CN112182555A - Weak password detection method, device, electronic apparatus, storage medium, and program - Google Patents
Weak password detection method, device, electronic apparatus, storage medium, and program Download PDFInfo
- Publication number
- CN112182555A CN112182555A CN202010850035.XA CN202010850035A CN112182555A CN 112182555 A CN112182555 A CN 112182555A CN 202010850035 A CN202010850035 A CN 202010850035A CN 112182555 A CN112182555 A CN 112182555A
- Authority
- CN
- China
- Prior art keywords
- password
- target
- weak
- user
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 117
- 238000000034 method Methods 0.000 claims abstract description 136
- 230000008569 process Effects 0.000 claims abstract description 116
- 238000004590 computer program Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a weak password detection method, a weak password detection device, electronic equipment, a storage medium and a program. And acquiring a target password corresponding to a target user name to be subjected to weak password detection from the user name and the password stored in the memory occupied by the security authority process, and further performing weak password detection on the target password. The target password corresponding to a certain target user name is obtained through the memory address and the storage position used for storing the user name and the password in the memory occupied by the predetermined security authority process, and therefore weak password detection of the target password is achieved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a weak password detection method, device, electronic device, storage medium, and program.
Background
After a user name and a password for login are set for an operating system (e.g., a windows operating system), the user name and the password registered in advance in the operating system need to be logged in when the operating system is logged in, when the operating system is remotely controlled, when a user who logs in the operating system is switched, and the like. Cryptographic problems with operating systems are now posing increasing risks. However, in the prior art, since the user name and the password for logging in the operating system cannot be obtained, it is also impossible to detect whether the password registered by the user belongs to a weak password.
Therefore, the prior art cannot detect whether the password registered by the user belongs to a weak password or not.
Disclosure of Invention
The embodiment of the invention provides a weak password detection method, a weak password detection device, electronic equipment, a storage medium and a program, which are used for solving the problem that whether a password registered by a user belongs to a weak password cannot be detected in the prior art.
In view of the above technical problems, in a first aspect, an embodiment of the present invention provides a weak password detection method, including:
after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system;
determining a storage position used for storing a user name and a password in a memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position;
and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
Optionally, before determining a storage location for storing the user name and the password in the memory occupied by the security authority process, the method further includes:
acquiring a plurality of groups of user names and passwords registered in the operating system as the user names and passwords of the experimental groups;
after logging in the operating system through the user name and the password of any experimental group, acquiring changed information from the memory occupied by the security permission process according to the memory address;
matching the user name and the password of any experimental group in the changed information, and recording the storage position of the user name and the password which are successfully matched with the user name and the password of any experimental group;
and taking the recorded storage positions of the user names and the passwords which are successfully matched with the user names and the passwords of each experimental group as the storage positions for storing the user names and the passwords in the internal memory occupied by the security authority process.
Optionally, the obtaining, according to the memory address and the storage location, a user name and a password stored in a memory occupied by the security authority process includes:
and accessing the memory occupied by the security authority process according to the memory address, and acquiring each group of user names and passwords stored in the memory occupied by the security authority process according to the storage position from the memory occupied by the security authority process.
Optionally, the performing weak password detection on the target password includes:
if the target password is an encrypted password, judging whether an encrypted password matched with the target password exists in a preset dictionary library, and if so, determining that the target password is a weak password; the preset dictionary library comprises a plaintext password and an encrypted password corresponding to the identified weak password;
and/or if the target password is a plaintext password, determining that the target password is a weak password when the target password meets a preset detection condition; wherein the preset detection condition comprises at least one of the following conditions: the target password is the same as the target user name, the number of characters contained in the target password is smaller than a preset number threshold, the type of characters contained in the target password is smaller than a preset type threshold, and a plaintext password matched with the target password exists in the preset dictionary bank.
Optionally, the method further comprises:
if the preset dictionary library does not have the encryption password matched with the target password, acquiring the encryption password in a user-defined weak password library as a user-defined encryption password; the user-defined encryption password comprises an encryption password corresponding to a weak password meeting a user-defined detection condition and/or an encryption password corresponding to a user-defined weak password;
if the user-defined encrypted password has an encrypted password matched with the target password, the target password is determined to be a weak password;
if the user-defined encrypted password does not have an encrypted password matched with the target password, judging whether the target password is a null password, and if so, determining that the target password is a weak password.
Optionally, the method further comprises:
if the target password does not accord with any preset detection condition, acquiring a self-defined detection condition in a self-defined weak password library and/or a plaintext password corresponding to the self-defined weak password;
if the target password meets any user-defined detection condition or an encrypted password matched with the target password exists in a plaintext password corresponding to a user-defined weak password, determining that the target password is the weak password;
if the target password does not accord with each user-defined detection condition and the encrypted password matched with the target password does not exist in the plaintext password corresponding to the user-defined weak password, judging whether the target password is an empty password or not, and if so, determining that the target password is the weak password.
In a second aspect, an embodiment of the present invention provides a weak password detection apparatus, including:
the first acquisition module is used for acquiring the memory address of a memory occupied by a security authority process in an operating system after the operating system is started; the security authority process is used for verifying a login user name and a login password when logging in the operating system;
the second acquisition module is used for determining a storage position used for storing a user name and a password in the memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position;
and the detection module is used for acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the weak password detection method described above when executing the program.
In a fourth aspect, an embodiment of the present invention provides a non-transitory readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the weak password detection method described in any one of the above.
In a fifth aspect, an embodiment of the present invention provides a computer program, which when executed by a processor implements the steps of the weak password detection method described in any one of the above.
The embodiment of the invention provides a weak password detection method, a weak password detection device, electronic equipment, a storage medium and a program. And acquiring a target password corresponding to a target user name to be subjected to weak password detection from the user name and the password stored in the memory occupied by the security authority process, and further performing weak password detection on the target password. The target password corresponding to a certain target user name is obtained through the memory address and the storage position used for storing the user name and the password in the memory occupied by the predetermined security authority process, and therefore weak password detection of the target password is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a weak password detection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a specific flow chart of weak password detection according to another embodiment of the present invention;
FIG. 3 is a block diagram of a weak password detection apparatus according to another embodiment of the present invention;
fig. 4 is a schematic physical structure diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Related background introduction to the present application:
the security rights process (which may be, for example, lsass. exe) is typically opened at the start of the operating system. The security authority process is a security mechanism of the operating system, and is generally used for verifying a login user name and a login password when a user logs in the operating system. Therefore, the memory occupied by the security authority process stores the user name and the password for logging in the system. However, since the security authority process occupies a large amount of data stored in the memory, and the user name and the password (especially when the password is an encrypted password, the encrypted password is also stored) are unknown at a specific storage location in the memory, the user name and the password cannot be read from the memory occupied by the security authority process. Therefore, the difficulty of weak password detection on the password of the login system is greatly increased.
In order to solve the technical problem, the present embodiment provides a weak password detection method, which is suitable for an operating system, and for example, can be executed by a module in the operating system that detects a weak password. Fig. 1 is a schematic flow chart of a weak password detection method provided in this embodiment, and referring to fig. 1, the weak password detection method includes:
step 101: after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; and the safety authority process is used for verifying a login user name and a login password when logging in the operating system.
Specifically, after the operating system is started, a process ID corresponding to the security authority process is acquired according to a name (e.g., lsass) of the security authority process, and the security authority process is accessed according to the acquired process ID to obtain process information of the security authority process. And acquiring the memory address of the memory occupied by the security authority process from the obtained process information.
Step 102: and determining a storage position used for storing the user name and the password in the memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position.
The storage positions of the internal memory occupied by the security authority process for storing the user names and the passwords are determined according to the change of changed information (such as newly added information and/or changed information) in the internal memory occupied by the security authority process when the operating system is logged in each time, so that the operating system is logged in advance through the user names and the passwords of a plurality of experimental groups, and the storage positions of the internal memory occupied by the security authority process for storing the user names and the passwords of all groups are determined.
Step 101 and step 102 may be implemented by dynamically linking library dll files.
Step 103: and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
If the target user name does not exist in the at least one group of user name and password, sending first prompt information to prompt relevant personnel about possible problems in troubleshooting.
After weak password detection is performed on the target password, the method further comprises the following steps: and clearing the read at least one group of user name and password.
After weak password detection is performed on the target password, the method further comprises the following steps: and if the target password is a weak password, sending out second prompt information.
It should be noted that, in the method provided in this embodiment, at least one group of user name and password is directly obtained, and the read at least one group of user name and password is removed after weak password detection is performed on the target password, so that leakage of the read user name and password is avoided, and the security of the system is improved. The target password is typically passed by the business layer to a module in the operating system that detects weak passwords.
The embodiment provides a weak password detection method, which obtains a user name and a password stored in a memory occupied by a security authority process from the memory occupied by the security authority process through a memory address and a predetermined storage position used for storing the user name and the password in the memory occupied by the security authority process. And acquiring a target password corresponding to a target user name to be subjected to weak password detection from the user name and the password stored in the memory occupied by the security authority process, and further performing weak password detection on the target password. The target password corresponding to a certain target user name is obtained through the memory address and the storage position used for storing the user name and the password in the memory occupied by the predetermined security authority process, and therefore weak password detection of the target password is achieved.
Further, on the basis of the above embodiment, before determining a storage location for storing the user name and the password in the memory occupied by the security authority process, the method further includes:
acquiring a plurality of groups of user names and passwords registered in the operating system as the user names and passwords of the experimental groups;
after logging in the operating system through the user name and the password of any experimental group, acquiring changed information from the memory occupied by the security permission process according to the memory address;
matching the user name and the password of any experimental group in the changed information, and recording the storage position of the user name and the password which are successfully matched with the user name and the password of any experimental group;
and taking the recorded storage positions of the user names and the passwords which are successfully matched with the user names and the passwords of each experimental group as the storage positions for storing the user names and the passwords in the internal memory occupied by the security authority process.
The changed information refers to information that changes occur in a memory occupied by the security permission process after logging in the operating system through a user name and a password of any experimental group. The changed information may be newly added information and/or changed information. The changed information includes not only the user name and password but also various information such as log, login time, login location, and the like. In order to locate the user name and the password of any experimental group from the changed information, the user name of any experimental group needs to be matched from the changed information so as to determine the storage location corresponding to the user name of any experimental group, and the password (which may be a plaintext password or an encrypted password) of any experimental group needs to be matched from the changed information so as to determine the storage location corresponding to the password of any experimental group. And recording the storage positions of the user name and the password of any experimental group. By analogy, the storage positions of the user names and the passwords of a plurality of experimental groups can be recorded, and the storage positions used for storing the user names and the passwords in the memory occupied by the security authority process are obtained.
The recorded storage positions of the user names and the passwords of the plurality of experimental groups reflect the storage positions of the logged user names and the logged passwords in the internal memory occupied by the security authority process every time. Through the recorded storage positions, the user name and the password in the memory occupied by the security permission process can be obtained through the memory address.
In this embodiment, the storage positions, used for storing the user name and the password, in the memory occupied by the security authority process are determined through the user names and the passwords of the plurality of experimental groups, and the user name and the password in the memory occupied by the security authority process can be obtained through the storage position, used for storing the user name and the password, in the memory occupied by the security authority process, so that weak password detection on a target password corresponding to a certain target user name is realized.
Further, on the basis of the foregoing embodiments, the obtaining, according to the memory address and the storage location, the user name and the password stored in the memory occupied by the security authority process includes:
and accessing the memory occupied by the security authority process according to the memory address, and acquiring each group of user names and passwords stored in the memory occupied by the security authority process according to the storage position from the memory occupied by the security authority process.
It can be understood that when the storage location records enough user names and passwords, each user name and password in the memory occupied by the security authority process can be read by traversing the storage location used for storing each group of user name and password in the memory occupied by the security authority process.
In the implementation, the user name and the password in the memory occupied by the security authority process are read through the storage position, so that weak password detection can be performed on a certain password of the login system.
Further, on the basis of the foregoing embodiment, the weak password detection on the target password includes:
if the target password is an encrypted password, judging whether an encrypted password matched with the target password exists in a preset dictionary library, and if so, determining that the target password is a weak password; the preset dictionary library comprises a plaintext password and an encrypted password corresponding to the identified weak password;
and/or the presence of a gas in the gas,
if the target password is a plaintext password, the target password is determined to be a weak password when the target password meets a preset detection condition; wherein the preset detection condition comprises at least one of the following conditions: the target password is the same as the target user name, the number of characters contained in the target password is smaller than a preset number threshold, the type of characters contained in the target password is smaller than a preset type threshold, and a plaintext password matched with the target password exists in the preset dictionary bank.
The encryption password may be a value, such as a hash value, that encrypts the plaintext password. The storage in the memory occupied by the security right process may be an encrypted password.
The preset dictionary library stores some plaintext passwords and encrypted passwords corresponding to weak passwords which are determined according to experience.
The preset number threshold is a set value, for example, 7 bits. The preset category threshold is a set value, for example, 2. The character types may include: special characters, numbers and letters. When the target password contains only one character, the target password is determined to be a weak password.
In the embodiment, for two situations that the target password is a plaintext password and an encrypted password, the weak password is detected in different modes, so that the weak password detection is realized.
Further, on the basis of the above embodiment, the method further includes:
if the preset dictionary library does not have the encryption password matched with the target password, acquiring the encryption password in a user-defined weak password library as a user-defined encryption password; the user-defined encryption password comprises an encryption password corresponding to a weak password meeting a user-defined detection condition and/or an encryption password corresponding to a user-defined weak password;
if the user-defined encrypted password has an encrypted password matched with the target password, the target password is determined to be a weak password;
if the user-defined encrypted password does not have an encrypted password matched with the target password, judging whether the target password is a null password, and if so, determining that the target password is a weak password.
Further, on the basis of the above embodiments, the method further includes:
if the target password does not accord with any preset detection condition, acquiring a self-defined detection condition in a self-defined weak password library and/or a plaintext password corresponding to the self-defined weak password;
if the target password meets any user-defined detection condition or an encrypted password matched with the target password exists in a plaintext password corresponding to a user-defined weak password, determining that the target password is the weak password;
if the target password does not accord with each user-defined detection condition and the encrypted password matched with the target password does not exist in the plaintext password corresponding to the user-defined weak password, judging whether the target password is an empty password or not, and if so, determining that the target password is the weak password.
The user-defined weak password library is a self-defined password library which is changed according to the strategy and belongs to the weak password. For example, when the password complexity needs to be improved, a new weak password detection condition can be set by self-definition, and some specific weak passwords can also be self-defined. For example, if the number of characters included in the target password is less than 7 bits and is defined as a weak password in the preset detection condition, the number of characters included in the target password may be less than 10 bits and is defined as a weak password in the custom detection condition.
The judging whether the target password is an empty password further comprises: and if the target password is not the null password, the target password does not belong to the weak password.
Specifically, if the target password is an encrypted password, whether an encrypted password matched with the target password exists in the user-defined weak password library is judged, and if so, the target password is a weak password. If the target password is a plaintext password, judging whether a plaintext password matched with the target password exists in the user-defined weak password library or whether the target password meets user-defined detection conditions, and if so, judging that the target password is a weak password.
In the implementation, whether the target password is a weak password is further judged by the user-defined weak password library, and the user-defined weak password library can define detection conditions and define some weak passwords. The user-defined weak password library can be set according to actual needs, and the flexibility of weak password detection is improved. The weak password detection of the target password is realized by self-defining the weak password library and judging whether the password is a null password.
Fig. 2 is a schematic diagram of a specific flow of weak password detection provided in this embodiment, and referring to fig. 2, the process includes the following steps:
(1) and after receiving the user name transmitted by the application layer, starting a weak password detection program.
(2) After the weak password detection program is started, a password corresponding to the user name is acquired from a system process lsass.
(3) If the password is a plaintext password, comparing the following conditions, and judging as a weak password if any condition is met:
the password is the same as the account number; the password length is less than or equal to 7; special characters, numbers and letters do not exist simultaneously; bin is preset in a dictionary library pswdddict; the console of the console self-defines a weak password library 360Safe \ EntClient \ data \ epg.dat; a null password.
(4) If the password is the encrypted password, for example, the HASH value (win10 high version), the following comparisons are made, and any one condition is met, then the password is determined to be a weak password:
bin is preset in a dictionary library pswdddict; the console of the console self-defines a weak password library 360Safe \ EntClient \ data \ epg.dat; a null password.
Therefore, the password or the hash value stored in the memory when the terminal operating system logs in is read in the memory obtaining mode, the password or the hash value is compared with the password rule or the weak password library, when the password which does not meet the requirement is found, the terminal can be directly warned, the password modification can be required to be carried out on the terminal, the password requirement is met, and the safety protection capability of the terminal is improved.
Fig. 3 is a block diagram of a weak password detection apparatus provided in this embodiment, and referring to fig. 3, the weak password detection apparatus includes a first obtaining module 301, a second obtaining module 302, and a detection module 303303, wherein,
the first obtaining module 301 is configured to obtain, after an operating system is started, a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system;
a second obtaining module 302, configured to determine a storage location in the memory occupied by the security authority process, where the storage location is used to store a user name and a password, and obtain the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage location;
the detection module 303 is configured to obtain a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and perform weak password detection on the target password.
The weak password detection apparatus provided in this embodiment is suitable for the weak password detection method provided in the above embodiments, and will not be described herein again.
The embodiment provides a weak password detection apparatus, which obtains a user name and a password stored in a memory occupied by a security authority process from the memory occupied by the security authority process through a memory address and a storage location used for storing the user name and the password in the memory occupied by the predetermined security authority process. And acquiring a target password corresponding to a target user name to be subjected to weak password detection from the user name and the password stored in the memory occupied by the security authority process, and further performing weak password detection on the target password. The target password corresponding to a certain target user name is obtained through the memory address and the storage position used for storing the user name and the password in the memory occupied by the predetermined security authority process, and therefore weak password detection of the target password is achieved.
Optionally, before determining a storage location for storing the user name and the password in the memory occupied by the security authority process, the method further includes:
acquiring a plurality of groups of user names and passwords registered in the operating system as the user names and passwords of the experimental groups;
after logging in the operating system through the user name and the password of any experimental group, acquiring changed information from the memory occupied by the security permission process according to the memory address;
matching the user name and the password of any experimental group in the changed information, and recording the storage position of the user name and the password which are successfully matched with the user name and the password of any experimental group;
and taking the recorded storage positions of the user names and the passwords which are successfully matched with the user names and the passwords of each experimental group as the storage positions for storing the user names and the passwords in the internal memory occupied by the security authority process.
Optionally, the obtaining, according to the memory address and the storage location, a user name and a password stored in a memory occupied by the security authority process includes:
and accessing the memory occupied by the security authority process according to the memory address, and acquiring each group of user names and passwords stored in the memory occupied by the security authority process according to the storage position from the memory occupied by the security authority process.
Optionally, the performing weak password detection on the target password includes:
if the target password is an encrypted password, judging whether an encrypted password matched with the target password exists in a preset dictionary library, and if so, determining that the target password is a weak password; the preset dictionary library comprises a plaintext password and an encrypted password corresponding to the identified weak password;
and/or the presence of a gas in the gas,
if the target password is a plaintext password, the target password is determined to be a weak password when the target password meets a preset detection condition; wherein the preset detection condition comprises at least one of the following conditions: the target password is the same as the target user name, the number of characters contained in the target password is smaller than a preset number threshold, the type of characters contained in the target password is smaller than a preset type threshold, and a plaintext password matched with the target password exists in the preset dictionary bank.
Optionally, the method further comprises:
if the preset dictionary library does not have the encryption password matched with the target password, acquiring the encryption password in a user-defined weak password library as a user-defined encryption password; the user-defined encryption password comprises an encryption password corresponding to a weak password meeting a user-defined detection condition and/or an encryption password corresponding to a user-defined weak password;
if the user-defined encrypted password has an encrypted password matched with the target password, the target password is determined to be a weak password;
if the user-defined encrypted password does not have an encrypted password matched with the target password, judging whether the target password is a null password, and if so, determining that the target password is a weak password.
Optionally, the method further comprises:
if the target password does not accord with any preset detection condition, acquiring a self-defined detection condition in a self-defined weak password library and/or a plaintext password corresponding to the self-defined weak password;
if the target password meets any user-defined detection condition or an encrypted password matched with the target password exists in a plaintext password corresponding to a user-defined weak password, determining that the target password is the weak password;
if the target password does not accord with each user-defined detection condition and the encrypted password matched with the target password does not exist in the plaintext password corresponding to the user-defined weak password, judging whether the target password is an empty password or not, and if so, determining that the target password is the weak password.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a processor (processor)401, a communication Interface (communication Interface)402, a memory (memory)403 and a communication bus 404, wherein the processor 401, the communication Interface 402 and the memory 403 complete communication with each other through the communication bus 404. Processor 401 may call logic instructions in memory 403 to perform the following method: after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system; determining a storage position used for storing a user name and a password in a memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position; and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
In addition, the logic instructions in the memory 403 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Further, an embodiment of the present invention discloses a computer program product, the computer program product comprising a computer program stored on a non-transitory readable storage medium, the computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the method provided by the above-mentioned method embodiments, for example, including: after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system; determining a storage position used for storing a user name and a password in a memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position; and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
In another aspect, an embodiment of the present invention further provides a non-transitory readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the transmission method provided in the foregoing embodiments when executed by a processor, for example, the method includes: after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system; determining a storage position used for storing a user name and a password in a memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position; and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a readable storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A weak password detection method, comprising:
after an operating system is started, acquiring a memory address of a memory occupied by a security authority process in the operating system; the security authority process is used for verifying a login user name and a login password when logging in the operating system;
determining a storage position used for storing a user name and a password in a memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position;
and acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
2. The weak password detection method according to claim 1, wherein before determining the storage location for storing the user name and the password in the memory occupied by the security authority process, the method further comprises:
acquiring a plurality of groups of user names and passwords registered in the operating system as the user names and passwords of the experimental groups;
after logging in the operating system through the user name and the password of any experimental group, acquiring changed information from the memory occupied by the security permission process according to the memory address;
matching the user name and the password of any experimental group in the changed information, and recording the storage position of the user name and the password which are successfully matched with the user name and the password of any experimental group;
and taking the recorded storage positions of the user names and the passwords which are successfully matched with the user names and the passwords of each experimental group as the storage positions for storing the user names and the passwords in the internal memory occupied by the security authority process.
3. The weak password detection method according to claim 2, wherein the obtaining of the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage location includes:
and accessing the memory occupied by the security authority process according to the memory address, and acquiring each group of user names and passwords stored in the memory occupied by the security authority process according to the storage position from the memory occupied by the security authority process.
4. The weak password detection method of claim 1, wherein the weak password detection of the target password comprises:
if the target password is an encrypted password, judging whether an encrypted password matched with the target password exists in a preset dictionary library, and if so, determining that the target password is a weak password; the preset dictionary library comprises a plaintext password and an encrypted password corresponding to the identified weak password;
and/or the presence of a gas in the gas,
if the target password is a plaintext password, the target password is determined to be a weak password when the target password meets a preset detection condition; wherein the preset detection condition comprises at least one of the following conditions: the target password is the same as the target user name, the number of characters contained in the target password is smaller than a preset number threshold, the type of characters contained in the target password is smaller than a preset type threshold, and a plaintext password matched with the target password exists in the preset dictionary bank.
5. The weak password detection method of claim 4, further comprising:
if the preset dictionary library does not have the encryption password matched with the target password, acquiring the encryption password in a user-defined weak password library as a user-defined encryption password; the user-defined encryption password comprises an encryption password corresponding to a weak password meeting a user-defined detection condition and/or an encryption password corresponding to a user-defined weak password;
if the user-defined encrypted password has an encrypted password matched with the target password, the target password is determined to be a weak password;
if the user-defined encrypted password does not have an encrypted password matched with the target password, judging whether the target password is a null password, and if so, determining that the target password is a weak password.
6. The weak password detection method of claim 4, further comprising:
if the target password does not accord with any preset detection condition, acquiring a self-defined detection condition in a self-defined weak password library and/or a plaintext password corresponding to the self-defined weak password;
if the target password meets any user-defined detection condition or an encrypted password matched with the target password exists in a plaintext password corresponding to a user-defined weak password, determining that the target password is the weak password;
if the target password does not accord with each user-defined detection condition and the encrypted password matched with the target password does not exist in the plaintext password corresponding to the user-defined weak password, judging whether the target password is an empty password or not, and if so, determining that the target password is the weak password.
7. A weak password detection apparatus, comprising:
the first acquisition module is used for acquiring the memory address of a memory occupied by a security authority process in an operating system after the operating system is started; the security authority process is used for verifying a login user name and a login password when logging in the operating system;
the second acquisition module is used for determining a storage position used for storing a user name and a password in the memory occupied by the security authority process, and acquiring the user name and the password stored in the memory occupied by the security authority process according to the memory address and the storage position;
and the detection module is used for acquiring a target password corresponding to a target user name to be subjected to weak password detection according to the user name and the password stored in the memory occupied by the security authority process, and performing weak password detection on the target password.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the weak password detection method according to any of claims 1 to 6 are implemented when the processor executes the program.
9. A non-transitory readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the weak password detection method according to any one of claims 1 to 6.
10. A computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the weak password detection method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010850035.XA CN112182555A (en) | 2020-08-21 | 2020-08-21 | Weak password detection method, device, electronic apparatus, storage medium, and program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010850035.XA CN112182555A (en) | 2020-08-21 | 2020-08-21 | Weak password detection method, device, electronic apparatus, storage medium, and program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112182555A true CN112182555A (en) | 2021-01-05 |
Family
ID=73925130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010850035.XA Pending CN112182555A (en) | 2020-08-21 | 2020-08-21 | Weak password detection method, device, electronic apparatus, storage medium, and program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112182555A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112948815A (en) * | 2021-04-16 | 2021-06-11 | 厦门腾云信安科技有限公司 | Off-line weak password checking method and device based on Hash matching |
| CN114257442A (en) * | 2021-12-20 | 2022-03-29 | 山石网科通信技术股份有限公司 | Method and device for detecting transmission loophole and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834840A (en) * | 2014-07-03 | 2015-08-12 | 中国人民解放军92728部队 | Password protection method based on mapping drifting technology |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN105893107A (en) * | 2016-04-29 | 2016-08-24 | 山东省计算中心(国家超级计算济南中心) | Method for acquiring logged-on user password from memory mirroring documents of 64-bit Windows operation system |
| CN111447204A (en) * | 2020-03-24 | 2020-07-24 | 深信服科技股份有限公司 | Weak password detection method, device, equipment and medium |
-
2020
- 2020-08-21 CN CN202010850035.XA patent/CN112182555A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834840A (en) * | 2014-07-03 | 2015-08-12 | 中国人民解放军92728部队 | Password protection method based on mapping drifting technology |
| CN105184146A (en) * | 2015-06-05 | 2015-12-23 | 北京北信源软件股份有限公司 | Method and system for checking weak password of operating system |
| CN105893107A (en) * | 2016-04-29 | 2016-08-24 | 山东省计算中心(国家超级计算济南中心) | Method for acquiring logged-on user password from memory mirroring documents of 64-bit Windows operation system |
| CN111447204A (en) * | 2020-03-24 | 2020-07-24 | 深信服科技股份有限公司 | Weak password detection method, device, equipment and medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112948815A (en) * | 2021-04-16 | 2021-06-11 | 厦门腾云信安科技有限公司 | Off-line weak password checking method and device based on Hash matching |
| CN114257442A (en) * | 2021-12-20 | 2022-03-29 | 山石网科通信技术股份有限公司 | Method and device for detecting transmission loophole and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9811674B2 (en) | Data leakage prevention system, method, and computer program product for preventing a predefined type of operation on predetermined data | |
| CN109155774B (en) | System and method for detecting security threats | |
| CN101667232B (en) | Terminal credible security system and method based on credible computing | |
| CN113660224A (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| US20170155683A1 (en) | Remedial action for release of threat data | |
| US9516031B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| CN112182555A (en) | Weak password detection method, device, electronic apparatus, storage medium, and program | |
| CN114117539A (en) | Data protection method and device | |
| CN114417326A (en) | Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium | |
| CN114268475A (en) | Malicious script intercepting method, system, server and computer readable storage medium | |
| JP2019075131A (en) | Method for monitoring file access, program, and system | |
| CN109522683A (en) | Software source tracing method, system, computer equipment and storage medium | |
| CN106130968B (en) | A kind of identity identifying method and system | |
| CN116595573B (en) | Data security reinforcement method and device for traffic management information system | |
| KR102542213B1 (en) | Real-time encryption/decryption security system and method for data in network based storage | |
| CN111800390A (en) | Abnormal access detection method, device, gateway equipment and storage medium | |
| CN114257404B (en) | Abnormal external connection statistical alarm method, device, computer equipment and storage medium | |
| CN117150453B (en) | Network application detection method, device, equipment, storage medium and program product | |
| CN113923012B (en) | Fingerprint generation method and tamper-proof method of client device | |
| CN113452718B (en) | Active defense method and system for exclusive storage space | |
| CN113722774A (en) | Information elimination method, system, equipment and storage medium based on authorization and authentication | |
| CN112100591A (en) | Method for reinforcing safety information of computer host | |
| CN115982771A (en) | Data security protection method and device | |
| CN113961948A (en) | Authority identification method and device, electronic equipment and storage medium | |
| CN115758360A (en) | File management and storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |