A user account on your server, especially if you have 100+, can be a problem and the first step to a pwnage. To prevent this we just use John the Ripper + password lists with common passwords and bruteforce our way through.
- Install John the Ripper
- get this password list http://dazzlepod.com/site_media/txt/passwords.txt (it's 10times bigger than the default one)
- unshadow /etc/passwd /etc/shadow > ~/pass.txt
- john -wordlist:passwords.txt ~/pass.txt
This will take some time since it is quite a big list.
If you find something tell the user to change his password.
That's it.
No comments:
Post a Comment