手头上上面的机器居多,而且这些机器也是几经转折到了奴家的手上,前期已经出现了有几个密码是1234的情况,非常的头疼,这些账户也不是我们在用的,最主要的是我们的机器都在机房,没有机器的所有权,只有使用权,只要一旦扫出来弱口令,那我们也就只能背锅,好多的账户都是前期的遗留问题,不知道是否有人在用,机房也在用,好多部门也都在用,我们只是使用了其中的两个主要的用户,所以说为了安全期间,还是要自己测一下,自己的这些账户上面,有没有弱口令
基本思路
- 安装部署john
注意的是这个千万不要在生产环境上部署安装,这个可以部署在自己电脑或者其他的虚机上面,最好可以联网,因为联网安装的比较方便,直接可以yum安装相关的依赖包,切记,破解工作期间可以断网,同时也要做到保密措施 - 批量获取机器的shadow文件
建议使用ansible,可以将远程机的shadow文件,以ip进行命名,方便区分对应ip. - 利用john对shadow进行爆破
可以结合shell对指定目录下面的shadow文件进行for循环破解,破解速度的快慢,主要看你的密码本是否强大 - 本人建议哈,由于是咱们自己找是不是弱密码,建议不要把密码本设置的那么强大,能够满足基本的探测出来弱密码即可
所有涉及的安装包:
链接:https://pan.baidu.com/s/1oItHEHCEdmAMWGY0thQM3g
提取码:hgdr
–来自百度网盘超级会员V3的分享
我这边使用的是john-1.9.0-jumbo-1.tar这个版本的,这个是我这个时候官网上面的最新的版本,还是建议大家使用最新版本的,多年来的吃亏经验分享一下
[root@localhost ~]# tar xvf john-1.9.0-jumbo-1.tar john-1.9.0-jumbo-1/.ci/Dockerfile john-1.9.0-jumbo-1/.ci/disable_formats.sh john-1.9.0-jumbo-1/.circleci/circle-ci.sh john-1.9.0-jumbo-1/.circleci/config.yml john-1.9.0-jumbo-1/.editorconfig john-1.9.0-jumbo-1/.gitattributes john-1.9.0-jumbo-1/.github/issue_template.md 以下的省略。。。。
上图就是刚解压出来的(红框框里面二点是刚解压出来的哈,其余两个是我已经安装好了)
告诉大家一个小秘密,这个john只要不是在一个目录里面,只要你解压的目录不同,可以多个john同时开始探测,就好比我上面那样,我就可以开着两个john一起来进行弱密码的破解。
[root@localhost ~]# ls anaconda-ks.cfg check-ip.sh check-re.txt ip-adder.txt ip.txt john john-1.9.0-jumbo-1 john-1.9.0-jumbo-1.tar john-2 [root@localhost ~]# mv john-1.9.0-jumbo-1 john-3 重新命名一下目录 [root@localhost ~]# ls anaconda-ks.cfg check-ip.sh check-re.txt ip-adder.txt ip.txt john john-1.9.0-jumbo-1.tar john-2 john-3 [root@localhost john-3]# ls CONTRIBUTING.md doc README.md run src ##其中doc为文档目录 run为john命令所在目录 src为需要编译的目录 ------->大概就这样理解把 [root@localhost john-3]# cd src/ [root@localhost src]# ls 7z_fmt_plug.c diskcryptor_common.h KeccakSponge.h opencl_bf_fmt_plug.c packaging simd-intrinsics.c adxcrypt_fmt_plug.c diskcryptor_common_plug.c keepass2john.c opencl_bf_std.h padlock_fmt_plug.c simd-intrinsics.h aes diskcryptor_fmt_plug.c keepass_common.h opencl_bf_std_plug.c palshop_fmt_plug.c simd-intrinsics-load-flags.h aes_ccm.h django_fmt_plug.c keepass_common_plug.c opencl_bitlocker_fmt_plug.c panama.c single.c aes_ccm_plug.c django_scrypt_fmt_plug.c keepass_fmt_plug.c opencl_bitlocker.h panama_fmt_plug.c single.h aes_gcm.h DMD5_fmt_plug.c keychain_common.h opencl_bitwarden_fmt_plug.c params.c SIPdump.c aes_gcm_plug.c dmg2john.c keychain_common_plug.c opencl_blockchain_fmt_plug.c params.h SIPdump.h aes.h dmg_common.h keychain_fmt_plug.c opencl_blowfish.h pa-risc.h sip_fmt_plug.c aes_ige.h dmg_common_plug.c keyring_fmt_plug.c opencl_cast.h path.c sip_fmt_plug.h aes_ige_plug.c dmg_fmt_plug.c keystore_common.h opencl_chacha.h path.h skein.c AFS_fmt.c DOMINOSEC8_fmt_plug.c keystore_common_plug.c opencl_cloudkeychain_fmt_plug.c pbkdf2_hmac_common.h skein_fmt_plug.c agilekeychain_common.h DOMINOSEC_fmt_plug.c keystore_fmt_plug.c opencl_cmac.h pbkdf2_hmac_common_plug.c SKEY_fmt_plug.c agilekeychain_common_plug.c dpapimk_fmt_plug.c known_hosts_fmt_plug.c opencl_common.c pbkdf2-hmac-md4_fmt_plug.c SKEY_jtr.h agilekeychain_fmt_plug.c dragonfly3_fmt_plug.c KRB4_fmt_plug.c opencl_common.h pbkdf2_hmac_md4.h SKEY_jtr_plug.c aix_ssha_fmt_plug.c dragonfly4_fmt_plug.c KRB4_std.h opencl_dashlane_fmt_plug.c pbkdf2-hmac-md5_fmt_plug.c sl3_common.h aligned.h drupal7_common.h KRB4_std_plug.c opencl_DES_bs_b_plug.c pbkdf2_hmac_md5.h sl3_common_plug.c alpha.h drupal7_fmt_plug.c krb5_asrep_common.h opencl_DES_bs_f_plug.c pbkdf2_hmac_ripemd160.h sl3_fmt_plug.c alpha.S dummy.c krb5_asrep_common_plug.c opencl_DES_bs.h pbkdf2-hmac-sha1_fmt_plug.c slow_hash.h andotp_fmt_plug.c dyna-compiler-test.sh krb5_asrep_fmt_plug.c opencl_DES_bs_h_plug.c pbkdf2_hmac_sha1.h slow_hash_plug.c androidbackup_common.h dynamic_big_crypt_chopper.pl krb5_common.h opencl_DES_bs_plug.c pbkdf2_hmac_sha256_fmt_plug.c snefru_fmt_plug.c androidbackup_common_plug.c dynamic_big_crypt_generator.sh krb5_common_plug.c opencl_DES_fmt_plug.c pbkdf2_hmac_sha256.h snefru.h androidbackup_fmt_plug.c dynamic_big_crypt_hash.cin krb5_db_fmt_plug.c opencl_des.h pbkdf2-hmac-sha512_fmt_plug.c snefru_plug.c androidfde_fmt_plug.c dynamic_big_crypt_header.cin KRB5_fmt_plug.c opencl_DES_hst_dev_shared.h pbkdf2_hmac_sha512.h snmp_fmt_plug.c ansible_common.h dynamic_compiler.c krb5pa-md5_fmt_plug.c opencl_DES_kernel_params.h pbkdf2_hmac_whirlpool.h solarwinds_common.h ansible_common_plug.c dynamic_compiler_fmt_plug.c krb5pa-sha1_fmt_plug.c opencl_device_info.h pdfcrack_md5.h solarwinds_common_plug.c ansible_fmt_plug.c dynamic_compiler.h KRB5_std.h opencl_diskcryptor_aes_fmt_plug.c pdfcrack_md5_plug.c solarwinds_fmt_plug.c argon2_core.h dynamic_compiler_lib.c KRB5_std_plug.c opencl_diskcryptor_fmt_plug.c pdf_fmt_plug.c sparc32.h argon2_core_plug.c dynamic_fmt.c krb5_tgs_fmt_plug.c opencl_dmg_fmt_plug.c pem_common.h sparc64.h argon2_encoding.h dynamic.h kwallet_fmt_plug.c opencl_electrum_modern_fmt_plug.c pem_common_plug.c sph_haval.h argon2_encoding_plug.c dynamic_parser.c lastpass_cli_common.h opencl_encfs_fmt_plug.c pem_fmt_plug.c sph_md2.h argon2_fmt_plug.c dynamic_preloads.c lastpass_cli_common_plug.c opencl_enpass_fmt_plug.c pfx_common.h sph_panama.h argon2.h dynamic_types.h lastpass_cli_fmt_plug.c opencl_ethereum_fmt_plug.c pfx_common_plug.c sph_ripemd.h argon2_opt.h dynamic_utils.c lastpass_common.h opencl_ethereum_presale_fmt_plug.c pfx_fmt_plug.c sph_skein.h argon2_opt_plug.c dyna_salt.c lastpass_common_plug.c opencl_fvde_fmt_plug.c pgpdisk_common.h sph_tiger.h argon2_plug.c dyna_salt.h lastpass_fmt_plug.c opencl_geli_fmt_plug.c pgpdisk_common_plug.c sph_types.h argon2_ref.h dyna-speed.pl lastpass_sniffed_fmt_plug.c opencl_gpg_fmt_plug.c pgpdisk_fmt_plug.c sph_whirlpool.h argon2_ref_plug.c dyna-speed.sh leet_cc_fmt_plug.c opencl_hash_check_128.h pgpsda_common.h ssha512_fmt_plug.c arm32le.h eapmd5tojohn.c LICENSE.gost opencl_hash_check_128_plug.c pgpsda_common_plug.c ssh_common.h arm64le.h ecryptfs_fmt_plug.c list.c opencl_hmac_sha1.h pgpsda_fmt_plug.c ssh_common_plug.c as400_des_fmt_plug.c ed25519-donna listconf.c opencl_hmac_sha256.h pgpwde_common.h ssh_fmt_plug.c as400_ssha1_fmt_plug.c ed25519.h listconf.h opencl_hmac_sha512.h pgpwde_common_plug.c ssh_variable_code.h asaMD5_fmt_plug.c eigrp_fmt_plug.c list.h opencl_iwork_fmt_plug.c pgpwde_fmt_plug.c sspr_common.h asn1.h electrum_fmt_plug.c LM_fmt.c opencl_keccak.h phpass_common.h sspr_common_plug.c asn1_plug.c encfs_common.h loader.c opencl_keepass_fmt_plug.c phpass_common_plug.c sspr_fmt_plug.c autoconf_arch.h encfs_common_plug.c loader.h opencl_keychain_fmt_plug.c phpassMD5_fmt_plug.c status.c autoconfig.h.in encfs_fmt_plug.c logger.c opencl_keyring_fmt_plug.c PHPS2_fmt_plug.c status.h axcrypt_common.h encoding_data.h logger.h opencl_keystore_fmt_plug.c PHPS_fmt_plug.c stdbool.h axcrypt_common_plug.c enpass_common.h lotus5_fmt_plug.c opencl_krb5_asrep_aes_fmt_plug.c pixMD5_fmt_plug.c stribog_fmt_plug.c axcrypt_fmt_plug.c enpass_common_plug.c lotus85_fmt_plug.c opencl_krb5pa-md5_fmt_plug.c pkcs12.h strip_common.h axcrypt_variable_code.h enpass_fmt_plug.c luks_fmt_plug.c opencl_krb5pa-sha1_fmt_plug.c pkcs12_plug.c strip_common_plug.c AzureAD_common.h EPI_fmt_plug.c luks_insane_tests.h opencl_lastpass_cli_fmt_plug.c pkzip.c strip_fmt_plug.c AzureAD_common_plug.c episerver_fmt_plug.c lzma opencl_lastpass_fmt_plug.c pkzip_fmt_plug.c subsets.c AzureAD_fmt_plug.c ethereum_common.h m4 opencl_lm_b_plug.c pkzip.h subsets.h base64_convert.c ethereum_common_plug.c Makefile.dep opencl_lm_finalize_keys.h pkzip_inffixed.h sunmd5_fmt_plug.c base64_convert.h ethereum_fmt_plug.c Makefile.in opencl_lm_fmt_plug.c plaintext_fmt_plug.c SybaseASE_fmt_plug.c batch.c external.c Makefile.legacy opencl_lm.h plugin_deps.pl SybasePROP_fmt_plug.c batch.h external.h Makefile.stub opencl_lm_hst_dev_shared.h PO_fmt_plug.c syb-prop_repro.h bcrypt_pbkdf.h fake_salts.c mask.c opencl_lm_kernel_params.h postgres_fmt_plug.c syb-prop_repro_plug.c bcrypt_pbkdf_plug.c fake_salts.h mask_ext.c opencl_lm_plug.c pp.c symlink.c bench.c feal8.h mask_ext.h opencl_lotus5_fmt.h ppc32alt.h tacacs_plus_fmt_plug.c bench.h feal8_plug.c mask.h opencl_lotus5_fmt_plug.c ppc32.h tcphdr.h best.c FG2_fmt_plug.c md2.c opencl_mask_extras.h ppc64alt.h tcp_md5_fmt_plug.c bestcrypt_fmt_plug.c FGT_fmt_plug.c md2_fmt_plug.c opencl_mask.h ppc64.h telegram_common.h best.sh filevault.h md4.c opencl_md4_ctx.h ppc_cpuid.c telegram_common_plug.c BF_common.c formats.c md4.h opencl_md4.h prince.h telegram_fmt_plug.c BF_common.h formats.h md5.c opencl_md5crypt_fmt_plug.c pseudo_intrinsics.h testparas.pl BFEgg_fmt_plug.c formspring_fmt_plug.c md5crypt_common.c opencl_md5_ctx.h pst_fmt_plug.c tests BF_fmt.c fuzz.c md5crypt_common.h opencl_md5.h putty2john.c tezos_common.h BF_std.c fuzz.h md5crypt_long_fmt.c opencl_misc.h putty_fmt_plug.c tezos_common_plug.c BF_std.h fvde_common.h MD5_fmt.c opencl_mscash2_fmt_plug.c pwsafe_common.h tezos_fmt_plug.c bf_tab.h fvde_common_plug.c md5.h opencl_mscash2_helper_plug.c pwsafe_common_plug.c tgtsnarf.c bitcoin_fmt_plug.c fvde_fmt_plug.c MD5_std.c opencl_mscash2_helper_plug.h pwsafe_fmt_plug.c tiger.c bitlocker2john.c geli_common.h MD5_std.h opencl_mscash_fmt_plug.c qnx_common.h tiger_fmt_plug.c bitlocker_common.h geli_common_plug.c mdc2dgst_plug.c opencl_mysqlsha1_fmt_plug.c qnx_fmt_plug.c timer.c bitlocker_common_plug.c geli_fmt_plug.c mdc2_fmt_plug.c opencl_nonstd.h racf2john.c timer.h bitlocker_fmt_plug.c genmkvpwd.c mdc2-JtR.h opencl_notes_fmt_plug.c racf_fmt_plug.c times.h bitlocker_variable_code.h getopt.c md_helper.c opencl_nt_fmt_plug.c racf_kdfaes_fmt_plug.c trip_fmt.c bitshares_fmt_plug.c getopt.h mediawiki_fmt_plug.c opencl_ntlmv2_fmt_plug.c radius_fmt_plug.c truecrypt_fmt_plug.c bitwarden_common.h gost3411-2012-sse41.h memory.c opencl_o5logon_fmt_plug.c radmin_fmt_plug.c truth.pl bitwarden_common_plug.c gost3411-2012-sse41_plug.c memory.h opencl_odf_fmt_plug.c rakp_fmt_plug.c tty.c bitwarden_fmt_plug.c gost3411-tables.h mic.h opencl_office_fmt_plug.c rar2john.c tty.h bks_fmt_plug.c gost3411-tables_plug.c mips32.h opencl_oldoffice_fmt_plug.c rar2john.h twofish.h blackberry_ES10_fmt_plug.c gost.c mips64.h opencl_openbsdsoftraid_fmt_plug.c rar5_common.h twofish_plug.c blake256.h gost_fmt_plug.c misc.c opencl_pbkdf1_hmac_sha1.h rar5_fmt_plug.c uaf2john.c blake256_plug.c gost.h misc.h opencl_pbkdf2_hmac_md4_fmt_plug.c rar_common.c uaf_encode.c blake2b-load-sse2.h gpg2john.c missing_getopt.c opencl_pbkdf2_hmac_md4.h rar_fmt_plug.c uaf_encode.h blake2b-load-sse41.h gpg_common.h missing_getopt.h opencl_pbkdf2_hmac_md5_fmt_plug.c raw2dyna.c uaf_hash.c blake2b_plug.c gpg_common_plug.c mkv.c opencl_pbkdf2_hmac_md5.h rawBLAKE2_512_fmt_plug.c uaf_raw.h blake2b-ref_plug.c gpg_fmt_plug.c mkvcalcproba.c opencl_pbkdf2_hmac_sha1_fmt_plug.c rawKeccak_256_fmt_plug.c unafs.c blake2b-round.h gpu_common.c mkv.h opencl_pbkdf2_hmac_sha1.h rawKeccak_512_fmt_plug.c undrop.c blake2.h gpu_common.h mkvlib.c opencl_pbkdf2_hmac_sha256_fmt_plug.c rawMD4_fmt_plug.c unicode.c blake2-impl.h gpu_sensors.h mkvlib.h opencl_pbkdf2_hmac_sha256.h rawMD5flat_fmt_plug.c UnicodeData.h blamka-round-opt.h groestl.h mmap-windows.c opencl_pbkdf2_hmac_sha512_fmt_plug.c rawMD5_fmt_plug.c unicode.h blamka-round-ref.h groestl_plug.c monero_fmt_plug.c opencl_pem_fmt_plug.c rawmd5u_fmt_plug.c unicode_range.c blf.h groestl_tables.h money_fmt_plug.c opencl_pfx_fmt_plug.c rawSHA1_common.h unicode_range.h blf_plug.c has160_fmt_plug.c mongodb_fmt_plug.c opencl_pgpdisk_fmt_plug.c rawSHA1_common_plug.c unique.c blockchain_common.h has160.h mongodb_scram_fmt_plug.c opencl_pgpsda_fmt_plug.c rawSHA1_fmt_plug.c unrar.c blockchain_common_plug.c has160_plug.c mozilla_ng_fmt_plug.c opencl_pgpwde_fmt_plug.c rawSHA1_linkedIn_fmt_plug.c unrarcmd.c blockchain_fmt_plug.c haval.c mpz_int128.h opencl_phpass_fmt_plug.c rawSHA224_fmt_plug.c unrarcmd.h blowfish.c haval_fmt_plug.c mscash1_fmt_plug.c opencl_pkcs12.h rawSHA256_common.h unrarfilter.c blowfish.h haval_helper.c mscash2_fmt_plug.c opencl_pwsafe_fmt_plug.c rawSHA256_common_plug.c unrarfilter.h brg_endian.h hccap2john.c mscash_common.h opencl_rakp_fmt_plug.c rawSHA256_fmt_plug.c unrar.h BSDI_fmt.c hccap.h mscash_common_plug.c opencl_rar5_fmt_plug.c rawSHA384_fmt_plug.c unrarhlp.c bt.c HDAA_fmt_plug.c MSCHAPv2_bs_fmt_plug.c opencl_rar_fmt_plug.c rawSHA512_common.h unrarhlp.h bt_hash_type_128.c hmacmd5.c mssql05_fmt_plug.c opencl_rawmd4_fmt_plug.c rawSHA512_common_plug.c unrarppm.c bt_hash_type_192.c hmacMD5_fmt_plug.c mssql12_fmt_plug.c opencl_rawmd5_fmt_plug.c rawSHA512_fmt_plug.c unrarppm.h bt_hash_type_64.c hmacmd5.h mssql-old_fmt_plug.c opencl_rawsha1_fmt_plug.c rc4.c unrarvm.c bt_hash_types.h hmacSHA1_fmt_plug.c multibit_fmt_plug.c opencl_rawsha256_fmt_plug.c rc4.h unrarvm.h bt_interface.h hmacSHA256_fmt_plug.c mysql_fmt_plug.c opencl_rawsha256.h recovery.c unshadow.c bt_twister.c hmacSHA512_fmt_plug.c mysql_netauth_fmt_plug.c opencl_rawsha512_fmt_plug.c recovery.h unused bt_twister.h hmac_sha.h mysqlSHA1_fmt_plug.c opencl_rawsha512_gpl_fmt_plug.c regex.c vax.h byteorder.h hmac_sha_plug.c net_ah_fmt_plug.c opencl_rawsha512.h regex.h vdi_fmt_plug.c c3_fmt.c hmailserver_fmt_plug.c NETLM_fmt_plug.c opencl_rc4.h ripemd.c vms_fmt_plug.c calc_stat.c hsrp_fmt_plug.c NETLMv2_fmt_plug.c opencl_ripemd.h ripemd_fmt_plug.c vms_std.h chacha.h ia64.h net_md5_fmt_plug.c opencl_salted_sha_fmt_plug.c rpp.c vmx_common.h chacha_plug.c idea-JtR.h NETNTLM_bs_fmt_plug.c opencl_sappse_fmt_plug.c rpp.h vmx_common_plug.c chap_fmt_plug.c idea_plug.c NETNTLMv2_fmt_plug.c opencl_sboxes.h rsvp_fmt_plug.c vmx_fmt_plug.c charset.c idle.c net_sha1_fmt_plug.c opencl_sboxes-s.h rules.c vnc_fmt_plug.c charset.h idle.h NETSPLITLM_fmt_plug.c opencl_sha1crypt_fmt_plug.c rules.h vncpcap2john.c citrix_ns_fmt_plug.c ike-crack.h nonstd.c opencl_sha1_ctx.h rules_init_classes.h vtp_fmt_plug.c clipperz_srp_fmt_plug.c ike_fmt_plug.c notes_common.h opencl_sha1.h rules_init_convs.h wbb3_fmt_plug.c cloudkeychain_common.h inc.c notes_common_plug.c opencl_sha256crypt_fmt_plug.c salted_sha1_common.h whirlpool.c cloudkeychain_common_plug.c inc.h notes_fmt_plug.c opencl_sha256crypt.h salted_sha1_common_plug.c whirlpool_fmt_plug.c cloudkeychain_fmt_plug.c install-sh nsec3_fmt_plug.c opencl_sha256.h salted_sha1_fmt_plug.c Win32-dlfcn-port.h cmpt_cp.pl int128.h NS_fmt_plug.c opencl_sha2_common.h sapB_fmt_plug.c win32_memmap.c common.c int-util.h nt2_fmt_plug.c opencl_sha2_common_plug.c sapG_fmt_plug.c win32_memmap.h common-get-hash.h IPB2_fmt_plug.c ntlmv1_mschapv2_fmt_plug.c opencl_sha2_ctx.h sapH_fmt_plug.c wordlist.c common.h itunes_common.h nukedclan_fmt_plug.c opencl_sha2.h sap_pse_common.h wordlist.h common-simd-getpos.h itunes_common_plug.c o10glogon_fmt_plug.c opencl_sha512crypt_fmt_plug.c sap_pse_common_plug.c wow_srp_fmt_plug.c common-simd-setkey32.h itunes_fmt_plug.c o3logon_fmt_plug.c opencl_sha512crypt.h sap_pse_fmt_plug.c wpapcap2john.c common-simd-setkey64.h iwork_common.h o5logon_fmt_plug.c opencl_sha512.h sboxes.c wpapcap2john.h compile iwork_common_plug.c oaes_lib.h opencl_sl3_fmt_plug.c sboxes-s.c wpapmk_fmt_plug.c compiler.c iwork_fmt_plug.c oaes_lib_plug.c opencl_solarwinds_fmt_plug.c sboxes-t.c wpapsk_fmt_plug.c compiler.h jh.h odf_common.h opencl_ssh_fmt_plug.c scrypt_fmt.c wpapsk.h config.c jh_plug.c odf_common_plug.c opencl_sspr_fmt_plug.c scrypt_platform.h x86-64.h config.guess john.asm odf_fmt_plug.c opencl_strip_fmt_plug.c secp256k1 x86-64.S config.h john.c office_common.h opencl_tc_fmt_plug.c secp256k1.h x86-any.h config.sub john.com office_common_plug.c opencl_telegram_fmt_plug.c securezip_common.h x86-mmx.h configure john.h office_fmt_plug.c opencl_tezos_fmt_plug.c securezip_common_plug.c x86-mmx.S configure.ac john_mpi.c oldoffice_fmt_plug.c opencl_twofish.h securezip_fmt_plug.c x86.S cprepair.c john_mpi.h omp_autotune.c opencl_unicode.h serpent.h x86-sse.h cq_fmt_plug.c johnswap.h omp_autotune.h opencl_vmx_fmt_plug.c serpent_plug.c x86-sse.S cracker.c jtr_sha2.h openbsdsoftraid_common.h opencl_wpapmk_fmt_plug.c sha1crypt_common.h xmpp_scram_fmt_plug.c cracker.h jumbo.c openbsdsoftraid_common_plug.c opencl_wpapsk_fmt_plug.c sha1crypt_common_plug.c XSHA512_fmt_plug.c crc32.c jumbo.h openbsdsoftraid_fmt_plug.c opencl_xsha512_fmt_plug.c sha1crypt_fmt_plug.c XSHA_fmt_plug.c crc32_fmt_plug.c KeccakDuplex.c openbsdsoftraid_variable_code.h opencl_zip_fmt_plug.c sha256crypt_common.h xts.h crc32.h KeccakDuplex.h opencl openssl_code.h sha256crypt_fmt_plug.c xts_plug.c cygwin_ethernet.h KeccakF-1600-64.macros opencl_7z_fmt_plug.c openssl_code_plug.c sha2.c yescrypt dahua_fmt_plug.c KeccakF-1600-interface.h opencl_aes_bitslice.h openssl_enc_fmt_plug.c sha2.h zip2john.c dashlane_common.h KeccakF-1600-opt64.c opencl_aes.h openssl_local_overrides.h sha3_512_fmt_plug.c zip_fmt_plug.c dashlane_common_plug.c KeccakF-1600-opt64-settings.h opencl_aes_plain.h options.c sha512crypt_common.h zipmonster_fmt_plug.c dashlane_fmt_plug.c KeccakF-1600-reference32BI.c opencl_agilekeychain_fmt_plug.c options.h sha512crypt_fmt_plug.c ztex DES_bs_b.c KeccakF-1600-reference.h opencl_androidbackup_fmt_plug.c oracle11_fmt_plug.c sha.h ztex_bcrypt.c DES_bs.c KeccakF-1600-unrolling.macros opencl_ansible_fmt_plug.c oracle12c_fmt_plug.c showformats.c ztex_descrypt.c DES_bs.h keccak.h opencl_asn1.h oracle_fmt_plug.c showformats.h ztex_drupal7.c DES_fmt.c KeccakHash.c opencl_autotune.c os-autoconf.h siemens-s7_fmt_plug.c ztex_md5crypt.c DES_std.c KeccakHash.h opencl_autotune.h osc_fmt_plug.c signal_fmt_plug.c ztex_phpass.c DES_std.h keccak_plug.c opencl_axcrypt2_fmt_plug.c os.h signals.c ztex_sha256crypt.c detect.c KeccakSponge.c opencl_axcrypt_fmt_plug.c ospf_fmt_plug.c signals.h ztex_sha512crypt.c [root@localhost src]# ./configure checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking whether to compile using MPI... no checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether gcc understands -c and -o together... yes checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ISO C89... (cached) none needed checking whether gcc understands -c and -o together... (cached) yes checking additional paths... -L/usr/local/lib -I/usr/local/include checking arg check macro for -m with gcc... yes checking arg check macro for -Q with gcc... yes checking if gcc supports -funroll-loops... yes checking if gcc supports -Os... yes checking if gcc supports -finline-functions... yes checking if gcc supports -Og... yes checking if gcc supports -Wall... yes checking if gcc supports -Wno-stringop-truncation... no checking if gcc supports -Wno-format-overflow... no checking if gcc supports -Wno-format-truncation... no checking if gcc supports -Wno-tautological-constant-out-of-range-compare... no checking if gcc supports -fno-omit-frame-pointer... yes checking if gcc supports --param allow-store-data-races=0... yes checking if gcc supports -Wno-deprecated-declarations... yes checking if gcc supports -Wformat-extra-args... no checking if gcc supports -Wunused-but-set-variable... yes checking if gcc supports -Qunused-arguments... no checking if gcc supports -std=gnu89... yes checking if gcc supports -Wdate-time... no checking if gcc supports -m64 w/ linking... yes checking for 32/64 bit... 64-bit checking additional paths (64 bit)... -L/usr/local/lib64 -L/usr/lib64 -L/lib64 checking whether ln -s works... yes checking for grep that handles long lines and -e... /usr/bin/grep checking for a sed that does not truncate output... /usr/bin/sed checking for GNU make... make checking whether make sets $(MAKE)... yes checking how to run the C preprocessor... gcc -E checking for a thread-safe mkdir -p... /usr/bin/mkdir -p checking for sort... /usr/bin/sort checking for find... /usr/bin/find checking for perl... /usr/bin/perl checking for ar... ar checking for strip... strip checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking if pkg-config will be used... no checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking size of short... 2 checking size of int... 4 checking size of long... 8 checking size of long long... 8 checking size of wchar_t... 4 checking size of int *... 8 checking size of void *... 8 checking for extra ASFLAGS... None needed checking for X32 ABI... no checking special compiler flags... Intel x86 configure: Testing build host's native CPU features checking for MMX... yes checking for SSE2... yes checking for SSSE3... yes checking for SSE4.1... yes checking for SSE4.2... yes checking for AVX... yes checking for XOP... no checking for AVX2... no checking for arch.h alternative... x86-64.h checking for byte ordering according to target triple... little checking supplied paths for OpenSSL... checking additional paths for OpenSSL... none checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking for SSL_CTX_new in -lssl... yes checking for MD5_Update in -lcrypto... yes checking for sqrt in -lm... yes checking for deflate in -lz... yes checking for library containing crypt... -lcrypt checking gmp.h usability... no checking gmp.h presence... no checking for gmp.h... no checking gmp/gmp.h usability... no checking gmp/gmp.h presence... no checking for gmp/gmp.h... no checking skey.h usability... no checking skey.h presence... no checking for skey.h... no checking for S/Key... using our own code checking bzlib.h usability... no checking bzlib.h presence... no checking for bzlib.h... no checking for main in -lkernel32... no checking for dlopen in -ldl... yes checking intrin.h usability... no checking intrin.h presence... no checking for intrin.h... no checking openssl/cmac.h usability... yes checking openssl/cmac.h presence... yes checking for openssl/cmac.h... yes configure: rexgen check not enabled checking pcap.h usability... no checking pcap.h presence... no checking for pcap.h... no checking pcap/pcap.h usability... no checking pcap/pcap.h presence... no checking for pcap/pcap.h... no checking for pcap.h... (cached) no checking for pcap/pcap.h... (cached) no checking whether time.h and sys/time.h may both be included... yes checking whether string.h and strings.h may both be included... yes checking for SHA256... yes checking for WHIRLPOOL... yes checking for RIPEMD160... yes checking for AES_encrypt... yes checking for DSA_get0_pqg... no checking for gcc option to support OpenMP... -fopenmp checking additional paths for OpenCL... none checking if compiler needs -Werror to reject unknown flags... no checking for the pthreads library -lpthreads... no checking whether pthreads work without any flags... no checking whether pthreads work with -Kthread... no checking whether pthreads work with -kthread... no checking for the pthreads library -llthread... no checking whether pthreads work with -pthread... yes checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE checking if more special flags are required for pthreads... no checking for PTHREAD_PRIO_INHERIT... yes checking whether we are using the Microsoft C compiler... no checking CL/cl.h usability... no checking CL/cl.h presence... no checking for CL/cl.h... no checking OpenCL/cl.h usability... no checking OpenCL/cl.h presence... no checking for OpenCL/cl.h... no checking windows.h usability... no checking windows.h presence... no checking for windows.h... no checking for OpenCL library... no checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking crypt.h usability... yes checking crypt.h presence... yes checking for crypt.h... yes checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking malloc.h usability... yes checking malloc.h presence... yes checking for malloc.h... yes checking net/ethernet.h usability... yes checking net/ethernet.h presence... yes checking for net/ethernet.h... yes checking netdb.h usability... yes checking netdb.h presence... yes checking for netdb.h... yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes checking netinet/in_systm.h usability... yes checking netinet/in_systm.h presence... yes checking for netinet/in_systm.h... yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sys/ethernet.h usability... no checking sys/ethernet.h presence... no checking for sys/ethernet.h... no checking sys/file.h usability... yes checking sys/file.h presence... yes checking for sys/file.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking sys/times.h usability... yes checking sys/times.h presence... yes checking for sys/times.h... yes checking for sys/types.h... (cached) yes checking termios.h usability... yes checking termios.h presence... yes checking for termios.h... yes checking for unistd.h... (cached) yes checking unixlib/local.h usability... no checking unixlib/local.h presence... no checking for unixlib/local.h... no checking for windows.h... (cached) no checking for net/if.h... yes checking for net/if_arp.h... yes checking for netinet/if_ether.h... yes checking for netinet/ip.h... yes checking for stdbool.h that conforms to C99... yes checking for _Bool... yes checking for inline... inline checking for int32_t... yes checking for int64_t... yes checking for off_t... yes checking for size_t... yes checking for ssize_t... yes checking for uint16_t... yes checking for uint32_t... yes checking for uint64_t... yes checking for uint8_t... yes checking for ptrdiff_t... yes checking for int128... no checking for __int128... yes checking for __int128_t... yes checking for error_at_line... yes checking for pid_t... yes checking vfork.h usability... no checking vfork.h presence... no checking for vfork.h... no checking for fork... yes checking for vfork... yes checking for working fork... yes checking for working vfork... (cached) yes checking for fseek64... no checking for fseeko... yes checking for fseeko64... yes checking for _fseeki64... no checking for lseek64... yes checking for lseek... yes checking for ftell64... no checking for ftello... yes checking for ftello64... yes checking for _ftelli64... no checking for fopen64... yes checking for _fopen64... no checking for memmem... yes checking for mmap... yes checking for sleep... yes checking for setenv... yes checking for putenv... yes checking for strcasecmp... yes checking for strncasecmp... yes checking for stricmp... no checking for strcmpi... no checking for _stricmp... no checking for _strcmpi... no checking for strnicmp... no checking for strncmpi... no checking for _strnicmp... no checking for _strncmpi... no checking for strnlen... yes checking for strlwr... no checking for strupr... no checking for strrev... no checking for atoll... yes checking for _atoi64... no checking for snprintf... yes checking for sprintf_s... no checking for strcasestr... yes checking for clGetKernelArgInfo... no checking for posix_memalign... yes checking for yasm that supports "-g dwarf2 -f elf64"... checking for OS-specific feature macros needed... -D_POSIX_SOURCE -D_GNU_SOURCE -D_XOPEN_SOURCE=600 checking size of size_t... 8 checking size of off_t... 8 configure: Fuzz check disabled configure: Fuzzing (using libFuzzer) check disabled configure: creating *_plug.c rules, WITHOUT OpenCL objects configure: creating Makefile dependencies configure: creating ./john_build_rule.h configure: creating ./config.status config.status: creating Makefile config.status: creating aes/Makefile config.status: creating aes/aesni/Makefile config.status: creating aes/openssl/Makefile config.status: creating secp256k1/Makefile config.status: creating ed25519-donna/Makefile config.status: creating autoconfig.h config.status: linking x86-64.h to arch.h config.status: executing default commands configure: creating ./fmt_externs.h configure: creating ./fmt_registers.h Configured for building John the Ripper jumbo: Target CPU ................................. x86_64 AVX, 64-bit LE AES-NI support ............................. depends on OpenSSL Target OS .................................. linux-gnu Cross compiling ............................ no Legacy arch header ......................... x86-64.h Optional libraries/features found: Memory map (share/page large files) ........ yes Fork support ............................... yes OpenMP support ............................. yes (not for fast formats) OpenCL support ............................. no Generic crypt(3) format .................... yes libgmp (PRINCE mode and faster SRP formats) no 128-bit integer (faster PRINCE mode) ....... yes libz (pkzip and some other formats) ........ yes libbz2 (gpg2john extra decompression logic) no libpcap (vncpcap2john and SIPdump) ......... no OpenMPI support (default disabled) ......... no ZTEX USB-FPGA module 1.15y support ......... no Install missing libraries to get any needed features that were omitted. Configure finished. Now "make -s clean && make -sj4" to compile. ##提示接下来需要执行这个命令 ####如果期间报错,缺少依赖包,这个时候就体现epel源的强大了,直接yum -y install 包名* 安装即可 [root@localhost src]# make -s clean && make -sj4 ar: 正在创建 aes.a ar: 正在创建 ed25519-donna.a ar: 正在创建 secp256k1.a Make process completed. ####安装完之后 在john-3/run下面就会多出来一个john的可执行的二进制文件 [root@localhost src]# ll ../run/john -rwxr-xr-x. 1 root root 18732304 8月 2 22:51 ../run/john [root@localhost src]# cd ../run/ [root@localhost run]# ls 1password2john.py bestcrypt2john.py dns hccap2john keystore2john.py luks2john.py padlock2john.py raw2dyna tgtsnarf 7z2john.pl bitcoin2john.py DPAPImk2john.py hccapx2john.py kirbi2john.py mac2john-alt.py pass_gen.pl regex_alphabets.conf truecrypt2john.py adxcsouf2john.py bitlocker2john dumb16.conf hextoraw.pl known_hosts2john.py mac2john.py password.lst relbench uaf2john aem2john.py bitshares2john.py dumb32.conf htdigest2john.py korelogic.conf mailer pcap2john.py repeats16.conf unafs aix2john.pl bitwarden2john.py dynamic.conf hybrid.conf krb2john.py makechr pdf2john.pl repeats32.conf undrop aix2john.py bks2john.py dynamic_disabled.conf ibmiscanner2john.py kwallet2john.py mcafee_epo2john.py pem2john.py rexgen2rules.pl unique alnum.chr blockchain2john.py dynamic_flat_sse_formats.conf ikescan2john.py lanman.chr mkvcalcproba pfx2john.py rules unrule.pl alnumspace.chr calc_stat ecryptfs2john.py ios7tojohn.pl lastpass2john.py monero2john.py pgpdisk2john.py rulestack.pl unshadow alpha.chr ccache2john.py ejabberd2john.py itunes_backup2john.pl latin1.chr money2john.py pgpsda2john.py sap2john.pl upper.chr andotp2john.py cisco2john.pl electrum2john.py iwork2john.py ldif2john.pl mongodb2john.js pgpwde2john.py sha-dump.pl uppernum.chr androidbackup2john.py codepage.pl encfs2john.py john leet.pl mozilla2john.py potcheck.pl sha-test.pl utf8.chr androidfde2john.py cprepair enpass2john.py john.bash_completion lib multibit2john.py prosody2john.py signal2john.py vdi2john.pl ansible2john.py cracf2john.py ethereum2john.py john.conf libreoffice2john.py neo2john.py pse2john.py sipdump2john.py vmx2john.py apex2john.py dashlane2john.py filezilla2john.py john.zsh_completion lion2john-alt.pl netntlm.pl ps_token2john.py ssh2john.py wpapcap2john applenotes2john.py deepsound2john.py fuzz.dic jtrconf.pm lion2john.pl netscreen.py putty2john sspr2john.py zip2john aruba2john.py dictionary.rfc2865 fuzz_option.pl jtr_rulez.pm lm_ascii.chr network2john.lua pwsafe2john.py staroffice2john.py ztex ascii.chr digits.chr geli2john.py kdcdump2john.py lotus2john.py office2john.py racf2john stats axcrypt2john.py diskcryptor2john.py genincstats.rb keepass2john lower.chr openbsd_softraid2john.py radius2john.pl strip2john.py base64conv dmg2john genmkvpwd keychain2john.py lowernum.chr openssl2john.py radius2john.py telegram2john.py benchmark-unify dmg2john.py gpg2john keyring2john.py lowerspace.chr oui.txt rar2john tezos2john.py二、来吧,测试一下
我的虚机的密码是A123456
[root@localhost run]# echo "A123456" >> password.lst ###这个就是密码本,可以用john自带的,也可以用我文章末100亿种的密码组合 ###我这里使用追加,是为了自己更方便的探测我的密码,如果想探测成功,密码必须存在在密码本里面 [root@localhost run]# ./john -w:password.lst /etc/shadow Using default input encoding: UTF-8 Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x]) Cost 1 (iteration count) is 5000 for all loaded hashes Warning: OpenMP is disabled; a non-OpenMP build may be faster Press 'q' or Ctrl-C to abort, almost any other key for status A123456 (root) 1g 0:00:00:10 DONE (2022-08-02 22:55) 0.09425g/s 334.3p/s 668.6c/s 668.6C/s paagal..A123456 Use the "--show" option to display all of the cracked passwords reliably Session completed
可以看出来,已经给破解或者探测出来了。
aix小机没有/etc/shadow文件,他的文件是在/etc/security/passwd,如果需要探测,还请使用这个文件
由于aix小机的shadow文件与linux的不是很一致,需要重新的调整下,格式利用下面的shell即可
cat 文件名|egrep ":|password" | sed 's/password = //g' | tr -d "t " |sed ':a;N;$!ba;s/:n/:/g' > passwd-aix ###l利用john探测passwd-aix文件即可小结
- 第一次密码探测成功后,第二次他就不会再探测出密码,这是因为john会将之前的探测结果沈城缓存放起来,只要把缓存清理了,john就会继续进行探测的
> john.pot 文件即可清空缓存
-
可以多安装部署几个目录 john-4 john-5 …
由于我的机器比较多,我是用了6个john跑了一晚上跑完的。 -
john还是比较强大的,还请大家自行百度摸索
-
结合shell脚本,可以把所有的shadow文件放到一个目录下面,利用for循环,自动的进行破解并将结果输出到文件,第二天一早,就可以看到所有的结果,走正常的流程进行变更,申请修改扫出来的弱密码
###本脚本需要结合实际,请调整后在用 [root@localhost zzz-shell]# cat check.sh #!/bin/bash [ -f check.txt ] || touch check.txt for i in `ls ~/john/run/zzz-sha/shadow/` do echo $i echo "$i" >> check.txt `/root/john/run/john -w:/root/john/run/password.lst ~/john/run/zzz-sha/shadow/$i/etc/shadow >> check.txt` done
- 本文档说是探测弱口令,但是也存在破解口令的情况,还请大家自重
100亿以上精准密码字典
https://download.csdn.net/download/guijianchouxyz/86272783
