Give an example of why you can't set a simple password 01/28 Update SLTechnology News&Howtos

Give an example of why you can't set a simple password

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Question Scenario: A friend asks why his Cloud Virtual Machine automatically shuts down for 2 consecutive days

Analysis: If the shutdown is not caused by human reasons, this must be entered into the system to call up the system log analysis to know.

This friend machine is shutdown state, tell him must turn on and provide password to enter the system analysis log to locate non-artificial shutdown reason.

He turned on the machine and provided the root password qwer!@#$, I was surprised to see this password. I called him and asked him if it had always been this password. He said yes.

Nine out of ten don't need to investigate, I already guessed what's going on, this is like buying clothes and not wearing them to play naked run away, come and ask what's going on with the clothes seller.

http://pastie.org/private/3hymqya3krcfn2xic3qikg

*** Let you visit this link, the link reads as follows:

Your machine has been hacked, your files have been sent to a server that we control and then they were deleted. You can retrieve your files in a tarball for a price of 3 BTC.

……

The idea is that your machine has been hacked, pay quickly to redeem the data, otherwise p2p, torrent will be made public.

For example, why can not set a simple password, such as john can brute force crack local passwords, in centos, if I set the following users and passwords, just these passwords are in the brute force dictionary, less than 1 second was cracked, *** there are more powerful network brute force cracking tools.

root/12345

user1/mother

user2/sister

user3/scott

user4/tiger

After installing john, it is easy to crack your simple password with a password.lst. As long as this password.lst contains these simplest passwords, it will definitely crack your password.

# yum install gcc make auto autoconf -y

# cd

# wget http://www.openwall.com/john/j/john-1.8.0.tar.gz

# tar zxvf john-1.8.0.tar.gz

# cd john-1.8.0/src/

# make

# make clean linux-x86-64

# cd ../ run

# ./ unshadow /etc/passwd /etc/shadow > passwd.txt

# grep --color bash passwd.txt

# chmod 600 passwd.txt

# ./ john -wordlist=password.lst passwd.txt

# ./ john --show passwd.txt

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.