Shulou(Shulou.com)06/01 Report--

Account security is the vital basis to ensure the security of all kinds of equipment, but for a long time, weak passwords and uncontrollable application ports have been common high-risk security problems in telecom enterprises.

Password verification can affect business and inefficiency, so we can use John the ripper weak password detection tool to find low-strength passwords in the device and modify them in a timely manner.

1. Weak password detection

John the ripper, where you can get the latest source code packages and different forms of password dictionaries

) download and install:

[root@server1 lamp] # tar zxvf john-1.8.0.tar.gz-C / opt / / perform decompression

[root@server1 lamp] # yum install gcc gcc-c++-y / / compiler environment installation

[root@server1 lamp] # cd / opt/john-1.8.0/src / / perform compilation and installation in this directory

[root@server1 src] # make clean linux-x86-64

John the Ripper does not need a special installation operation, the compiled runsubdirectory includes executable program John and related configuration files, dictionary files, etc., which can be copied to any location to use.

) detect weak passwords:

[root@server1 run] # cp / etc/shadow / opt/shadow.txt / / copy user password file

[root@server1 run] #. / john / opt/shadow.txt / / scan the exported password and note that the current directory should be under / run

Loaded 3 password hashes with 3 different salts (crypt, generic crypt (3) [? / 64])

Press'q' or Ctrl-C to abort, almost any other key for status

Abc123 (wzn)

It is conceivable that weak password users, including root users, have been scanned by qwerty (john) #

123123 (root)

3G 0100% 2max 3g 0100% 2max 3 0.1233g/s 378.7p/s 386.6c/s 386.6C/s leslie..boston

Use the "--show" option to display all of the cracked passwords reliably

Session completed

[root@server1 run] #: > john.pot / / clear the list of cracked accounts

[root@server1 run] #. / john-- wordlist=./password.lst / opt/shadow.txt # use password dictionary to crack

The default password dictionary is / john-1.8.0/run/password.lst. We can download different forms of password dictionaries to explore various aspects to ensure the security of the account.

2. Port scan (NMAP):

NMAP is a network connection side scanning software, which is used to scan the open network connection end of the computer on the Internet. Its basic function is to detect the huge network with a large number of hosts, support ping scanning, multi-port detection, OS identification, and infer the operating system used by the host. It is one of the necessary software for network administrators to evaluate network system security.

NAMP official website

1) scan syntax and type:

Nmap [scan Type] [option] [scan Target.]

Among them, the scanning target can be a hostname, IP address or network address, etc., and multiple targets are separated by spaces

The commonly used options are "- p" and "- n", which are used to specify the port to scan and to disable reverse DNS parsing (to speed up scanning).

The type of scan determines the way of detection, and also directly affects the result of the scan.

Several commonly used scanning types are as follows:

Scanning syntax of NMAP

Nmap [scan Type] [options]

Commonly used scanning types

-sS,TCP SYN scan (half open)

-sT,TCP connection scan (full on)

-sF,TCP FIN scan

-sU,UDP scan

-sP,ICMP scan

-P0, skip ping detection

) install and scan for this machine:

[root@server1 ~] # rpm-Uvh https://nmap.org/dist/nmap-7.70-1.x86_64.rpm # download the latest installation package from the official website

Retrieving https://nmap.org/dist/nmap-7.70-1.x86_64.rpm

Preparing... # [100%]

1:nmap # # [100%]

[root@server1 ~] # nmap-sT 127.0.0.1 # scan the TCP port of this machine

Starting Nmap 7.70 (https://nmap.org) at 2018-05-08 17:41 CST

Nmap scan report for localhost (127.0.0.1)

Host is up (0.00012s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

631/tcp open ipp

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

[root@server1 ~] # nmap-sP 192.168.117.0 take 24 # scan this segment

Starting Nmap 7.70 (https://nmap.org) at 2018-05-08 17:42 CST

Nmap scan report for 192.168.117.1

Host is up (0.00087s latency).

MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.117.2

Host is up (0.00010s latency).

MAC Address: 00:50:56:E0:64:D8 (VMware)

Nmap scan report for 192.168.117.254

Host is up (0.000088s latency).

MAC Address: 00:50:56:FE:16:62 (VMware)

Nmap scan report for 192.168.117.132

Host is up.

Nmap done: 256 IP addresses (4 hosts up) scanned in 2.00 seconds

In the scan results, if the STATE column is open, the port is open, filtered means it may be filtered by the firewall, and closed means the port is closed.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.