Iinkqubo ezili-10 zeBrute Force zokuqhekeza amagama ayimfihlo

Amagama okugqithisa yeyona ndlela isetyenziswa kakhulu ekuqinisekiseni umsebenzisi. Ezi zithandwa ngenxa yokuba ingqiqo emva kwazo iyavakala ebantwini kwaye kulula ukuba abaphuhlisi baphumeze.

Nangona kunjalo, amagama ayimfihlo angazisa ubuthathaka. Enyanisweni, zikho iinkqubo brute amandla ukuqhekeza amagama agqithisiweyo.

Ii-password crackers ziyilelwe ukuba zithathe iinkcukacha ezibiweyo ngokophulwa kwedatha okanye enye i-hack kunye nokukhupha amagama ayimfihlo kuyo.

Apha ngezantsi siza kukubonisa eyona software isetyenziswayo ukufumana amagama ayimfihlo angaziwayo kuye nawuphi na umsebenzisi.

Mhlawumbi unomdla: 3 Iindlela Hack iPhone GPS

Iinkqubo zeBrute force

Uninzi lwe izixhobo zokuqhekeza okanye ukufumana amagama ayimfihlo Bavumela i-hacker ukuba iqhube naluphi na uhlobo olukhoyo lokuhlaselwa. Esi sithuba sichaza ezinye zezona zisetyenziswa kakhulu:

1. IHashcat

IHashcat yenye ye crackers password eyona idumileyo kwaye isetyenziswa ekhoyo. Ifumaneka kuzo zonke iinkqubo zokusebenza kwaye ixhasa ngaphezu kwe-300 iintlobo ezahlukeneyo zeehashi. I-Hashcat yenza i-password ehambelana kakhulu ikwazi ukukrazula amagama ayimfihlo amaninzi ahlukeneyo kwizixhobo ezahlukeneyo ngaxeshanye.

Ngaphandle koku, inamandla okuxhasa inkqubo yokuqhekeka kwe-hash esasazwayo usebenzisa ukugqithiswa. Ukuqhekeka kulungiselelwe ngokulungiswa kokusebenza okudibeneyo kunye nokubeka iliso lobushushu.

Khuphela ngoku.

2. John the Ripper

UJohn the Ripper sisixhobo esaziwayo sasimahla ukuqhekeza amagama ayimfihlo umthombo ovulekileyo we Linux, Unix y IMac OS X. Uguqulelo lukwakhona Windows. John the Ripper inika lokukrazula igama lokugqitha kwiindidi ezahlukeneyo passwords.

Ihamba ngaphaya kwamagama agqithisiweyo enkqubo yokusebenza ukubandakanya izicelo zewebhu eziqhelekileyo (ezifana neWordPress), iifayile ezicinezelekileyo, iifayile zoxwebhu (. Microsoft Office, PDF, phakathi kwabanye.) kunye nokunye.

Uguqulelo lwepro yesixhobo lukwakhona, olubonelela ngeempawu ezingcono kunye neepakethe zendalo kwiinkqubo zokusebenza ekujoliswe kuzo. Unako kwakhona ukukhuphela i-Openwall GNU/*/Linux eza noYohane uMkhumbuzi.

Khuphela ngoku.

3. Brutus

I-Brutus yenye yezona nkqubo zidumileyo ze-brute force. Ibanga ukuba sesona sixhobo sikhawulezayo nesiguquguqukayo sokukrazula igama lokugqitha. Esi sixhobo sisimahla kwaye sifumaneka kuphela kwiinkqubo zeWindows. Yakhutshwa ngo-Oktobha ka-2000. I-Brutus ixhasa iintlobo ezininzi ezahlukeneyo zobungqinaezibandakanya:

• HTTP (uqinisekiso olusisiseko)
• I-HTTP (ifom yeHTML/CGI)
• POP3
• FTP
• SMB
• Telnet
• IMAP
• I-NNTP
• Iiprothokholi eziqhelekileyo

Ikwayakwazi nokuxhasa iiprothokholi zoqinisekiso lwamanqanaba amaninzi kwaye inokuhlasela ukuya kutsho kumashumi amathandathu ekujoliswe kuko okwahlukileyo ngokunxuseneyo. Ikwabonelela ngokukwazi ukunqumama, uqalise kwakhona kwaye ungenise uhlaselo.

I-Brutus ayizange ihlaziywe iminyaka emininzi. Nangona kunjalo, inkxaso yayo yeendidi ngeendidi zeeprothokholi zokuqinisekisa kunye nokukwazi ukongeza iimodyuli zesiko kuyenza ibe yenye yezona nkqubo zibalaseleyo zokuqhekezwa kwegama lokugqitha.

Khuphela ngoku.

4. Wfuzz

Wfuzz a isicelo sewebhu isixhobo sokuqhekeka igama lokugqitha njengoBrutus ezama ukutolika amagama agqithisiweyo esebenzisa amandla akhohlakeleyo okuqikelela uhlaselo. Ingasetyenziselwa ukukhangela oovimba abafihliweyo abanje ngezalathisi, ii-servlets, kunye nezikripthi. I-Wfuzz iphinda ichonge ubuthathaka besitofu ngaphakathi kwesicelo, esifana nenaliti ye-SQL, inaliti ye-XSS, kunye nenaliti ye-LDAP. Iimpawu eziphambili zeWfuzz Password Cracking Tool ziquka:

• Isitofu samanqaku amaninzi kwizalathisi ezininzi.
• Imveliso kwi-HTML enemibala.
• I-Brute force yokupapasha idatha, iiheader kunye nokuqinisekiswa.
• Ummeli kunye nenkxaso ye-SOCK, inkxaso ye-proxy ezininzi.
• Imisonto emininzi.
• I-Brute force password ye-HTTP nge-GET okanye izicelo ze-POST.
• Ukulibaziseka kwexesha phakathi kwezicelo.
• Ikuki iyafafaza.

Khuphela ngoku.

5. I-THC Hydra

I-THC Hydra sisixhobo sokukrazula igama eliyimfihlo kwi-intanethi esizama ukumisela iziqinisekiso zomsebenzisi ngohlaselo olungenabugwenxa lokuqikelela igama lokugqitha. Iyafumaneka kwiWindows, Linux, BSD yasimahla, iSolaris kunye ne-OS X.

I-THC Hydra iyandiswa ngokukwazi ukufaka ngokulula iimodyuli ezintsha. Ikwaxhasa iiprothokholi ezahlukeneyo zenethiwekhi ezibandakanya iAsterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP -PROXY, I-HTTPS-FORM-GET, i-HTTPS-FORM-POST, phakathi kwabanye. Ukuba ungumphuhlisi, unokuba negalelo kuphuhliso lwesixhobo.

Khuphela ngoku.

6. IMedusa

I-Medusa sisixhobo sokukrazula igama eliyimfihlo kwi-intanethi esifana ne-THC Hydra. Ibanga ukuba iyakhawuleza, imodyuli, ukungena ngokuhambelanayo isixhobo samandla esinamandla. Ixhasa iHTTP, FTP, CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd kunye neTelnet.

Esi sisixhobo somgca imiyalelo, ngoko ke umgangatho othile wolwazi lomgca womyalelo uyafuneka ukuze uyisebenzise. Isantya sokuqhekeka igama lokugqithisa sixhomekeke kuqhagamshelwano lwenethiwekhi. Kwinkqubo yendawo, unokuvavanya amagama ayimfihlo angama-2000 ngomzuzu.

I-Medusa ikwaxhasa uhlaselo oluhambelanayo. Ukongeza kuluhlu lwamagama egama lokugqitha oza kuwavavanya, kuyenzeka kwakhona ukuchaza uluhlu lwamagama abasebenzisi okanye iidilesi ze-imeyile oza kuzama ngazo ngexesha lohlaselo.

Khuphela ngoku.

7. RainbowCrack

Yonke i-password cracking ixhomekeke kurhwebo lwenkumbulo yexesha. Ukuba umhlaseli wenze itafile yegama eligqithisiweyo/izibini zehash kwaye zigcinwe njenge "itafile yomnyama," ngoko inkqubo yokuqhekeka kwegama lokugqitha yenziwa lula kwitafile yokujonga.

Esi soyikiso seso sizathu sokuba amagama agqithisiweyo acinywe ngoku: ukongeza ixabiso elahlukileyo elingaqhelekanga kwigama lokugqitha ngalinye phambi kokuba i-hashing ithetha ukuba inani leetafile zomnyama ezifunekayo likhulu kakhulu.

I-RainbowCrack yenye yezona nkqubo zisetyenziswa kakhulu kwi-brute force password cracking, kwaye yenzelwe ukusebenza ngeetafile zomnyama. Kuyenzeka ukuvelisa iitafile zomnyama okanye uthathe ithuba lezo esele zikho ezikhutshelweyo kwi-Intanethi. I-RainbowCrack inikeza i-ascargas simahla kwezi theyibhile kwiinkqubo ze-LANMAN, NTLM, MD5 kunye ne-SHA1 password.

Kukwakho neetafile zomnyama ohlawulelweyo, onokuthi uzithenge. Esi sixhobo siyafumaneka kwiinkqubo zeWindows kunye neLinux.

Khuphela ngoku.

8. OphCrack

I-OphCrack sisixhobo sasimahla sokuqhekeka kwetafile ye-rainbow esekwe kwiWindows. Sesona sixhobo sithandwa kakhulu se-Windows password cracking, kodwa sinokusetyenziswa kwiinkqubo ze-Linux kunye ne-Mac Iqhekeza i-LM kunye ne-NTLM hashes. Ukuqhekeka Windows XP, Vista kunye Windows 7, iitafile free rainbow ziyafumaneka.

Isiqulatho esiphilayo se-OphCrack sikwakhona ukwenza lula ukuqhekeka. Umxholo ungasetyenziselwa ukuqhekeza amagama ayimfihlo asekwe kwiWindows. Esi sixhobo sifumaneka simahla.

Khuphela ngoku.

9. L0phtCrack

I-L0phtCrack yenye indlela ye-OphCrack, oko kukuthi, ikwayinxalenye yeenkqubo zokunyanzeliswa kwenkohlakalo ukukrazula amagama ayimfihlo. Zama ukufumana amagama ayimfihlo eWindows ukusuka kwihashi. Ukuyicoca, isebenzisa izitishi zokusebenzela zeWindows, iiseva zenethiwekhi, abalawuli besizinda sokuqala, kunye ne-Active Directory.

Ikwasebenzisa isichazi-magama kunye nohlaselo lwamandla akhohlakeleyo ukwenza kunye nokuqikelela amagama ayimfihlo. Yafunyanwa yi-Symantec kwaye yayekwa ngo-2006. Yaphinda yafunyanwa ngabaphuhlisi be-L0pht kwaye yakhupha i-L0phtCrack ngo-2009.

I-L0phtCrack iza nokukwazi ukujonga iskena sokhuseleko lwe-password yesiqhelo. Uphicotho lwemihla ngemihla, lweveki okanye lwenyanga lunokusetwa, kwaye luya kuqalisa ukuskena ngexesha elimiselweyo.

Khuphela ngoku.

10. Aircrack-ng

Aircrack-ng sisixhobo ukuveza amagama agqithisiweyo eWi-Fi enokuqhekeka i-WEP okanye i-WPA/WPA2 PSK passwords. Ihlalutya iipakethi ezifihliweyo ezingenazingcingo kwaye emva koko izame ukufihla abalinganiswa ngohlaselo lwesichazi-magama kunye ne-PTW, i-FMS kunye nezinye ii-algorithms zokuqhawula. Iyafumaneka kwiinkqubo zeLinux kunye neWindows. Umxholo obonakalayo uyafumaneka.

Khuphela ngoku.

Yintoni i-password cracking?

Inkqubo yoqinisekiso eyilwe kakuhle esekwe kwigama lokugqitha ayigcini igama lokugqithisa lomsebenzisi. Oku kuya kwenza kube lula kakhulu ukuba i-hacker okanye umntu ongaphakathi okhohlakeleyo afumane ukufikelela kuzo zonke ii-akhawunti zomsebenzisi kwinkqubo.

Kunoko, Iindlela zokuqinisekisa zigcina igama eliyimfihlo, esisisiphumo sokuthumela igama eligqithisiweyo kunye nexabiso elingahleliwe elibizwa ityuwa ngomsebenzi we-hash. Imisebenzi ye-Hash yenzelwe ukuba ibe yindlela enye, oku kuthetha ukuba kunzima kakhulu ukufumanisa ukuba yeyiphi igalelo elivelisa imveliso enikiweyo.

Ukusukela ukuba imisebenzi ye-hash ikwanokumisela (ithetha ukuba igalelo elifanayo livelisa imveliso efanayo), uthelekisa iihashi ezimbini eziyimfihlo (egciniweyo kunye nehashi yegama eligqithisiweyo elinikezwe ngumsebenzisi) Iphantse yafana nokuthelekisa amagama ayimfihlo okwenene. Ukuqhekezwa kwegama lokugqitha kubhekisa kwinkqubo yokukhupha amagama ayimfihlo kwihash enxulumene negama lokugqitha. Oku kunokufezekiswa ngeendlela ezininzi ezahlukeneyo:

• Uhlaselo lwesichazi-magama: Uninzi lwabantu lusebenzisa amagama ayimfihlo abuthathaka kwaye aqhelekileyo. Ukuthatha uluhlu lwamagama kunye nokongeza ezinye permutations, ezifana endaweni $ for s, ivumela cracker ukufunda amagama agqithisiweyo ezininzi ngokukhawuleza kakhulu.
• Uhlaselo lweBrute Force Divination: Kukho kuphela inani eliqingqiweyo lamagama okugqithisa anokubakho obude obunikiweyo. Ngelixa ucothayo, uhlaselo lwamandla akhohlakeleyo (izama zonke iindibaniselwano ezinokubakho zegama lokugqitha) iqinisekisa ukuba umhlaseli ekugqibeleni uya kuqhekeza igama eliyimfihlo.
• Uhlaselo lweHybrid: Uhlaselo lwe-hybrid ludibanisa ezi ndlela zimbini. Iqala ngokujonga ukuba igama eligqithisiweyo lingaqhekezwa na kusetyenziswa uhlaselo lwesichazi-magama kwaye emva koko idlulele kuhlaselo lwamandla akhohlakeleyo ukuba ayiphumelelanga.

Uyenza njani igama lokugqitha ekunzima ukuliqhekeza

Kule post, sidwelise 10 iinkqubo brute force password cracking. Ezi zixhobo zizama ukusebenza ngeendlela ezahlukeneyo zokufihla i-algorithms. Uninzi lwezixhobo zokuguqulela kwikhowudi ziyafumaneka simahla. Ngoko ke, kufuneka uhlale uzama ukuba nephasiwedi eyomeleleyo ekunzima ukuyiqhekeza. Nanga amanye amacebiso onokuwazama xa usenza igama lokugqithisa:

• Okukhona igama lokugqithisa linde, kokukhona kuya kuba nzima ukuyicacisa: Ubude begama lokugqithisa ngowona mba ubalulekileyo. Ukuntsokotha kwe-brute force yokuqikelela uhlaselo lokugqitha lukhula ngokobude begama lokugqithisa. Inombolo eyimfihlo eneempawu ezisixhenxe inokuqhekeka ngemizuzu, ngelixa igama eliyimfihlo elinabalinganiswa abalishumi lithatha amakhulu eminyaka.
• Soloko usebenzisa indibaniselwano yamagama, amanani kunye nabalinganiswa abakhethekileyo: Ukusebenzisa iintlobo ngeentlobo zabalinganiswa kwenza kwakhona brute-force igama lokugqitha nzima nzima, njengoko oko kuthetha crackers kufuneka bazame ezahlukeneyo ezibanzi iinketho unobumba ngalinye password. Dibanisa amanani kunye nabalinganiswa abakhethekileyo kwaye hayi nje ekupheleni kwegama lokugqitha okanye njengonobumba endaweni (efana no @ for a).
• Ungasebenzisi amagama ayimfihlo kuzo zonke iiakhawunti zakho: Amagama okugqithisa abiweyo kwiakhawunti enye ye-intanethi nawo asetyenziswa kwezinye ii-akhawunti. Ukophulwa kwedatha kwishishini elincinci kunokuphazamisa i-akhawunti yebhanki ukuba iziqinisekiso ezifanayo ziyasetyenziswa. Sebenzisa igama elide, elingenamkhethe, elahlukileyo kuzo zonke ii-akhawunti ze-intanethi.

Yintoni omawuyiphephe xa ukhetha igama eliyimfihlo

Cybercriminals kunye nabaphuhlisi be-brute force password cracking iinkqubo bayazi yonke into amaqhinga "smart" iipassword ezisetyenziswa ngabantu ukwenza iipassword zabo. Ezinye iimpazamo eziqhelekileyo zephasiwedi onokuziphepha ziquka:

• Ukusebenzisa igama lesichazi-magama: Uhlaselo lwesichazi-magama luyilelwe ukuzama igama ngalinye kwisichazi-magama (kunye neemvume eziqhelekileyo) ngemizuzwana.
• Ukusetyenziswa kolwazi lomntu: igama lesilwanyana sasekhaya, igama lelungu lentsapho, indawo yokuzalwa, umdlalo owuthandayo, phakathi kwezinye, ngamagama asuka kwisichazi-magama. Nokuba bezingekho, kukho izixhobo zokufumana olu lwazi kwiintanethi zentlalo kwaye wenze uluhlu lwamagama avela kulo okuhlasela.
• Ukusebenzisa iipateni: Amagama okugqithisa afana ne-1111111, 12345678, ngamanye awona magama asetyenziswayo akhoyo. Zikwaqukiwe kuluhlu lwamagama egama eligqithisiweyo ngalinye.
• Ukusebenzisa amagama atshintshiweyo: Ukutshintshwa koonobumba abafana no-4 ku-A kunye ne-$ ku-S baziwa kakuhle. Uhlaselo lwesichazi-magama luvavanya olu tshintsho ngokuzenzekelayo.
• Sebenzisa amanani kunye nabalinganiswa abakhethekileyo kuphela ekupheleni: Uninzi lwabantu lubeka amanani abo afunekayo kunye nabalinganiswa abakhethekileyo ekupheleni kwegama lokugqitha. Ezi patheni zakhelwe kwii-password crackers.
• Ukusebenzisa amagama ayimfihlo aqhelekileyo: Rhoqo ngonyaka, iinkampani ezinjengeSplashdata zipapasha uluhlu lwamagama asetyenziswa kakhulu. Benza olu luhlu ngokukrazula amagama ayimfihlo aphulweyo, njengoko umhlaseli ebeya kwenza. Ungaze usebenzise amagama ayimfihlo kolu luhlu okanye nantoni na efanayo.
• Sebenzisa naliphi na igama lokugqitha elingenamkhethe: Amagama okugqithisa kufuneka abe made, angaqhelekanga, kwaye awodwa. Sebenzisa umphathi wephasiwedi ukwenza kwaye ugcine ngokukhuselekileyo amagama ayimfihlo kwiiakhawunti ze-intanethi.

Mhlawumbi ufuna ukwazi: Ungayivula njani iFayile yeRAR Ngaphandle kokwazi igama eligqithisiweyo kwaye ngaphandle kweeNkqubo

Iingcinga zokugqibela

Izixhobo zokuqhawula igama lokugqitha ziyilelwe ukuthatha i-password hashes evuzayo ngexesha lokwaphulwa kwedatha okanye ibiwe ngohlaselo kwaye ikhuphe amagama ayimfihlo kubo. Bafezekisa oku ngokusebenzisa i-password ebuthathaka okanye ngokuzama onke amagama ayimfihlo anobude obunikiweyo.

Izifumani zamagama okugqithisa zingasetyenziselwa iinjongo ezahlukeneyo, hayi zonke ezimbi. Ngelixa ziqhele ukusetyenziswa ngabaphuli-mthetho be-cybercriminals, amaqela okhuseleko angaphinda asebenzise ukuphicotha amandla e-passwords zabasebenzisi babo kunye nokuvavanya umngcipheko weephasiwedi ezibuthathaka kumbutho.