說到『劊客工具』,焉能不提及出了名的
John the Ripper
John the Ripper is a free password cracking software tool.[1] Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs[2] as it combines a number of password crackers into one package,autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.[3]
Sample output
This section needs expansion.You can help by adding to it.(February 2013)
|
Here is a sample output in a Debian environment.
# cat pass.txt user:AZl.zWwxIh15Q # john -w:password.lst pass.txt Loaded 1 password hash (Traditional DES [24/32 4K]) example (user) guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
The first line is a command to expand the data stored in the file “pass.txt.” The next line is the contents of the file, i.e. the user (AZ1) and the hash associated with that user (zWwxIh15Q). The third line is the command for running John the Ripper utilizing the “-w” flag. “password.lst” is the name of a text file full of words the program will use against the hash, pass.txt makes another appearance as the file we want John to work on.
Then we see output from John working. Loaded 1 password hash – the one we saw with the “cat” command – and the type of hash John thinks it is (Traditional DES). We also see that the attempt required one guess at a time of 0 with a 100% guess rate.
Attack types
One of the modes John can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary or real passwords cracked before), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John’s single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the hashes.
John also offers a brute force mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and then comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it takes a long time to run.
呢!此後『密碼字典』興起︰
Passwords
Contents
[hide]
Password dictionaries
These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I’m not breaking any licensing agreements by mirroring them with credit; if you don’t want me to host one of these files, let me know and I’ll remove it.
Name | Compressed | Uncompressed | Notes |
John the Ripper | john.txt.bz2 (10,934 bytes) | n/a | Simple, extremely good, designed to be modified |
Cain & Abel | cain.txt.bz2 (1,069,968 bytes) | n/a | Fairly comprehensive, not ordered |
Conficker worm | conficker.txt.bz2 (1411 bytes) | n/a | Used by conficker worm to spread — low quality |
500 worst passwords | 500-worst-passwords.txt.bz2 (1868 bytes) | n/a | |
370 Banned Twitter passwords | twitter-banned.txt.bz2 (1509 bytes) | n/a |
Leaked passwords
Passwords that were leaked or stolen from sites. I’m hosting them because it seems like nobody else does (hopefully it isn’t because hosting them is illegal :)). Naturally, I’m not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don’t see any reason to supply usernames — if you do have a good reason, email me (ron-at-skullsecurity.net) and I’ll see if I have them.
The best use of these is to generate or test password lists.
Note: The dates are approximate.
Name | Compressed | Uncompressed | Date | Notes |
Rockyou | rockyou.txt.bz2 (60,498,886 bytes) | n/a | 2009-12 | Best list available; huge, stolen unencrypted |
……… |
人們想要震撼你『rock you』呦?
/Hob0Rules
.. | |||
english.txt.gz | Feb 11, 2016 | ||
rockyou.txt.gz | Feb 11, 2016 | ||
shortKrak.txt | Feb 11, 2016 |
如果你的 Kali 系統 SD 卡夠大,一次裝足︰
root@kali-pi:~# apt-get install kali-linux-all
要不,就選必須︰
root@kali-pi:~# apt-cache search rockyou wordlists - Contains the rockyou wordlist
root@kali:~# apt-cache search hydra-gtk hydra-gtk - very fast network logon cracker - GTK+ based GUI
root@kali-pi:~# mkdir test root@kali-pi:~# cd test root@kali-pi:~# cp /usr/share/wordlists/rockyou.txt.gz . root@kali-pi:~# gzip -d rockyou.txt.gz root@kali:~/test# wc -l rockyou.txt 14344392 rockyou.txt
然後可以驅使『九頭蛇』︰
/thc-hydra
hydra
H Y D R A
(c) 2001-2018 by van Hauser / THC
<vh@thc.org> https://github.com/vanhauser-thc/thc-hydra
many modules were written by David (dot) Maciejak @ gmail (dot) com
BFG code by Jan Dlabal <dlabaljan@gmail.com>
Licensed under AGPLv3 (see LICENSE file)
Please do not use in military or secret service organizations,
or for illegal purposes.
INTRODUCTION
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.
THIS TOOL IS FOR LEGAL PURPOSES ONLY!
There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.
It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.
Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
However the module engine for new services is very easy so it won’t take a long time until even more services are supported. Your help in writing, enhancing or fixing modules is highly appreciated!! 🙂
自我攻防哩☺
咦! Kali 之 root 密碼為 toor ,理應簡單乎?
『密碼字典』長一千四百三十幾萬筆,一分鐘嘗試不過兩百次,那需要多少時日勒☻
應慶幸『防者』還有『張良計』耶☆
/fail2ban
Daemon to ban hosts that cause multiple authentication errors http://www.fail2ban.org
__ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
v0.11.0.dev1 20??/??/??
Fail2Ban: ban hosts that cause multiple authentication errors
Fail2Ban scans log files like /var/log/auth.log
and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.
Though Fail2Ban is able to reduce the rate of incorrect authentication attempts, it cannot eliminate the risk presented by weak authentication. Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services.
Since v0.10 fail2ban supports the matching of IPv6 addresses. |
---|
This README is a quick introduction to Fail2Ban. More documentation, FAQ, and HOWTOs to be found on fail2ban(1) manpage,Wiki and the website: https://www.fail2ban.org
不須問『攻者』若得『過牆梯』
root@kali:~# hydra -l root -e nsr 127.0.0.1 ssh Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. Hydra (http://www.thc.org/thc-hydra) starting at 2018-10-24 10:08:29 [WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4 [WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore [DATA] max 3 tasks per 1 server, overall 3 tasks, 3 login tries (l:1/p:0), ~3 try per task [DATA] attacking ssh://127.0.0.1:22/ [22][ssh] host: 127.0.0.1 login: root password: toor 1 of 1 target successfully completed, 1 valid password found Hydra (http://www.thc.org/thc-hydra) finished at 2018-10-24 10:08:44
該如何嘛★