See everyone so enthusiastically that claim the research theme, I couldn't help trying to reclaim a.
Looking to find out, just briefly say Linux system password attack and defense. In the early days of Linux system,/etc/passwd file contains system information for each user, of course, the user's password after a certain amount of numbers and logic algorithm is a result of the operation (visible string) into the passwd file, encryption strength is not very big. Thus, early hackers just got/etc/passwd this file, the system has been hacked into half. Later, as the security level, a passwd file password separate encryption, password encrypted result and other auxiliary information saved to a shadow file. As for how to save the form and the encryption algorithm, you can use the program to set/usr/sbin/authconfig. User login password by calculation and/etc/passwd and/etc/shadow results compared to conform to the allowed login, otherwise login denied. A strong and effective password should be at least 8 characters long, and do not have access to personal information (such as birthdays, name, user name, computer models, and so also try not to connect the phone number in the password and the 2002, 2000, 888, and other digital), the common English words are not good (because available dictionary attacks), the best in passwords have some non-letters (such as numbers, punctuation, control character, and so on), try not to write on paper or computer files, select the password of a good is not related to the letters and numbers or control characters, and is composed of not less than 8-bit length. In order to force the user to specify the password that is strong enough to be modified in the arguments PASS_MIN_LEN/etc/login.defs file (password minimum length). At the same time should limit password use and ensure the regular replacement of the password, it is recommended that you modify the parameter PASS_MIN_DAYS (password use time). Linux is using the DES (the encryption function is a Crypt) or MD5 (functional is Md) encryption algorithm, because of the large, almost difficult to reverse. DES passwords the ciphertext is 13 ASCII characters in the string, and MD5 passwords the ciphertext of the start character is always "$ 1 $". OK, we all know about it. Next, we have to demonstrate it. Is a capture of Red Hat Linux series. Intruder remote overflow servers get a root permission logon interface. How to know the root password? intruder opens/etc/passwd file. It seems that the host account is encrypted with a shadow. Continue reading/etc/shadow. Root of the colon is the encrypted password. Start breaking work. Crack Linux password there are a lot of tools, such as a CrackerJack CrackbyAlexMuffett JohntheRipper, and so on, and JohntheRipper's most powerful, fastest speed. Will download to a local/etc/shadow, start with a simple model of JohntheRipper try, but no results and then hanging a Dictionary look. Here, use the "-w = specify the dictionary file 1.txt". Soon, the root password out, turned out to be: "bigapple". Have the root password, then enter the server easier.
No comments:
Post a Comment