need to register. In order to facilitate memory, many people directly use passwords such as "123456", "qq123456789", "zxs5201314" or birthdays as their passwords in order to save trouble. Such a convenient password is convenient, but it is a bit insecure.

For password attacks through dictionaries, dictionary files are usually constructed based on commonly used English words, Hanyu pinyin, numbers and numeric homophones, as well as characters, words, numbers, etc., which are distorted based on the above password types.

2 several methods of password attack testing

Although dictionary-based password attacks rely directly on dictionaries, there are some strategies to follow.

Vertical scan, perform all password tests on a user name

According to an obtained user name, all passwords applied to the dictionary

Horizontal scan: common password tests for multiple user names

Test a batch of usernames obtained with the most common weak passwords, such as "123456".

Diagonal scanning: traversing passwords for unused usernames and unused passwords

All user names are tested for all passwords in the dictionary, which is achieved by traversing.

3D scanning: password testing using the above three scanning methods combined with distributed proxy IP

Four-dimensional scanning: based on the above four methods, set the time interval delay to scan

3 some passwords and account policies

Password setting rules, which define the bottom line of password quality.

Password length

Prohibit the setting of short passwords

Case sensitive: combine uppercase and lowercase letters

Allow multiple characters: letters, symbols, numbers, etc.

Combination of uppercase letters, lowercase letters, special symbols and numbers

Prohibit reuse: do not use previously used passwords when resetting passwords

Refuse to reset passwords for passwords used in the past

Set password blacklist: prohibit the use of passwords in the blacklist, such as 123456, 5201314, etc.

Some account strategies can effectively improve account security:

Change the password regularly

Set a fixed time interval, when the interval is exceeded, remind the user to change the password

Lock after a certain number of password errors

Now many sites have added this policy to lock the account for a certain period of time after entering a certain number of password errors.

About how the Python password attack test is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.