使用john进行密码爆破

0.前言

这篇文章中会讲解john工具的简单应用,以及介绍unshadow、unique工具。

1.unshadow

unshadow命令基本上会结合/etc/passwd的数据和/etc/shadow的数据,创建1个含有用户名和密码详细信息的文件。

示范:

root@kali:unshadow /etc/passwd /etc/shadow > shadow

生成了一个名为shadow的密码文件。

2.unique

unique工具可以从一个密码字典中去除重复行,为我们使用密码字典进行爆破提供了很大的便利。

用法:

root@kali:~# unique
Usage: unique [-v] [-inp=fname] [-cut=len] [-mem=num] OUTPUT-FILE [-ex_file=FNAME2] [-ex_file_only=FNAME2]

       reads from stdin 'normally', but can be overridden by optional -inp=
       If -ex_file=XX is used, then data from file XX is also used to
       unique the data, but nothing is ever written to XX. Thus, any data in
       XX, will NOT output into OUTPUT-FILE (for making iterative dictionaries)
       -ex_file_only=XX assumes the file is 'unique', and only checks against XX
       -cut=len  Will trim each input lines to 'len' bytes long, prior to running
       the unique algorithm. The 'trimming' is done on any -ex_file[_only] file
       -mem=num.  A number that overrides the UNIQUE_HASH_LOG value from within
       params.h.  The default is 21.  This can be raised, up to 25 (memory usage
       doubles each number).  If you go TOO large, unique will swap and thrash and
       work VERY slow

       -v is for 'verbose' mode, outputs line counts during the run

示例:

root@kali:~# unique -v -inp=allwords.txt uniques.txt
Total lines read 6089 Unique lines written 5083

3.john

john the ripper是一款本地密码破解工具,可以从我们上面生成的shadow文件(密码散列)中破解出密码。破解时间取决于密码的复杂程度以及破解模式。

用法:john工具官方文档

示例:

(1)使用密码字典进行爆破

在这里,我们使用john自带的密码字典,位置为/usr/share/john/password.lst。

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules shadow 
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64])
123456             (root)
guesses: 1  time: 0:00:00:07 DONE (Mon May 19 08:13:05 2014)  c/s: 482  trying: 1701d - andrew
Use the "--show" option to display all of the cracked passwords reliably

可以看到,在第五行中已经破解出来了密码为123456。

(2)不指定字典直接爆破

root@kali:~# john shadow
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64])
123456             (root)
guesses: 1  time: 0:00:00:07 DONE (Mon May 19 08:13:05 2014)  c/s: 482  trying: 1701d - andrew
Use the "--show" option to display all of the cracked passwords reliably

john中还包含多种破解模式,这里不再举例,有兴趣的话可以自行查询上方给出的官方文档。

4.注意事项

john工具对于同一个shadow文件只会进行一次爆破,如果第二次执行john shadow是不会得到结果的,只会得到如下输出。

root@kali2017:~# john shadow 
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 128/128 AVX 2x])
No password hashes left to crack (see FAQ)

如果想查看上一次爆破的结果,可以使用以下命令。

root@kali2017:~# john --show shadow 
root:123456:0:0:root:/root:/bin/bash

1 password hash cracked, 0 left

你可能感兴趣的:(服务器安全)