1. #!/usr/bin/perl
2.
3. # crack.pl
4.
5. use English;
6. use FileHandle;
7.
8. #Set ALL USER s pictures
9. #$FORMAT_NAME =
"AUSER";
10. #$FORMAT_TOP_NAME =
"AUSER_TOP";
11. $~ =
"AUSER";
12. $^ =
"AUSER_TOP";
13.
14. # Step 1:
15. # Get all account list,and genarate a report.
16. # In the mean time get system users names and
17. # passwords,get ready
for cracking.
18.
19. my $allcount = 0;
20. my $syscount = 0;
21. my $lockcount = 0;
22. my $unknown = 0;
23. my @encrypt = ();
24. my @users = ();
25.
while (($account,$passwd,$uid,$gid,$quota,$coment,$gcos,$home,$shell) = getpwent())
26. {
27. write;
28. $allcount ++;
29.
if ($passwd =~ /\$/){
30. $users[$syscount] = $account;
31. $encrypt[$syscount] = $passwd;
32. $syscount++;
33. }elsif($passwd =~ /\*/ || $passwd =~ /\!/ || $passwd =~ /x/){
34. $lockcount++;
35. }
36. }
37. $unknown = $allcount - $syscount - $lockcount;
38.
39. # Print table Header.
40. format AUSER_TOP =
41. =========================================================================================
42. Name Password UID GID Home Shell
43. =========================================================================================
44. .
45. # Print table Body.
46. format AUSER =
47. @<<<@<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@<<<<<@<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<
48. $allcount+1,$account,$passwd,$uid,$gid,$home,$shell
49. .
50. # Print some statistics on footer.
51. print
"\n=====================================================================================\n";
52. print $allcount.
" accounts, ".$syscount.
" systems user(s), ".$lockcount.
"accounts locked, ".$unknown.
" accounts unknown.\n";
53. print
"=====================================================================================\n";
54.
55. # Step 1 ends...
56.
57. # Step 2:
58. # Get all system user salt.
59.
60. my $i = 0;
61. my $escstring;
62. my @salt = ();
63.
foreach $user(@users){
64. $escstring = (getpwnam($user))[1];
65. $salt[$i] = substr($escstring,0,12);
66. $i++;
67. }
68. # Step 2 ends...
69.
70. # Step 3:
71. # Read password from list,crypt them with
72. # each salt.Compare the crypted password from list
73. # with /etc/shadow
74.
75. my $word_count = 0;
76. my $j = 0;
77. my $n = 0;
78. my @word = ();
79. my $encstring;
80. my @baduser = ();
81. my @badpasswd = ();
82. # Open file to read word list.
83. open (DICT,
"password.lst") or die
"file error:$!\n";
84. @words = <DICT>;
85. chomp @words;
86. $word_count = @words;
87. # Crack begins....
88.
for ($i = 0; $i < $syscount; $i++){ # Crack The $i`th user's password.
89. print
"Testing $users[$i] password\n";
90.
for ($j = 0; $j < $word_count; $j++){
91. $encstring = crypt($words[$j],$salt[$i]);
92.
if ($encstring eq $encrypt[$i]){
93. $baduser[$n] = $users[$i];
94. $badpasswd[$n] = $words[$j];
95. $n++;
96. print
"Password cracked.\n";
97. last;
98. }
99. } # Continue the crack process.
100. }
101. # Crack ends.
102.
103. # Display result.
104.
if ($n != 0){
105. print
"$n bad account(s).\n";
106. print
"The following is list:\n";
107.
for ($i = 0; $i < $n; $i++){
108. print
"$baduser[$i] : $badpasswd[$i]\n";
109. }
110. print
"The password(s) is(are) based on dictory,please change it immdiately.\n";
111. }
else{
112. print
"No password cracked";
113. }
转载于:https://blog.51cto.com/drinkey/56124
82
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
