破解Linux用户名密码(使用john暴力破解)

|

破解Linux用户名密码(使用john暴力破解)

发现最近随便转载的很多啊,未经授权禁止转载!抄袭!!否则转载者死全家!!另外这是我的笔记,不是教程,难免会有错误,不具有很高的参考性,望周知。

买了一块华清远见的FS-MP1A(MP157)开发板,结果刷ubuntu系统的时候,发现登录不了,找了好久都没有找到登录密码,于是开始bing…就找到了使用john工具暴力破解密码的方法,下面是操作过程:

  1. 先下载john工具,下载地址:John the Ripper password cracker (openwall.com)我下载的是Windows版。

  2. 提取出需要破解系统的**/etc/passwd/etc/shadow**文件。

  3. 执行命令,用于合并passwd和shadow中的内容:

    1
    .\unshadow.exe C:\Users\Lenovo\Desktop\passwd C:\Users\Lenovo\Desktop\shadow > test.txt

  4. 执行命令,开始破解:

    1
    .\john.exe test.txt

    这里会报错:

    1
    Error: UTF-16 BOM seen in input file.

    使用记事本将编码转换为ANSI格式,再次执行破解命令,得到输出:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-opencl"
    Use the "--format=sha512crypt-opencl" option to force loading these as that type instead
    Using default input encoding: UTF-8
    Loaded 2 password hashes with 2 different salts (sha512crypt, crypt(3) $6$ [SHA512 128/128 SSE2 2x])
    Cost 1 (iteration count) is 5000 for all loaded hashes
    Will run 4 OpenMP threads
    Proceeding with single, rules:Single
    Press 'q' or Ctrl-C to abort, almost any other key for status
    Warning: Only 2 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 4 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 6 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 2 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 4 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 5 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 3 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 5 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 3 candidates buffered for the current salt, minimum 8 needed for performance.
    Warning: Only 7 candidates buffered for the current salt, minimum 8 needed for performance.
    Further messages of this type will be suppressed.
    To see less of these warnings, enable 'RelaxKPCWarningCheck' in john.conf
    Almost done: Processing the remaining buffered candidate passwords, if any.
    Proceeding with wordlist:/run/password.lst, rules:Wordlist
    1                (linux)
    1                (root)
    2g 0:00:00:04 DONE 2/3 (2022-04-22 15:21) 0.4839g/s 1023p/s 1645c/s 1645C/s chacha..ford
    Use the "--show" option to display all of the cracked passwords reliably
    Session completed

  5. 查看破解结果,使用记事本打开john.pot文件:

    1
    2
    $6$J9pIEJ7t$d7Lnt154swKT.deamo.KWpu66wLfEHd/YAhW5bqcZqDXH3zlAPs3I3nJdOnq0o3zL7AL/v6GfzGQmAuzVnDHx1:1
    $6$b1xnKYmz$G4fIZsc5PWvPcZ0yKcVx7GkJodRYE5OMOm3nGdHOCu9W6NYlD9D4D7wMhPusErUeL8nFLuMTq25znw2OXIoy31:1

    冒号后面的就是明文密码,可以看到密码为“1”。

    真是服了,忙活半天原来密码这么简单。

坚持原创技术分享,您的支持是我前进的动力!