Technical Blog | 技術博客

易,窮則變,變則通,通則久。是以自天佑之,吉無不利。

[Record] Password Policy for Linux User system (Cloud Computing Service Application, Brute Force Cracking)

Introduction

I need to study the password storage strategy of Linux and share my experience with you.

The record line in the Linux /etc/shadow file corresponds to one-to-one in /etc/passwd, and stores the user’s password hash value. It is automatically generated by the pwconv command based on the data in /etc/passwd. Its file format is similar to /etc/passwd and consists of several fields separated by “:”.

These fields are:
Login Name: Encrypted Password: Last Modified Time: Minimum Interval: Maximum Interval: Warning Time: Inactivity Time: Expiration Time: Flag

What can be done (How to use)

1. Violently crack (user can only brute force) the user password in the presence of a shadow file.

2. Implement your own passwd command. It is useful in some scenarios (in cloud computing, it is convenient to generate different passwords for Linux virtual machines using the same template).

Password storage example

[[email protected](cxthhhhh.com) ~]# cat /etc/shadow | grep root
root:$6$bKAu7lVO$xSmIKWueARrfSzza27WQhv1aaeSIZ9FDYtUG1hx2KhsXMsIqKicM1.y9Box16La.9n8wfkV7TcDfELgfaGsSn1:17798:0:99999:7:::

The password ciphertext format stored in the shadow is as follows:

$id$salt$encrypted

①. Where id is the hash algorithm used:
The following values can be taken:
ID | Method

1 | MD5
2a | Blowfish (not in mainline glibc; added in some | Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)

②. Salt: is an interference value that hashes the password using the hash algorithm above.

③. Encrypted: This value is the password hash, but not the direct hash (“passwd”), but the hash (“passwd+salt”), and then encoded.

Requires Attention

1. “Login name” is the user account that matches the login name in the /etc/passwd file.
2. The “Password” field stores the encrypted user password, which is 13 characters long. If it is empty, the corresponding user does not have a password, and does not need a password when logging in; if it contains characters that do not belong to the set {./0-9A-Za-z}, the corresponding user cannot log in.
3. “Last modified time” means the number of days from the moment when the user last modified the password. The starting point of time may be different for different systems. For example, in SCOLinux, the starting point for this time is January 1, 1970.
4. “Minimum time interval” refers to the minimum number of days required between two password changes.
5. “Maximum time interval” refers to the maximum number of days a password remains valid.
6. The “Warning Time” field indicates the number of days between the warning of the user from the start of the system and the official failure of the user’s password.
7. “Inactivity Time” means the maximum number of days that the user has not logged in but the account remains valid.
8. The “Expiration Time” field gives an absolute number of days. If this field is used, the lifetime of the corresponding account is given. After the expiration, the account is no longer a valid account and can no longer be used to log in.

You already know the password storage strategy of Linux

Now you can quickly apply in batches to cloud computing application instances, or brute force Linux passwords.

[Technical Blog | Technology Blog] Telegram exchange channel: https://t.me/me_share (TG discussion group please pay attention to TG channel top message)

This article was posted on the [CXT] Technical Blog | 技術博客, if you need to forward the share, please indicate the source.

[Record] Password Policy for Linux User system (Cloud Computing Service Application, Brute Force Cracking)

点赞