==
1. First, get the username and encrypted password ciphertext of all current users through getpwent(), in $u and $c;
2. Use crypt to encrypt the user name. The salt value is the first two digits of the password ciphertext, and the remaining digits are automatically ignored;
3. If the encryption result is equivalent to the ciphertext, it means that the plaintext and ciphertext match and the cracking is successful.
##
# perl -nle 'setpwent;(""eq$c&&print"$u = [null]")||(crypt($_,$c)eq$c&&print"$u = $_")while($u,$c)=getpwent'
# Enhance the command line version, crack the empty password and stdin password users
##
Here is a deformed interactive Crack, the user manually enters the test password, and the program will automatically find the matching of this password.
user.
##
# perl -e '(""eq$c&&print"$u = [null]")||(crypt($u,$c)eq$c&&print"$u = $u\n")while($u,$c)=getpwent'
# Cracking users without password or username = password
#
# perl -e 'while(($u,$c)=getpwent){for(a..zzzzzz,0..999999){crypt($_,$c)eq$c&&print"$u $_\n";}}'
# Users who crack simple passwords within 6 digits and 6 digits
##
Finally, look at the results:
##
# perl -e '(""eq$c&&print"$u = [null]")||(crypt($u,$c)eq$c&&print"$u = $u\n")while($u,$c)=getpwent'
demo02 = demo02
demo03 = [null]
#perl -nle 'setpwent;(""eq$c&&print"$u = [null]")||(crypt($_,$c)eq$c&&print"$u = $_")while($u,$c)=getpwent'
p09uest
elly = p09uest
demo03 = [null]
# time perl -e 'while(($u,$c)=getpwent){for(a..zzzz,0..9999){crypt($_,$c)eq$c&&print"$u $_\n";}}'
demo01 abc
real 0m48.714s
user 0m48.660s
sys 0m0.060s
##
The first line is the simple version, which solves two simple user passwords;
The second line makes the interactive version decrypted according to user input;
The third line, exhaustive version... The time will be a little longer. The DES encryption cracking rate is about tens of thousands to hundreds of thousands per second, and the MD5 cracking rate is
There are only a few thousand. Therefore, the speed on platforms using MD5 such as BSD and Linux will be much slower than those of AIX or HP-UX for trade secret export restrictions.
There is also a little flaw, which is the dictionary set obtained using a..zzzz, 0..9999, which is just a pure number or pure letter set of corresponding digits, not including
Mixed types and special characters.
However, this line of program should be sufficient for simple user password strength verification. The biggest advantage is that it is not allowed to be compiled, and the second is that it supports cross-platform and
Various encryption algorithms:P
Tested on AIX (DES 56), Linux (DES 40), Linux (MD5 128), FreeBSD (MD5 128), but unfortunately on HP-UX
The passwd value of the getpwent on perl cannot be obtained. Perhaps Perl does not support the Shadow password stored in TCB format on HP-UX.