{"id":401,"date":"2017-03-19T20:43:00","date_gmt":"2017-03-19T12:43:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=401"},"modified":"2025-08-27T16:22:22","modified_gmt":"2025-08-27T08:22:22","slug":"cracking-password","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/401","title":{"rendered":"Cracking Password"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5bc6\u78bc\u653b\u64ca\u985e\u578b<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. \u7dda\u4e0a\u653b\u64ca\uff08Online Attacks\uff09<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u88ab\u52d5\u5f0f\u7dda\u4e0a\u653b\u64ca\uff08Passive Online Attacks\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u900f\u904e\u76e3\u807d\uff08sniffing\uff09\u7db2\u8def\u6d41\u91cf\u4f86\u5206\u6790\u4f7f\u7528\u8005\u50b3\u9001\u7684\u5bc6\u78bc\u3002\u5e38\u898b\u5de5\u5177\u50cf\u662fWireshark\u3001tcpdump\u3002<\/li>\n\n\n\n<li>\u5982\u679c\u4f7f\u7528\u8005\u672a\u9001\u51fa\u5bc6\u78bc\uff0c\u6216\u5bc6\u78bc\u50b3\u8f38\u904e\u7a0b\u4e2d\u7d93\u904e\u52a0\u5bc6\uff08\u4f8b\u5982 HTTPS\u3001SSH\uff09\uff0c\u5247\u96e3\u4ee5\u6210\u529f\u53d6\u5f97\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>\u4e3b\u52d5\u5f0f\u7dda\u4e0a\u653b\u64ca\uff08Active Online Attacks\uff09<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u653b\u64ca\u8005\u8207\u76ee\u6a19\u7cfb\u7d71\u9032\u884c\u76f4\u63a5\u4e92\u52d5\uff0c\u53cd\u8986\u5617\u8a66\u731c\u6e2c\u5bc6\u78bc\uff08\u4f8b\u5982\u66b4\u529b\u7834\u89e3\u3001\u5b57\u5178\u653b\u64ca\u3001\u6191\u8b49\u586b\u5145\u7b49\uff09\u3002<\/li>\n\n\n\n<li>\u5bb9\u6613\u88ab\u5075\u6e2c\uff0c\u4f8b\u5982\u767b\u5165\u5931\u6557\u7d00\u9304\u3001\u7570\u5e38\u6d41\u91cf\u3001\u5e33\u865f\u9396\u5b9a\u6a5f\u5236\u3001\u901f\u7387\u9650\u5236\uff08rate limiting\uff09\u7b49<\/li>\n\n\n\n<li>\u9047\u5230MFA\u548cCAPTCHA\u7b49\u6a5f\u5236\u57fa\u672c\u4e0a\u662f\u7121\u6548\uff0c\u9664\u975e\u53e6\u5916\u5c0d\u9019\u4e9b\u6a5f\u5236\u7e5e\u904e<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. \u96e2\u7dda\u653b\u64ca\uff08Offline Attacks\uff09<\/h3>\n\n\n\n<p>\u653b\u64ca\u8005\u5148\u53d6\u5f97\u5bc6\u78bc\u96dc\u6e4a\u6a94\uff08\u5982 \/etc\/shadow\u3001\u8cc7\u6599\u5eab dump\uff09\uff0c\u518d\u96e2\u7dda\u9032\u884c\u7834\u89e3\uff08\u4f7f\u7528 Hashcat\u3001John the Ripper \u7b49\u5de5\u5177\uff09\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4e0d\u6703\u76f4\u63a5\u8207\u76ee\u6a19\u7cfb\u7d71\u4e92\u52d5\uff0c\u56e0\u6b64\u4e0d\u6613\u88ab\u767c\u73fe\u3002<\/li>\n\n\n\n<li>\u4f9d\u9760\u76ee\u6a19\u6240\u7528\u7684\u52a0\u5bc6\u65b9\u5f0f\u8207\u5bc6\u78bc\u5f37\u5ea6\u6c7a\u5b9a\u7834\u89e3\u96e3\u5ea6\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. \u975e\u96fb\u5b50\u653b\u64ca\uff08Non-Electronic Attacks\uff09<\/h3>\n\n\n\n<p>\u4e0d\u900f\u904e\u7cfb\u7d71\u5165\u4fb5\uff0c\u800c\u662f\u4f9d\u9760\u793e\u4ea4\u5de5\u7a0b\u3001\u89c0\u5bdf\u7b49\u65b9\u5f0f\u53d6\u5f97\u5bc6\u78bc\u3002\u4f8b\u5982\u89c0\u5bdf\u4ed6\u4eba\u8f38\u5165\u5bc6\u78bc\u3001\u96fb\u8a71\u8a50\u9a19\u3001\u91e3\u9b5a\u4fe1\u4ef6\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5e38\u898b\u5bc6\u78bc\u653b\u64ca\u65b9\u5f0f<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Passive Online Attacks<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Wire Sniffing<\/strong>\uff1a\u76e3\u807d\u7db2\u8def\u4e2d\u7684\u8cc7\u6599\u5c01\u5305\uff0c\u8a66\u5716\u53d6\u5f97\u5e33\u5bc6\u7b49\u654f\u611f\u8cc7\u8a0a\u3002<\/li>\n\n\n\n<li><strong>Man-in-the-Middle<\/strong>\uff1a\u653b\u64ca\u8005\u5047\u5192\u70ba\u7db2\u95dc\u6216\u4f3a\u670d\u5668\uff0c\u6514\u622a\u4e26\u76e3\u807d\u96d9\u65b9\u7684\u901a\u8a0a\u8cc7\u6599\u3002<\/li>\n\n\n\n<li><strong>Replay Attacks<\/strong>\uff1a\u5c07\u5df2\u64f7\u53d6\u7684\u5408\u6cd5\u5c01\u5305\u91cd\u64ad\uff0c\u4ee5\u8a66\u5716\u91cd\u65b0\u767b\u5165\u6216\u57f7\u884c\u539f\u672c\u7684\u64cd\u4f5c\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Active Attacks<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Password Guessing<\/strong>\uff1a\u5f31\u5bc6\u78bc\u653b\u64ca\uff0c\u4f7f\u7528\u7c21\u55ae\u7684\u5e38\u898b\u5f31\u5bc6\u78bc\u5982 123456\u3001admin \u5617\u8a66\u767b\u5165\u3002<\/li>\n\n\n\n<li><strong>Dictionary Attack<\/strong>\uff1a\u4f7f\u7528\u9810\u5148\u6e96\u5099\u7684\u5b57\u5178\u6a94\uff08\u5e38\u898b\u5bc6\u78bc\u7d44\u5408\uff09\u4f86\u5617\u8a66\u767b\u5165\u3002<\/li>\n\n\n\n<li><strong>Brute-force Attack<\/strong>\uff1a\u5617\u8a66\u6240\u6709\u53ef\u80fd\u7684\u5b57\u5143\u7d44\u5408\uff0c\u76f4\u5230\u7834\u89e3\u51fa\u6b63\u78ba\u5bc6\u78bc\u3002<\/li>\n\n\n\n<li><strong>Hybrid Attack<\/strong>\uff1a\u5148\u7528\u5b57\u5178\u653b\u64ca\uff0c\u518d\u91dd\u5c0d\u6bcf\u500b\u5b57\u5178\u88e1\u7684\u8a5e\u5f59\u52a0\u5404\u7a2e\u6578\u5b57\u6216\u5b57\u6bcd\u9032\u884c\u66b4\u529b\u7834\u89e3 <\/li>\n\n\n\n<li><strong>Rule-based Attack<\/strong>\uff1a\u6839\u64da\u5bc6\u78bc\u5efa\u7acb\u7684\u7279\u5b9a\u898f\u5247\uff08\u5982\u5927\u5beb\u5728\u958b\u982d\u3001\u7d50\u5c3e\u52a0\u6578\u5b57\uff09\u4f86\u751f\u6210\u653b\u64ca\u5b57\u4e32\u3002\u53ef\u5c07\u5c11\u91cf\u5bc6\u78bc\u5b57\u5178\u6a94\u8b8a\u6210\u5927\u91cf\u7684\u5bc6\u78bc\u5b57\u5178\u6a94<\/li>\n\n\n\n<li><strong>Pre-computed Hashes<\/strong>\uff1a\u5c07\u5e38\u898b\u5bc6\u78bc\u9810\u5148\u8a08\u7b97\u6210 hash \u503c\uff0c\u518d\u7528\u9019\u4e9b\u503c\u53bb\u6bd4\u5c0d\u8cc7\u6599\u5eab\u6216\u9a57\u8b49\u7cfb\u7d71\u3002<\/li>\n\n\n\n<li><strong>Rainbow Attack<\/strong>\uff1a\u512a\u5316\u7684Pre-computed Hashes\uff0c\u4f7f\u7528\u4e8b\u5148\u8a08\u7b97\u597d\u7684 Hash \u5c0d\u7167\u8868\uff08Rainbow Table\uff09\u4f86\u6bd4\u5c0d\u76ee\u6a19\u7684 Hash \u503c\u3002Rainbow Table\u662f\u5c07\u6240\u6709\u5e38\u898b\u5bc6\u78bc\u8207\u5176\u5c0d\u61c9\u7684 Hash \u503c\u9810\u5148\u8a08\u7b97\u4e26\u5132\u5b58\uff0c\u53ef\u5927\u5e45\u6e1b\u5c11\u7834\u89e3 Hash \u7684\u6642\u9593\uff0c\u4f46\u9700\u8017\u8cbb\u5927\u91cf\u5132\u5b58\u7a7a\u9593\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Other Attacks<\/h3>\n\n\n\n<p>\u9019\u4e9b\u5c6c\u65bc\u975e\u50b3\u7d71\u7834\u89e3\u65b9\u6cd5\uff0c\u53ef\u80fd\u5305\u542b\u793e\u4ea4\u64cd\u4f5c\u6216\u7269\u7406\u8a2d\u5099\u76e3\u63a7\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Shoulder Surfing<\/strong>\uff1a\u4e5f\u7a31\u80a9\u8180\u885d\u6d6a\uff0c\u5728\u5225\u4eba\u8f38\u5165\u5bc6\u78bc\u6642\u5f9e\u65c1\u5077\u770b\u3002<\/li>\n\n\n\n<li><strong>Keyboard Sniffing<\/strong>\uff1a\u4f7f\u7528\u8edf\u9ad4\u6216\u786c\u9ad4\u8a18\u9304\u53d7\u5bb3\u8005\u7684\u9375\u76e4\u8f38\u5165\u884c\u70ba\u3002<\/li>\n\n\n\n<li><strong>Social Engineering<\/strong>\uff1a\u900f\u904e\u6b3a\u9a19\u3001\u8a98\u5c0e\u6216\u5192\u5145\u7b49\u624b\u6cd5\uff0c\u8b93\u4f7f\u7528\u8005\u4e3b\u52d5\u4ea4\u51fa\u5bc6\u78bc\u3002<\/li>\n\n\n\n<li><strong>Syllable Attack<\/strong>\uff1a\u4e5f\u7a31\u97f3\u7bc0\u653b\u64ca\u5c07\u55ae\u8a5e\u5206\u89e3\u70ba\u5e38\u898b\u97f3\u7bc0\u7d44\u5408\uff0c\u589e\u52a0\u731c\u4e2d\u5bc6\u78bc\u7684\u6a5f\u7387\u3002<\/li>\n\n\n\n<li><strong>Distributed Network Attack<\/strong>\uff1a\u5229\u7528\u591a\u53f0\u6a5f\u5668\u5e73\u884c\u767c\u52d5\u5bc6\u78bc\u731c\u6e2c\uff0c\u5927\u5e45\u63d0\u5347\u901f\u5ea6\u8207\u6210\u529f\u7387\u3002<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u5927\u898f\u6a21\u5bc6\u78bc\u653b\u64ca\u65b9\u5f0f<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">password spraying<\/h3>\n\n\n\n<p>\u5bc6\u78bc\u5674\u7051\u653b\u64ca\u662f\u4f7f\u7528\u55ae\u4e00\u5bc6\u78bc\u53bb\u5617\u8a66\u5927\u91cf\u4e0d\u540c\u5e33\u865f\uff0c\u4ee5\u907f\u958b\u5e33\u865f\u9396\u5b9a\u6216\u767b\u5165\u901f\u7387\u9650\u5236\u3002<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>\u985e\u578b<\/th><th>\u653b\u64ca\u65b9\u5f0f<\/th><th>\u5bb9\u6613\u89f8\u767c\u5bc6\u78bc\u5931\u6557\u591a\u6b21\u88ab\u9396\u5b9a\uff1f<\/th><th>\u9069\u7528\u5834\u666f<\/th><\/tr><\/thead><tbody><tr><td>\u50b3\u7d71\u66b4\u529b\u7834\u89e3<\/td><td>\u5c0d\u55ae\u4e00\u5e33\u865f\u5617\u8a66\u591a\u500b\u5bc6\u78bc<\/td><td>\u5bb9\u6613\u89f8\u767c\u9396\u5b9a<\/td><td>\u91dd\u5c0d\u6027\u7834\u89e3<\/td><\/tr><tr><td>Password Spraying<\/td><td>\u5c0d\u591a\u500b\u5e33\u865f\u5617\u8a66\u540c\u4e00\u5bc6\u78bc<\/td><td>\u96e3\u4ee5\u89f8\u767c\u9396\u5b9a<\/td><td>\u5927\u898f\u6a21\u6383\u63cf<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Credential stuffing<\/h3>\n\n\n\n<p>\u6191\u8b49\u586b\u5145\u653b\u64ca\uff0c\u6216\u7a31\u649e\u5eab\u653b\u64ca\uff0c\u662f\u4f7f\u7528\u5f9e\u8cc7\u6599\u5916\u6d29\u4e8b\u4ef6\u4e2d\u53d6\u5f97\u7684\u5e33\u865f\u5bc6\u78bc\u7d44\u5408\uff08credentials\uff09\uff0c\u5617\u8a66\u5728\u5176\u4ed6\u7db2\u7ad9\u6216\u7cfb\u7d71\u4e0a\u81ea\u52d5\u767b\u5165\u3002\u653b\u64ca\u6d41\u7a0b\u5982\u4e0b<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u653b\u64ca\u8005\u53d6\u5f97\u4e00\u4efd\u5927\u91cf\u5916\u6d29\u7684\u5e33\u5bc6\u6e05\u55ae\uff08\u4f8b\u5982\u4f86\u81ea LinkedIn\u3001Dropbox\u3001Yahoo \u7b49\u5916\u6d29\u4e8b\u4ef6\uff09\u3002<\/li>\n\n\n\n<li>\u4f7f\u7528\u81ea\u52d5\u5316\u5de5\u5177\u5c07\u9019\u4e9b\u5e33\u5bc6\u7d44\u5408\u5617\u8a66\u767b\u5165\u5176\u4ed6\u7db2\u7ad9\uff08\u5982\u9280\u884c\u3001\u8cfc\u7269\u3001\u904a\u6232\u3001\u90f5\u4ef6\u5e73\u53f0\uff09\u3002<\/li>\n\n\n\n<li>\u82e5\u4f7f\u7528\u8005\u5728\u4e0d\u540c\u5e73\u53f0\u4f7f\u7528\u76f8\u540c\u5e33\u5bc6\uff0c\u653b\u64ca\u8005\u5c31\u80fd\u6210\u529f\u767b\u5165\u4e26\u76dc\u7528\u5e33\u865f\u3002<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Default credentials<\/h3>\n\n\n\n<p>\u4e5f\u7a31\u9810\u8a2d\u5e33\u865f\u5bc6\u78bc\u653b\u64ca\uff0c\u8a31\u591a\u8def\u7531\u5668\u3001\u9632\u706b\u7246\u548c\u8cc7\u6599\u5eab\u7b49\u7cfb\u7d71\u90fd\u6709default credentials\u3002\u96d6\u7136\u90fd\u5efa\u8b70\u7ba1\u7406\u54e1\u5728\u8a2d\u5b9a\u904e\u7a0b\u4e2d\u505a\u66f4\u6539\uff0c\u4f46\u6709\u6642\u5b83\u5011\u6703\u88ab\u4fdd\u7559\uff0c\u56e0\u6b64\u6703\u5e36\u4f86\u56b4\u91cd\u7684\u5b89\u5168\u98a8\u96aa\u3002\u653b\u64ca\u6d41\u7a0b\u5982\u4e0b<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u5ee0\u5546\u51fa\u5ee0\u6642\u6703\u9810\u8a2d\u5e33\u865f\u5bc6\u78bc\uff0c\u4f8b\u5982\uff1a\n<ul class=\"wp-block-list\">\n<li>admin:admin<\/li>\n\n\n\n<li>root:root<\/li>\n\n\n\n<li>admin:123456<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u8a31\u591a\u4f7f\u7528\u8005\u5b89\u88dd\u5b8c\u8a2d\u5099\u6216\u7cfb\u7d71\u5f8c\u6c92\u6709\u4fee\u6539\u9810\u8a2d\u5e33\u5bc6\u3002<\/li>\n\n\n\n<li>\u653b\u64ca\u8005\u6383\u63cf\u76ee\u6a19\u8a2d\u5099\u6216\u7cfb\u7d71\uff08\u5982\u8def\u7531\u5668\u3001Web \u63a7\u5236\u53f0\u3001\u8cc7\u6599\u5eab\u7b49\uff09\u3002<\/li>\n\n\n\n<li>\u5617\u8a66\u4f7f\u7528\u516c\u958b\u5df2\u77e5\u7684\u9810\u8a2d\u5e33\u5bc6\u9032\u884c\u767b\u5165\u3002<\/li>\n<\/ol>\n\n\n\n<p>\u5e38\u898b\u5de5\u5177\uff1a<a href=\"https:\/\/github.com\/ihebski\/DefaultCreds-cheat-sheet\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/ihebski\/DefaultCreds-cheat-sheet<\/a><\/p>\n\n\n\n<p>ps:<br>\u9810\u8a2d\u5bc6\u78bc\u7db2\u7ad9<br>www.defaultpassword.com<br>www.cirt.net\/cgi-bin\/passwd.pl<br>www.virus.org\/default-password<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u5e38\u898b\u7834\u89e3\u5de5\u5177 <\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Hydra<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>THC-Hydra\uff0c\u6ef2\u900f\u6e2c\u8a66\u4e2d\u7206\u7834\u9060\u7aef\u670d\u52d9\u5e33\u5bc6<\/li>\n\n\n\n<li>\u652f\u63f4\u591a\u7a2e\u5354\u8b70\uff08\u5982 FTP\u3001SSH\u3001HTTP\u3001RDP\u3001SMTP\u3001POP3\u3001Telnet \u7b49\uff09\u7684\u5bc6\u78bc\u66b4\u529b\u7834\u89e3\u5de5\u5177\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Medusa<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u985e\u4f3c\u65bc Hydra\uff0c\u6ef2\u900f\u6e2c\u8a66\u4e2d\u7206\u7834\u9060\u7aef\u670d\u52d9\u5e33\u5bc6<\/li>\n\n\n\n<li>\u652f\u63f4\u591a\u7a2e\u5354\u8b70\uff1aFTP\u3001SSH\u3001Telnet\u3001HTTP\u3001VNC\u3001POP3\u3001SQL \u7b49\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>John the Ripper<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u7d93\u5178 Unix\/Linux \u5bc6\u78bc\u7834\u89e3\u5de5\u5177<\/li>\n\n\n\n<li>\u652f\u63f4\u591a\u7a2e hash \u683c\u5f0f\uff0c\u901f\u5ea6\u5feb\u3001\u57f7\u884c\u6548\u7387\u9ad8<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong> Hashcat<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5f37\u5927\u514d\u8cbb\u5bc6\u78bc\u7834\u89e3\u5de5\u5177<\/li>\n\n\n\n<li>\u652f\u63f4 GPU \u52a0\u901f\uff0c\u9069\u5408\u5927\u898f\u6a21 hash \u7834\u89e3<\/li>\n\n\n\n<li>\u66f4\u591a\u8cc7\u8a0a\uff1a<a href=\"https:\/\/systw.net\/note\/af\/sblog\/more.php?id=325\">https:\/\/systw.net\/note\/af\/sblog\/more.php?id=325<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Password Hacking Tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>LCP<\/strong>\uff1a\u652f\u63f4\u8b80\u53d6 SAM, .LC, .LCS, sniff file, pwdump file \u8cc7\u6599\u3002\u652f\u63f4\u653b\u64ca\u65b9\u5f0f\uff1aDictionary Attack\uff0cBrute-force Attack\uff0cHybrid Attack <\/li>\n\n\n\n<li><strong>SID&amp;User<\/strong>\uff1a\u5716\u5f62\u5316 sid2user \u5de5\u5177\uff1a\u9069\u7528\u65bc Windows NT \/ 2000 \/ XP \/ 2003<\/li>\n\n\n\n<li><strong>Ophcrack2<\/strong>\uff1a\u4f7f\u7528 Rainbow Table\uff08\u5f69\u8679\u8868\uff09\u5c0d NTLM Hash \u9032\u884c\u5feb\u901f\u6bd4\u5c0d\u7834\u89e3<\/li>\n\n\n\n<li><strong>Crack \/ Access PassView<\/strong>\uff1a\u7834\u89e3 Microsoft Access \u7684\u8cc7\u6599\u5eab\u5bc6\u78bc<\/li>\n\n\n\n<li><strong>Asterisk Logger<\/strong>\uff1a\u4e26\u975e\u7834\u89e3\u5bc6\u78bc\uff0c\u800c\u662f \u79fb\u9664\u5bc6\u78bc\u8f38\u5165\u6846\u4e2d\u7684\u661f\u865f\uff0c\u986f\u793a\u539f\u59cb\u5bc6\u78bc<\/li>\n\n\n\n<li><strong>Chaos Generator<\/strong>\uff1a\u5bc6\u78bc\u7522\u751f\u5668 + \u53ef\u8a08\u7b97\u5bc6\u78bc\u7684 hash \u503c\uff0c\u7528\u65bc\u53c3\u8003\u6216\u6e2c\u8a66<\/li>\n\n\n\n<li><strong>Asterisk Key<\/strong>\uff1a\u540c\u6a23\u7528\u65bc\u986f\u793a\u88ab * \u96b1\u85cf\u7684\u5bc6\u78bc<\/li>\n\n\n\n<li><strong>MS Access Database Password Decoder<\/strong>\uff1a\u5c08\u9580\u7834\u89e3 .mdb \u6a94\u7684\u5bc6\u78bc<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Hash Extraction \/ Cracking Tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>pwdump2<\/strong>\uff1a\u652f\u63f4\u5f9e\u672c\u6a5f Windows \u7cfb\u7d71\u7684 NT SAM \u8cc7\u6599\u5eab\u64f7\u53d6 Hash\uff0c\u53ef\u900f\u904e DLL Injection \u6280\u8853\u5be6\u4f5c<\/li>\n\n\n\n<li><strong>pwdump3<\/strong>\uff1a\u985e\u4f3c pwdump2\uff0c\u4f46\u652f\u63f4 Windows 2000 \u4e26\u53ef\u5f9e \u9060\u7aef \u64f7\u53d6<\/li>\n\n\n\n<li><strong>RainbowCrack<\/strong>\uff1a\u652f\u63f4\u81ea\u5efa\u6216\u8f09\u5165\u4ed6\u4eba\u63d0\u4f9b\u7684 Rainbow Table\uff0c\u53ef\u9032\u884c NTLM\u3001MD5 \u7b49 Hash \u7684\u6bd4\u5c0d<\/li>\n\n\n\n<li><strong>KerbCrack<\/strong>\uff1a\u7834\u89e3 Kerberos \u8a8d\u8b49\u7684\u5de5\u5177\u7d44\uff0c\u5305\u542b\uff1akerbsniff\u6514\u622a\u5c01\u5305\uff0ckerbcrack\u96e2\u7dda\u7834\u89e3 TGT\/Service Ticket<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u5bc6\u78bc\u4fdd\u8b77\u5efa\u8b70 <\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4e0d\u8981\u4f7f\u7528\u9810\u8a2d\u5bc6\u78bc\uff08default password\uff09<\/li>\n\n\n\n<li>\u4e0d\u8981\u4f7f\u7528\u53ef\u4ee5\u5728\u5b57\u5178\u4e2d\u67e5\u5230\u7684\u5bc6\u78bc\uff08dictionary password\uff09<\/li>\n\n\n\n<li>\u4e0d\u8981\u4f7f\u7528\u8207\u4e3b\u6a5f\u540d\u7a31\uff08hostname\uff09\u3001\u7db2\u57df\u540d\u7a31\uff08domain name\uff09\u6216\u53ef\u900f\u904e WHOIS \u67e5\u8a62\u5f97\u77e5\u7684\u8cc7\u8a0a\u6709\u95dc\u7684\u5bc6\u78bc<\/li>\n\n\n\n<li>\u4e0d\u8981\u4f7f\u7528\u8207\u500b\u4eba\u8208\u8da3\u3001\u5bf5\u7269\u3001\u89aa\u5c6c\u6216\u751f\u65e5\u7b49\u6709\u95dc\u7684\u5bc6\u78bc<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Countermeasures<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5bc6\u78bc\u9577\u5ea6\u5efa\u8b70\u70ba 8\uff5e12 \u500b\u5b57\u5143<\/li>\n\n\n\n<li>\u6bcf 30 \u5929\u66f4\u63db\u4e00\u6b21\u5bc6\u78bc<\/li>\n\n\n\n<li>\u5be6\u9ad4\u9694\u96e2\u8207\u4fdd\u8b77\u4f3a\u670d\u5668\uff08physically isolate and protect the server\uff09<\/li>\n\n\n\n<li>\u4f7f\u7528 Syskey \u5de5\u5177\uff08syskey utility\uff09\u5c07\u5bc6\u78bc\u96dc\u6e4a\u5132\u5b58\u5728\u78c1\u789f\u4e0a\uff08<em>\u8a3b\uff1aSyskey \u5728 Windows 10 \u4e4b\u5f8c\u5df2\u68c4\u7528<\/em>\uff09<\/li>\n\n\n\n<li>\u76e3\u63a7\u65e5\u8a8c\uff08log\uff09\uff0c\u5075\u6e2c\u662f\u5426\u6709\u66b4\u529b\u7834\u89e3\uff08brute force attack\uff09\u7684\u8de1\u8c61<\/li>\n\n\n\n<li>\u4f7f\u7528 Stanford SRP \u6216 Kerberos \u7b49\u5b89\u5168\u9a57\u8b49\u5354\u8b70<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u4e0d\u5efa\u8b70\u4f7f\u7528\u6578\u5b57\u5bc6\u78bc<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6578\u5b57\u5bc6\u78bc\u6700\u7c21\u55ae\u3001\u597d\u8a18\uff0c\u4f7f\u7528\u8005\u6700\u591a<\/li>\n\n\n\n<li>\u56e0\u6b64\u4e5f\u6700\u5bb9\u6613\u88ab\u731c\u4e2d\u6216\u66b4\u529b\u7834\u89e3<\/li>\n\n\n\n<li>\u5efa\u8b70\u4f7f\u7528\u5927\u5c0f\u5beb\u5b57\u6bcd\u3001\u7b26\u865f\u8207\u6578\u5b57\u6df7\u5408\u7684\u5bc6\u78bc<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u5bc6\u78bc\u98a8\u96aa\u7de9\u89e3\u65b9\u5f0f <\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Biometrics<\/strong>\uff1a\u4f7f\u7528\u751f\u7269\u8fa8\u8b58\u6280\u8853\uff08\u5982\u6307\u7d0b\u3001\u81c9\u90e8\u8fa8\u8b58\uff09<\/li>\n\n\n\n<li><strong>Smart Card<\/strong>\uff1a\u4f7f\u7528\u667a\u6167\u5361\u9032\u884c\u8eab\u4efd\u9a57\u8b49<\/li>\n\n\n\n<li><strong>Two-Factor Authentication (2FA)<\/strong>\uff1a\u555f\u7528\u96d9\u56e0\u7d20\u9a57\u8b49\u6a5f\u5236\uff0c\u63d0\u5347\u5b89\u5168\u6027<\/li>\n\n\n\n<li><strong>Password Manager<\/strong>\uff1a\u4f7f\u7528\u5bc6\u78bc\u7ba1\u7406\u5668\u4f86\u81ea\u52d5\u7522\u751f\u8207\u5132\u5b58\u9ad8\u5f37\u5ea6\u5bc6\u78bc<\/li>\n\n\n\n<li><strong>Account Lockout Policy<\/strong>\uff1a\u8a2d\u5b9a\u9023\u7e8c\u8f38\u5165\u932f\u8aa4\u6578\u6b21\u5f8c\u9396\u5b9a\u5e33\u6236\uff0c\u4ee5\u963b\u6b62\u66b4\u529b\u7834\u89e3<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u5176\u4ed6\u88dc\u5145\u5efa\u8b70<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u907f\u514d\u91cd\u8907\u4f7f\u7528\u5bc6\u78bc<\/strong>\uff0c\u7279\u5225\u662f\u5728\u4e0d\u540c\u7db2\u7ad9\u6216\u7cfb\u7d71\u4e2d<\/li>\n\n\n\n<li><strong>\u5b9a\u671f\u9032\u884c\u5bc6\u78bc\u5b89\u5168\u6559\u80b2<\/strong>\uff0c\u63d0\u9ad8\u4f7f\u7528\u8005\u5b89\u5168\u610f\u8b58<\/li>\n\n\n\n<li><strong>\u5bc6\u78bc\u96dc\u6e4a\u6f14\u7b97\u6cd5\u5efa\u8b70\u4f7f\u7528 bcrypt\u3001PBKDF2 \u6216 Argon2<\/strong><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5176\u4ed6\u88dc\u5145\uff1a<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">\u65e9\u671fwindows\u5bc6\u78bc\u7834\u89e3\u7b56\u7565<\/h4>\n\n\n\n<p><strong>windows<\/strong> <strong>administrator password guessing<\/strong><br>1assuming that netbios tcp139 is open<br>2attempting to connect to an enumerated share and trying user name\/password<br>3default admin$,c$,%systemdrive% shares are good starting points<\/p>\n\n\n\n<p>manual password cracking algorithm<br>automatic password cracking algorithm<\/p>\n\n\n\n<p><strong>bruteforce password\u5beb\u6cd5<\/strong><br>for %%i in net use c$ %i \/u:<br>ex:\u7834\u89e3192.168.1.1\u7684administrator\u7684\u5bc6\u78bc<br>for %%i in net use 192.168.1.1c$ %i \/u:administrator<\/p>\n\n\n\n<p><strong>tool<\/strong><br>nat(netbios auditing tool)<br>smbbf(smb passive brute force tool):\u9700\u5728win2000\u4e0b<br>smbcrack tool<br>l0phtcrack:\u4e5f\u7a31\u70balc4\u6216lc5,\u5f37\u9805\u5728brute-force<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>lm,ntlm v1,ntlm v2<\/strong><\/p>\n\n\n\n<p><strong>lm\u5f31\u9ede<\/strong><br>a password of less than 8 characters\u7684hash\u6703\u5982\u4e0b<br>&lt;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&gt;AAD3B435B51404EE<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>windows\u5bc6\u78bc\u4fdd\u8b77\u7684\u90e8\u4efd\uff0c\u56e0sam database\u5bb9\u6613\u88ab\u53d6\u51fa,\u5efa\u8b70disable lm hash<br>method a:<br><strong>by using group policy<\/strong><br>1 in group policy:computer configuration &gt; windows settings &gt; security settings &gt; local policies &gt; security options<br>2 network security:do not store lan manager hash value on next password change &gt; ok<br>method b:<br><strong>by editing the registry<\/strong><br>1 HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa<br>2 add key,type NoLMHash<br>method c:<br><strong>use a password that is at least 15 characters long<\/strong><br>ps<br>sam file is located at %systemroot%\\system32\\config<\/p>\n\n\n\n<p>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;.. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u6587\u4ef6\u7834\u89e3<\/h4>\n\n\n\n<p>\u7834\u89e3pdf\u5de5\u5177\u8207\u7834\u89e3word,excel&#8230;\u7b49\u4e4b\u985e\u7684\u5de5\u5177\u4e0d\u592a\u4e00\u6a23<br>word,excel\u7834\u89e3\u662f\u5c07\u5bc6\u78bc\u89e3\u958b<br>pdf\u7834\u89e3\u662f\u5c07\u5bc6\u78bc\u79fb\u6389<br>pdf tool\u6709abcom pdf password cracker<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;.. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>sniffer password<\/strong><\/h4>\n\n\n\n<p>\u9700\u8a2d\u5b9a\u7db2\u5361\u70bapromicous mode\u624d\u53efsniffer<\/p>\n\n\n\n<p>sniff smb credentials<br>ex:<br>windump -nes 0 -w C:cehfile tcp[28]=0x72 or tcp[28]=0x73 or tcp[40]=0x72 or tcp[40]=0x73<\/p>\n\n\n\n<p><strong>sniffer password tool<\/strong><br>l0phtcrack<br>scooplm<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5bc6\u78bc\u653b\u64ca\u985e\u578b 1. \u7dda\u4e0a\u653b\u64ca\uff08Online Attacks\uff09 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-401","post","type-post","status-publish","format-standard","hentry","category-concept"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=401"}],"version-history":[{"count":5,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/401\/revisions"}],"predecessor-version":[{"id":2742,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/401\/revisions\/2742"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}