June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
破解密码
|
319
身份验证过程是这样的,创建密码时对输入值进行哈希化处理,并存储该哈
希值。原始密码基本上是比较短的。它不会超过生成哈希值所需的时间。要
进行身份验证,用户输入用户名和密码。输入的值经过哈希化处理,然后将
生成的哈希值与存储的哈希值进行比较。如果值匹配,则用户成功通过身份
验证。但是由于存在冲突的可能性,因此这意味着你不需要知道或猜测原始
密码。你只需要提供一个可以生成与原始密码相同哈希值的值。这就是生日
悖论的实际应用,用它处理概率和哈希值长度。
这意味着我们的工作将会稍微容易一点,因为不一定要重新创建原始密码。
但是,这取决于哈希算法的深度。不同操作系统将以不同的方式存储密码。
Windows
使用安全账户管理器(
Security Account Manager
,
SAM
),
Linux
使用可插拔验证模块(
pluggable authentication module
,
PAM
)来处理身份验
证。这些可以使用标准的、基于文本的密码和
shadow
文件进行身份验证。
安全账户管理器
(
SAM
)
自从
Windows XP
问世以来,
Microsoft
就一直在使用
SAM
。
SAM
在
Windows
中是由注册表维护的,并且受到未授权用户的访问保护。但是授权
用户可以读取
SAM
并查找哈希化的密码。要获取破解的密码,攻击者需要获
得系统级或者管理员权限。
密码以前是用
LanManager
(
LM
)哈希存储。
LM
哈希存在很多问题。创建
LM
哈希的过程是通过填写密码或截断密码并将小写转换成大写来获取
14
字
节的值。然后将
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.