Home > Developer > Linux

Weak password detection for Linux

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In an Internet environment, an overly simple password can put the server at an important risk. As a manager, we should identify those user accounts with weak passwords to facilitate the next step of security.
We can install John the Ripper software to detect the user's password strength. Let's look at how to install the weak password scanning tool and test it.
First , the steps before the experiment
Mount the Windows shared folder and install the John the Ripper under the shared folder.
The steps of the mounted end are as follows:

  2. Right-click on shared file with weak scan installation package John the Ripper
  3. Select Properties, Share, Share (S), drop-down box, select Everyone, click Add, Tap Share (H) to complete the share

    3. Because the user on the Mount side is accessed as a mounted guest, it is disabled by default on the Guest account on the mount, so the guest on the mounted side needs to be unblocked
    Right click on "My Computer", select Management, select Local Users and Groups, select Users, right-click "Guest", select "Properties", the "account is disabled" before the tick off, click "OK" to complete the release of the Guest

    4. Modify the Local policy
    Enter Secpol.msc in the search box to open the local security policy.

    Select Local Policies--User rights assignment--Deny access to this computer from the network--Remove the guest user

    Select security Options--shared security model for local accounts--select Guest only

    The above step is to be mounted on the operation, the following for the Mount Linux system operation, the steps are as follows:
    Second, mount the installation weak password Scanning Tool
    1. Scan shared files using smbclient-l//server IP address/command

    2. Create a mount point

    3. Mount using the command mount.cifs//192.168.100.88/LAMP/ABC

    4. Enter the/ABC directory to view, you can see the shared file has been mounted up, where john-1.8 this package is to be installed in the weak password detection Tool

    5. Extract the John Toolkit into the/opt directory, command tar zxvf john-1.8.0.tar.gz-c/opt/

    6. Enter the/OPT/JOHN-1.8.0/SRC directory to install the software compilation environment


    7. Install the weak password scanning tool after the installation of the compilation environment

    8. At this point into the/opt/run directory, you will see a John executable program, this executable is used for weak password scanning.

    Here our weak password detection tool is installed, followed by the testing process.
    third, the experimental test
    1. Create a user Kiwi with a password of 123321

    2. Using Cp/etc/shadow/root/password.txt to copy the user's password information to the/root/password.tx file, and John's weak password detection, you can see that the weak password and the corresponding user name is output.

    In this case, our weak password detection experiment even succeeded!

Weak password detection for Linux

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux reset password for user linux memory leak detection autoencoder for anomaly detection command for password change in linux command for changing password in linux how to change password for user in linux how to set password for user in linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More