CN114218561A - Weak password detection method, terminal equipment and storage medium - Google Patents
Weak password detection method, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN114218561A CN114218561A CN202111564872.7A CN202111564872A CN114218561A CN 114218561 A CN114218561 A CN 114218561A CN 202111564872 A CN202111564872 A CN 202111564872A CN 114218561 A CN114218561 A CN 114218561A
- Authority
- CN
- China
- Prior art keywords
- password
- weak password
- service
- weak
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a weak password detection method, a terminal device and a storage medium, wherein the method comprises the following steps: s1: reading a configuration file corresponding to the service to be detected, analyzing the configuration file to extract an account number used for logging in the service to be detected and a password ciphertext corresponding to the account number, analyzing a source code file corresponding to the service to be detected, and extracting an encryption algorithm and an encryption key; s2: decrypting the cipher text by the encryption key according to the encryption algorithm to obtain a cipher plaintext; s3: and loading the weak password dictionary, matching the plaintext password with each weak password in the weak password dictionary, and if the plaintext password can be matched with each weak password in the weak password dictionary, judging the password plaintext to be the weak password. The method can not violently initiate authentication flow to the VNC service, occupies a large amount of CPU and network IO resources, and even influences normal authentication; normal authentication flow is not required to be captured to sniff account numbers and passwords, and the risk of influencing business is avoided; and will not be judged as an attack by other systems.
Description
Technical Field
The present invention relates to the field of weak password detection, and in particular, to a weak password detection method, a terminal device, and a storage medium.
Background
In recent years, with the continuous development of internet technology, the intrusion rate and the attack rate of the internet are continuously improved, and the security of the internet system is more and more emphasized. In the aspect of security, the problem of weak service passwords in the system is regarded as a lower security risk, but the problem is utilized frequently, so that the influence is large. How to utilize the prior art and method to detect the weak password problem existing in the service as early as possible is an important link in security defense.
The existing service weak password detection modes generally comprise 2, one mode is brute force detection, namely, the detection is carried out by calling a service client-side related communication API (or a related blasting tool) and inputting an account number and a password in a weak password dictionary in API (blasting tool) parameters for cracking; one is sniffing keyword detection, namely capturing authentication traffic of a client and a server at a service outlet, extracting variables which may be account numbers and passwords, and judging whether the captured account numbers and passwords are weak passwords or not through a weak password dictionary.
For VNC weak passwords, violently detecting VNC weak passwords is the most traditional way, the accuracy is high, but a large number of sessions are established with a server, which may result in that normal business sessions cannot be established, and meanwhile, if VNC supports multiple false authentication account locking mechanisms, the detection effect is greatly reduced. And sniffing keyword detection can grab password related information to crack the password under the condition that VNC authentication flow is plaintext, and verify whether the password is a weak password or not. However, this detection method has its limitations, and firstly, it must have normal authentication traffic for sniffing, secondly, sniff filtering conditions may capture many unnecessary traffic if not configured properly, which affects performance, and finally, VNC authentication process must be plaintext, and if VNC authentication is authenticated by using encryption methods such as TLS and SASL, this method is not applicable.
Disclosure of Invention
In order to solve the above problems, the present invention provides a weak password detection method, a terminal device, and a storage medium.
The specific scheme is as follows:
a weak password detection method comprising the steps of:
s1: reading a configuration file corresponding to the service to be detected, analyzing the configuration file to extract an account number used for logging in the service to be detected and a password ciphertext corresponding to the account number, analyzing a source code file corresponding to the service to be detected, and extracting an encryption algorithm and an encryption key;
s2: decrypting the cipher text by the encryption key according to the encryption algorithm to obtain a cipher plaintext;
s3: and loading the weak password dictionary, matching the plaintext password with each weak password in the weak password dictionary, and if the plaintext password can be matched with each weak password in the weak password dictionary, judging the password plaintext to be the weak password.
Further, if the service to be detected is the VNC, the account for VNC login is obtained through the content of VNCSERVERS in the configuration file.
Further, if the service to be detected is the VNC, the encryption algorithm and the encryption key are analyzed and obtained from the vnpasswd source code.
Further, if the service to be detected is VNC, when the storage file of the cipher text is 16 bytes, the first 8 bytes and the second 8 bytes of cipher text are decrypted respectively to obtain the management cipher text and the cipher text only having the access right.
A weak password detection terminal device includes a processor, a memory, and a computer program stored in the memory and operable on the processor, and when the processor executes the computer program, the processor implements the steps of the method described above in the embodiments of the present invention.
A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method as described above for an embodiment of the invention.
The invention adopts the technical scheme and has the following technical effects:
1. authentication flow can not be violently initiated to the VNC service, a large amount of CPU and network IO resources are occupied, and even normal authentication is influenced;
2. normal authentication flow is not required to be captured to sniff account numbers and passwords, and the risk of influencing business is avoided;
3. and will not be judged as an attack by other systems.
Drawings
Fig. 1 is a flowchart illustrating a first embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating a storage file of a VNC account in this embodiment.
Fig. 3 is a schematic diagram of the 16-byte ciphertext storage file in this embodiment.
Fig. 4 is a schematic diagram of an 8-byte ciphertext storage file in this embodiment.
Fig. 5 is a flowchart showing decryption of the DES algorithm in this embodiment.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
the embodiment of the invention provides a weak password detection method, which takes VNC service as an example for explanation. As shown in fig. 1, the method comprises the steps of:
s1: and reading a configuration file corresponding to the VNC, analyzing the configuration file to extract an account used for VNC login and a password ciphertext corresponding to the account, analyzing a source code file corresponding to the VNC, and extracting an encryption algorithm and an encryption key.
The configuration file corresponding to the VNC is vncservers, as shown in fig. 2, where the value stored in the "VNCSERVERS" field is the desktop number and the corresponding account name, and the storage format is: "desktop number: account name desktop number: account name ". The storage location VNC of the login password used by each account is set and encrypted through a vncpasssw instruction, and the storage format is as shown in fig. 3 and 4, where fig. 3 is a 16-byte ciphertext storage file after the VNC password is encrypted, fig. 4 is an 8-byte ciphertext storage file after the VNC password is encrypted, where the first 8 bytes in the 16-byte ciphertext are a management password ciphertext, and the last 8 bytes are a password ciphertext having only access right.
The decryption of the encrypted password requires to know the encryption algorithm and the encryption key to derive how to implement the decryption scheme, and the encryption algorithm and the encryption key can be analyzed from vnpasswd source codes, and the following results are obtained after the analysis in this embodiment: the Encryption algorithm is DES (Data Encryption Standard), and the Encryption key is a 10-system number "238210763578887" of 8 bytes. Since DES is a symmetric encryption algorithm, the encryption key is the decryption key.
S2: and according to the encryption algorithm, decrypting the cipher text by the encryption key to obtain the cipher plaintext.
The cipher text is decrypted only by realizing a DES decryption method, and then a decryption key and the cipher text are input to obtain a plaintext cipher. It should be noted that, for the 16 bytes of the ciphertext storage file, separate decryption is required, that is, the management cipher ciphertext and the cipher ciphertext having only access right are decrypted separately. The decryption flow through the DES algorithm is shown in fig. 5.
S3: and loading the weak password dictionary, matching the plaintext password with each weak password in the weak password dictionary, and if the plaintext password can be matched with each weak password in the weak password dictionary, judging the password plaintext to be the weak password.
The weak password dictionary is a dictionary stored with known weak passwords.
When a plurality of cipher plaintext is obtained by decryption, it is necessary to determine whether each of the plurality of cipher plaintext is a weak password.
In addition, for other services except the VNC, the method of the present embodiment can be used to detect the weak password only by analyzing the storage principle of the service account and the password.
Example two:
the invention further provides weak password detection terminal equipment, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the method embodiment of the first embodiment of the invention.
Further, as an executable scheme, the weak password detection terminal device may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server. The weak password detection terminal device can include, but is not limited to, a processor and a memory. It is understood by those skilled in the art that the above-mentioned structure of the weak password detection terminal device is only an example of the weak password detection terminal device, and is not limited to the weak password detection terminal device, and may include more or less components than the above-mentioned structure, or combine some components, or different components, for example, the weak password detection terminal device may further include an input/output device, a network access device, a bus, etc., which is not limited by the embodiment of the present invention.
Further, as an executable solution, the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, the processor is a control center of the weak password detection terminal device, and various interfaces and lines are used for connecting various parts of the whole weak password detection terminal device.
The memory may be used for storing the computer program and/or the module, and the processor may implement various functions of the weak password detection terminal device by operating or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
The module/unit integrated with the weak password detection terminal device may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), software distribution medium, and the like.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A weak password detection method is characterized by comprising the following steps:
s1: reading a configuration file corresponding to the service to be detected, analyzing the configuration file to extract an account number used for logging in the service to be detected and a password ciphertext corresponding to the account number, analyzing a source code file corresponding to the service to be detected, and extracting an encryption algorithm and an encryption key;
s2: decrypting the cipher text by the encryption key according to the encryption algorithm to obtain a cipher plaintext;
s3: and loading the weak password dictionary, matching the plaintext password with each weak password in the weak password dictionary, and if the plaintext password can be matched with each weak password in the weak password dictionary, judging the password plaintext to be the weak password.
2. The weak password detection method of claim 1, wherein: and if the service to be detected is the VNC, the account for logging in the VNC is obtained through the content of VNCSERVERS in the configuration file.
3. The weak password detection method of claim 1, wherein: and if the service to be detected is VNC, analyzing and acquiring an encryption algorithm and an encryption key from the vncpasswd source code.
4. The weak password detection method of claim 1, wherein: and if the service to be detected is VNC, respectively decrypting the first 8 bytes and the second 8 bytes of cipher texts when the storage file of the cipher text is 16 bytes to obtain a management cipher text and a cipher text only having access authority.
5. A weak password detection terminal device characterized by: comprising a processor, a memory and a computer program stored in the memory and running on the processor, the processor implementing the steps of the method according to any of claims 1 to 4 when executing the computer program.
6. A computer-readable storage medium storing a computer program, characterized in that: the computer program when executed by a processor implementing the steps of the method as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111564872.7A CN114218561A (en) | 2021-12-20 | 2021-12-20 | Weak password detection method, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111564872.7A CN114218561A (en) | 2021-12-20 | 2021-12-20 | Weak password detection method, terminal equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114218561A true CN114218561A (en) | 2022-03-22 |
Family
ID=80704524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111564872.7A Pending CN114218561A (en) | 2021-12-20 | 2021-12-20 | Weak password detection method, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114218561A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115062293A (en) * | 2022-06-21 | 2022-09-16 | 北京奇艺世纪科技有限公司 | Weak password detection method and device, storage medium, electronic equipment and computer program product |
| CN116846608A (en) * | 2023-06-19 | 2023-10-03 | 北京天融信网络安全技术有限公司 | Weak password identification method, device, system, electronic equipment and storage medium |
-
2021
- 2021-12-20 CN CN202111564872.7A patent/CN114218561A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115062293A (en) * | 2022-06-21 | 2022-09-16 | 北京奇艺世纪科技有限公司 | Weak password detection method and device, storage medium, electronic equipment and computer program product |
| CN116846608A (en) * | 2023-06-19 | 2023-10-03 | 北京天融信网络安全技术有限公司 | Weak password identification method, device, system, electronic equipment and storage medium |
| CN116846608B (en) * | 2023-06-19 | 2024-04-09 | 北京天融信网络安全技术有限公司 | Weak password identification method, device, system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| WO2015188788A1 (en) | Method and apparatus for protecting mobile terminal payment security, and mobile terminal | |
| CN113542253B (en) | Network flow detection method, device, equipment and medium | |
| CN114218561A (en) | Weak password detection method, terminal equipment and storage medium | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| CN111447232A (en) | Network flow detection method and device | |
| CN209803788U (en) | PCIE credible password card | |
| US10635839B2 (en) | Fixed-location IoT device for protecting secure storage access information and method for protecting secure storage access information of fixed-location IoT device | |
| US20140344931A1 (en) | Systems and methods for extracting cryptographic keys from malware | |
| Andriamilanto et al. | A large-scale empirical analysis of browser fingerprints properties for web authentication | |
| CN112182614A (en) | Dynamic Web application protection system | |
| CN103488947A (en) | Method and device for identifying instant messaging client-side account number stealing Trojan horse program | |
| US11411947B2 (en) | Systems and methods for smart contract-based detection of authentication attacks | |
| CN113132329A (en) | WEBSHELL detection method, device, equipment and storage medium | |
| CN113285945A (en) | Communication security monitoring method, device, equipment and storage medium | |
| CN111698253A (en) | Computer network safety system | |
| KR101899774B1 (en) | Data processing method against Randsomeware, computer program therefor and a computer-readable recording meduim on which the program is recorded | |
| EP4068125B1 (en) | Method of monitoring and protecting access to an online service | |
| CN114640524B (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| CN113052045B (en) | Method, apparatus, computing device and medium for identifying finger vein image | |
| CN115664728A (en) | Method, device, equipment and storage medium for enhancing password management application security | |
| CN111611567B (en) | Authentication method and device, electronic whiteboard and computer readable storage medium | |
| CN111600901A (en) | Application authentication method, device, equipment and computer readable storage medium | |
| CN110569646B (en) | File recognition method and medium | |
| CN114826729B (en) | Data processing method, page updating method and related hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |