Shulou(Shulou.com)06/03 Report--

Blog catalogue

1. Weak password detection-John the Ripper

1. Download and install John the Ripper

2. Detect weak password accounts

3. Use password dictionary files

2. Network scanning-- NMAP

1. Install NMAP software package

2. Scanning syntax and types

3. Example of scanning operation:

1. Weak password detection-John the Ripper

John the Ripper is an open source password cracking tool, which can quickly analyze plaintext password strings when known ciphertext, supports DES, MD5 and other encryption algorithms, and allows the use of password dictionaries (list files containing various password combinations) for third-party cracking. By using John the Ripper, you can detect the password strength of Linux/UNIX system user accounts.

1. Download and install John the Ripper

The source code package extraction address of John the Ripper:

Https://pan.baidu.com/s/1-l5LiXjGnBb787gvURvDvQ

Extraction code: vph7

Download directly from John the Ripper's official website:

Https://www.openwall.com/john/

[root@centos01 ~] # tar zxvf / mnt/john-1.8.0.tar.gz-C / usr/src/ [root@centos01 ~] # cd / usr/src/john-1.8.0/src/ [root@centos01 src] # make clean linux-x86-64 [root@centos01 src] # ls.. / run/john.. / run/john2, detect weak password account

In the server where John the Ripper is installed, the / etc/shadow file can be detected directly. For other Linux servers, the shadow file can be copied and passed to the John program for testing. You only need to execute the John program in the run directory and take the shadow file to be tested as the command line parameter, and you can start weak password analysis:

[root@centos01 ~] # cp / etc/shadow. / shadow.txt [root@centos01 ~] # / usr/src/john-1.8.0/run/john. / shadow.txt Loaded 1 password hash (crypt, generic crypt (3) [? / 64]) Press'q' or Ctrl-C to abort Almost any other key for status12345 (lisi) 1g 0lv 0000 0.08826g/s 265.9p/s 265.9c/s 265.9C/s 12Use the 11% 2pm 3 0.08826g/s 265.9p/s 265.9c/s 265.9C/s 12Use the "--show" option to display all of the cracked passwordsSession completed3, use password dictionary file

The default dictionary file provided by John the Ripper is password.lst, which includes more than 3000 common weak passwords. If necessary, you can add more password combinations to the dictionary file, or you can use other more complete dictionary files directly. When executing the john program, you can combine the "--wordlist=" option to specify the location of the dictionary file for third-party analysis of the specified password file.

[root@centos01 run] # > john.pot [root@centos01 run] #. / john-- wordlist=./password.lst / root/a.txt Loaded 4 password hashes with 4 different salts (crypt, generic crypt (3) [? / 64]) Press'q' or Ctrl-C to abort Almost any other key for status123456 (wangwu) 123456 (zhangsan) 123456 (admin) 123456 (root) 4G 0V 00100% 4.301g/s 103.2p/s 412.9c/s 412.9C/s 123456..pepperUse the "- show" option to display all of the cracked passwords reliablySession completed II, network scan-NMAP

NMAP is a powerful security evaluation tool for port scanning. The installation package is provided on the Linux system disk. The official website is the latest source code package downloaded by https://nmap.org/. NMAP is designed to detect a huge network with a large number of hosts, supporting ping scanning, multi-port detection, OS identification and other technologies. Using NMAP to scan the internal network regularly, you can find out uncontrollable application services in the network. Our operation and maintenance staff should close unsafe services in time to reduce security risks.

1. Install NMAP software package

In Centos7 systems, you can use either the nmap-6.40-7.e17.x86_64.rpm installation package that comes with the CD or the latest version of the source code package downloaded from the official website of NMAP. Here, take the nmap package installed in YUM as an example.

[root@centos01 ~] # yum-y install nmap2, scan syntax and type

The scanner for NMAP is located in the / usr/bin/nmap directory, and the basic command format for use is as follows:

Nmap [scan Type] [options]

Among them, the scanning target can be hostname, IP address or network address, and multiple targets need to be separated by spaces; the commonly used options are "- p" and "- n", which are used to specify the scanning port and disable reverse DNS parsing (to speed up the scanning speed); the scanning type determines the way of detection, and also directly affects the scanning results.

Several commonly used scanning types are as follows:

-sS,TCP SYN scan (half-open scan): only send SYN packets to the destination. If you receive a SYN/ACK response packet, the destination port is considered to be listening and immediately disconnected; otherwise, the destination port is not open. -sT,TCP connection scanning: this is a complete TCP scanning method, which is used to establish a TCP connection. If it succeeds, the target port is listening to the service, otherwise the target port is not open. -sF,TCP FIN scan: open ports ignore such packets, closed ports respond to RST packets, and many firewalls simply filter SYN packets while ignoring other forms of TCP*** packets. This type of scanning can indirectly detect the robustness of the firewall. -sU,UDP scanning: the speed of UDP scanning will be slow to detect what UDP services are provided by the target host. -sP,ICMP scan: similar to ping detection, it quickly determines whether the target host is alive and does not do other scans. -P0, skip ping detection: this method assumes that all the target hosts are alive, and when the other party does not respond to the ICMP request, it can avoid being unable to ping and abandon the scan. 3. Scanning operation example: [root@centos01 ~] # nmap 192.168.100.10 Starting Nmap 6.40 (http://nmap.org) at 2019-11-23 08:30 CSTmass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using-- system-dns or specify valid servers with-- dns-serversRTTVAR has grown to over 2.3 seconds, decreasing to 2.0. Nmap scan report for 192.168.100.10Host is up (0.0000060s latency). Not shown: 997 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh111/tcp open rpcbindNmap done: 1 IP address (1 host up) scanned in 0.05 seconds [root@centos01] # nmap-p 20 Starting Nmap 22 192.168.100.10 Starting Nmap 6.40 (http://nmap.org) at 2019-11-23 08:31 CSTmass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using-system-dns or specify valid servers with-dns-serversRTTVAR has grown to over 2.3seconds, decreasing to 2.0RTTVAR has grown to over 2.3seconds Decreasing to 2.0Nmap scan report for 192.168.100.10Host is up (67s latency). PORT STATE SERVICE20/tcp closed ftp-data22/tcp open sshNmap done: 1 IP address (1 host up) scanned in 0.03 seconds [root@centos01] # nmap-p 20 22 192.168.100.0 at 24 Starting Nmap 6.40 (http://nmap.org) at 2019-11-23 08:32 CSTmass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using-- system-dns or specify valid servers with-- dns-serversNmap scan report for 192.168.100.254Host is up (0.00015s latency). PORT STATE SERVICE20/tcp filtered ftp-data22/tcp filtered sshMAC Address: 00:50:56:C0:00:01 (VMware) Nmap scan report for 192.168.100.10Host is up (- 1400s latency). PORT STATE SERVICE20/tcp closed ftp-data22/tcp open sshNmap done: 256 IP addresses (2 hosts up) scanned in 7.14 seconds [root@ Centos01] # nmap-p 20 Starting Nmap 22 192.168.100.10-200 Starting Nmap 6.40 (http://nmap.org) at 2019-11-23 08:32 CSTmass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using-system-dns or specify valid servers with-dns-serversRTTVAR has grown to over 2.3seconds, decreasing to 2.0RTTVAR has grown to over 2.3seconds, decreasing to 2.0Nmap scan report for 192.168.100.10Host is up (1100s latency). PORT STATE SERVICE20/tcp closed ftp-data22/tcp open sshNmap done: 191 IP addresses (1 host up) scanned in 7.68 seconds

In the scan results, if the STATE column is open, the port is open, filtered means it may be filtered by the firewall, and closed means the port is closed.

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.