CN115442097A - Weak password identification method and related equipment - Google Patents

Weak password identification method and related equipment Download PDF

Info

Publication number
CN115442097A
CN115442097A CN202211028425.4A CN202211028425A CN115442097A CN 115442097 A CN115442097 A CN 115442097A CN 202211028425 A CN202211028425 A CN 202211028425A CN 115442097 A CN115442097 A CN 115442097A
Authority
CN
China
Prior art keywords
target computer
password
computer
net
condition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211028425.4A
Other languages
Chinese (zh)
Inventor
刘晓鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Abt Networks Co ltd
Original Assignee
Beijing Abt Networks Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Abt Networks Co ltd filed Critical Beijing Abt Networks Co ltd
Priority to CN202211028425.4A priority Critical patent/CN115442097A/en
Publication of CN115442097A publication Critical patent/CN115442097A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a weak password identification method, which comprises the following steps: identifying a communication protocol of a network to which a target computer belongs; under the condition that the communication protocol is an SMB protocol, acquiring a login password of the target computer through a flow acquisition technology; acquiring Net-NTLMHash information corresponding to the login password of the target computer; and determining the password strength condition of the target computer through the Net-NTLMHash information corresponding to the built-in weak password set and the login password of the target computer. Therefore, the flow collection is carried out on the computer in the domain server, the corresponding Net-NTLM Hash information is obtained based on the collected login password information, the password strength condition of the target computer is determined according to the matching condition of the built-in weak password set and the Net-NTLM Hash information corresponding to the login password of the target computer, the data collection operation can be simplified, the verification of the password strength is realized in an off-line state, the influence on the server in the weak password identification process can be reduced, and the identification efficiency is improved.

Description

Weak password identification method and related equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a weak password identification method and related devices.
Background
The weak password is easy to be deciphered, and is mostly a simple number combination, a number combination the same as an account number, a proximity key on a keyboard or a common name and the like. When a weak password exists in the domain server, it means that the security in the domain server is reduced, and the risk of information leakage is greatly increased.
The current weak password identification method needs to derive SAM files from a domain server, generates a weak password hash library identical to a domain control password algorithm, performs password detection based on the weak password hash library, needs to acquire administrator permission, is complex in detection process, complex in operation and high in time cost, and has the risk of low detection success rate after being used for a period of time due to timeliness of the weak password hash library, so that the safety of the domain server is affected.
Disclosure of Invention
The invention provides a weak password identification method, which aims to solve the problems of complex detection process, complex operation and high time cost caused by the fact that the current weak password identification method needs to acquire administrator permission and export SAM files from a domain server, and meanwhile, due to the fact that the weak password hash is stored in a time-efficient manner, the detection success rate is reduced along with the change of time, and the safety of the domain server is further influenced.
In a first aspect, the present invention provides a weak password identification method, including:
identifying a communication protocol of a network to which a target computer belongs;
under the condition that the communication protocol is an SMB protocol, acquiring a login password of the target computer through a flow acquisition technology;
acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and determining the password strength condition of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
Optionally, the method further includes:
acquiring account information of the target computer;
acquiring a server account robustness list of a network to which the target computer belongs;
obtaining remaining effective time of the account information in the server account robustness list if the account information in the server account robustness list includes account information of the target computer;
and determining the password strength condition corresponding to the account information as the password strength condition of the target computer under the condition that the residual effective time is greater than or equal to the preset time.
Optionally, the method further includes:
and sending an alarm message under the condition that the login password of the target computer is a weak password.
Optionally, the method further includes:
determining the remaining effective time of the account information of the target computer based on the password strength condition of the target computer under the condition that the account information in the server account robustness list does not include the account information of the target computer;
and storing the account information of the target computer, the password strength condition of the target computer and the remaining effective time of the account information of the target computer into the server account robustness list.
Optionally, the method further includes:
and sending a prompt message under the condition that the communication protocol is not the SMB protocol.
Optionally, the obtaining Net-NTLM Hash information corresponding to the login password of the target computer includes:
acquiring version information of the SMB protocol;
and acquiring Net-NTLM Hash information of the login password of the target computer corresponding to the version information based on the version information and the login password of the target computer.
Optionally, the determining, by using Net-NTLM Hash information corresponding to a built-in weak password set and a login password of the target computer, the password strength of the target computer includes:
saving Net-NTLM Hash information corresponding to the login password of the target computer;
the Net-NTLM Hash information corresponding to the login password of the target computer is cracked through hashcat based on the built-in weak password set;
and under the condition that the cracking is successful, determining that the login password of the target computer is a weak password.
In a second aspect, the present invention further provides a weak password identification apparatus, including:
the identification module is used for identifying the communication protocol of the network to which the target computer belongs;
the acquisition module is used for acquiring the login password of the target computer through a flow acquisition technology under the condition that the communication protocol is an SMB protocol;
the acquisition module is used for acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and the determining module is used for determining the password strength of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
In a third aspect, the present invention further provides an electronic device, which includes a memory and a processor, where the processor is configured to implement the steps of the weak password identification method according to any one of the first aspect when executing the computer program stored in the memory.
In a fourth aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the weak password identification method according to any one of the first aspect.
As can be seen from the foregoing technical solutions, an embodiment of the present application provides a weak password identification method, including: identifying a communication protocol of a network to which a target computer belongs; under the condition that the communication protocol is an SMB protocol, acquiring a login password of the target computer through a flow acquisition technology; acquiring Net-NTLM Hash information corresponding to the login password of the target computer; and determining the password strength condition of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer. The existing weak password identification method needs to derive SAM files from a domain server, generate a weak password hash library identical to a domain control password algorithm, perform password detection based on the weak password hash library, need to acquire administrator permission, is complex in detection process, complex in operation and high in time cost, and the weak password hash library is time-efficient, so that after the weak password hash library is used for a period of time, the risk of low detection success rate may exist, and the security of the domain server is further influenced. In the embodiment of the application, the flow of the computer in the domain server is acquired, the corresponding Net-NTLM Hash information is acquired based on the acquired login password information, and the password strength of the target computer is determined according to the matching condition of the built-in weak password set and the Net-NTLM Hash information corresponding to the login password of the target computer. Therefore, the operation of data acquisition can be simplified, the verification of the password strength in an off-line state is realized, the influence on the server in the weak password identification process is reduced, and the identification efficiency is improved.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments are briefly described below, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flow chart of a weak password identification method provided in an embodiment of the present application;
FIG. 2 is a schematic block diagram of a weak password identification apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following examples do not represent all embodiments consistent with the present application. But merely as exemplifications of systems and methods consistent with certain aspects of the application, as recited in the claims. In the several embodiments provided in the embodiments of the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways, and the apparatus embodiments described below are merely exemplary.
The weak password identification method provided by the application is shown in fig. 1 and comprises the following steps:
and step S110, identifying the communication protocol of the network to which the target computer belongs.
And step S120, acquiring the login password of the target computer through a flow acquisition technology under the condition that the communication protocol is the SMB protocol.
For example, the traffic collection technique may be to grab a data packet through a sniffer, and may monitor the state of the network, the data flow condition, and information transmitted on the network.
And step S130, acquiring Net-NTLM Hash information corresponding to the login password of the target computer.
Step S140, determining the password intensity condition of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
For example, the built-in weak password set may be set by an administrator, or may be a weak password dictionary directly obtained from the internet.
The method comprises the steps of acquiring flow of a computer in a domain server, acquiring corresponding Net-NTLM Hash information based on acquired login password information, and determining the password strength of a target computer according to the matching condition of a built-in weak password set and the Net-NTLM Hash information corresponding to the login password of the target computer. The method can simplify the operation of data acquisition, realize the verification of the password strength condition in an off-line state, reduce the influence on the server in the process of recognizing the weak password and improve the recognition efficiency.
According to some embodiments, the method further comprises:
acquiring account information of the target computer;
acquiring a server account robustness list of a network to which the target computer belongs;
acquiring the remaining effective time of the account information in the server account robustness list under the condition that the account information in the server account robustness list comprises the account information of the target computer;
and determining the password strength condition corresponding to the account information as the password strength condition of the target computer under the condition that the residual effective time is greater than or equal to the preset time.
Illustratively, the server account robustness list includes at least server IP information, operating system information, username information, weak password case information, and remaining validity period. The account information of the target computer is determined based on the server IP information, the operating system information and the user name information. The preset time may be set by an administrator, may be determined based on a history change period of the server account robustness list, or may be formed by manually importing a SAM file of the server, performing detection based on the SAM file, and summarizing detected results.
By matching the account information of the target computer with the server account robustness list of the network to which the target computer belongs, the strength period of the login password of the target computer can be obtained under the condition that the information is matched, and under the condition that the current matching time is in the strength period, the strength condition of the login password of the target computer can be directly determined, so that the identification operation can be simplified, and the identification efficiency is improved.
According to some embodiments, the method further comprises:
and sending out an alarm message under the condition that the login password of the target computer has a weak password risk.
For example, the warning message may include a weak password risk condition of the login password, account information of the target computer, and an identification time of the weak password. The alarm message may be sent through mail, syslog, weChat, and other channels. Within a preset period of sending the alarm message, the access function of the target computer can be stopped, and the access function can be recovered after the manager finishes password upgrading.
And sending an alarm message under the condition that the login password of the target computer has a weak password risk, so that the supervision efficiency of a manager can be improved, and the security risk of the domain server being invaded is reduced.
According to some embodiments, the method further comprises:
determining the remaining effective time of the account information of the target computer based on the password strength condition of the target computer under the condition that the account information in the server account robustness list does not include the account information of the target computer;
and storing the account information of the target computer, the password strength condition of the target computer and the residual effective time of the account information of the target computer into the server account robustness list.
For example, a mapping table may be established based on the strength of the password and the remaining effective time of the account information of the target computer, and in the case of new account information, a table may be directly looked up to obtain the remaining effective time of the new account under the condition of the strength of the password.
Under the condition that the account information in the server account robustness list does not include the account information of the target computer, the remaining effective time of the current password intensity degree of the target computer can be determined, the server account robustness list is updated based on the remaining effective time, the steps of password identification operation can be simplified in a period, and the identification efficiency is improved.
According to some embodiments, the method further comprises:
and sending a prompt message under the condition that the communication protocol is not the SMB protocol.
For example, the prompt message may include a communication protocol of a network to which the target computer belongs and account information of the target computer. The prompt message can be sent through the channels of mail, syslog, weChat and the like.
If the communication protocol is not the SMB protocol, it indicates that the weak password identification method is not applicable to the target computer, and therefore, a prompt message needs to be sent out in time to notify an administrator to identify the strength of the password in other ways as soon as possible, so as to improve the security of the domain server.
According to some embodiments, the obtaining Net-NTLM Hash information corresponding to the login password of the target computer includes:
acquiring version information of the SMB protocol;
and acquiring Net-NTLM Hash information of the login password of the target computer corresponding to the version information based on the version information and the login password of the target computer.
Illustratively, according to version information of the SMB protocol, a response protocol in the NTLM authentication process can be determined, and a target extraction field of the login password, a format of Net-NTLM Hash information and a challenge format can be determined based on the response protocol.
For example, in a case where the response protocol is the NTLMv2 protocol, the target computer transmits a request to a server of a network to which the target computer belongs, and upon receiving the request, the server generates a 16-bit challenge, transmits the challenge to the target computer, encrypts the challenge based on a login password of the target computer by the target computer, and transmits the encrypted challenge as a response to the server for verification. The format of the Net-NTLM Hash is as follows: and the username is the user name of the target computer, the domain is the IP information or the host name of the target computer in the data packet, the change is NTLM Server Change, the NTProofStr field in the HMAC-MD5 data packet, and the blob is replay-NTProofStr.
The version information based on the SMB protocol can more accurately determine the Net-NTLM Hash information of the login password of the target computer, can reduce the acquisition steps of the Net-NTLM Hash information, avoids determining the Net-NTLM Hash information through all versions corresponding to the SMB protocol, simplifies the operation steps of password identification, reduces the complexity of identification information and improves the identification efficiency of the strength degree of the password.
According to some embodiments, the determining the password strength of the target computer through Net-NTLM Hash information of a built-in weak password set corresponding to the login password of the target computer includes:
saving Net-NTLM Hash information corresponding to the login password of the target computer;
cracking Net-NTLM Hash information corresponding to the login password of the target computer based on the built-in weak password set through the hashcat;
and under the condition that the cracking is successful, determining the login password of the target computer to be a weak password.
For example, the response protocol in the NTLM authentication process may be determined based on version information of the SMB protocol, and the hash type information-m specified by the hash cat may be determined based on the type of the response protocol. For example, when the response protocol is the NTLMv2 protocol, the value corresponding to — m is 5600. A password cracking program can be run based on the information in the built-in weak password set through the hashcat, wherein the password cracking program can include the combination of the information in the built-in weak password set and crack Net-NTLM Hash information corresponding to the login password of the target computer.
For example, net-NTLM Hash information corresponding to a built-in weak password set may also be obtained, the Net-NTLM Hash information corresponding to the login password of the target computer may be matched with the Net-NTLM Hash information corresponding to the built-in weak password set, and the login password of the target computer is determined to be a weak password when the information matching is successful.
The Net-NTLM Hash information corresponding to the login password of the target computer is subjected to off-line blasting through the hashcat, so that the automatic and batch identification of the password strength can be realized, and the efficiency and the practicability of the password strength identification are improved.
As shown in fig. 2, fig. 2 is a schematic structural diagram of a weak password identification apparatus according to an embodiment of the present application.
The embodiment of the present application provides a weak password identification apparatus 200, which includes:
the identification module 201 is used for identifying a communication protocol of a network to which the target computer belongs;
an acquisition module 202, configured to acquire, by using a traffic acquisition technology, a login password of the target computer when the communication protocol is the SMB protocol;
an obtaining module 203, configured to obtain Net-NTLM Hash information corresponding to the login password of the target computer;
the determining module 204 is configured to determine the password strength of the target computer according to Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
A weak password identification apparatus 200 is capable of implementing each process implemented in the method embodiment of fig. 1, and is not described herein again to avoid repetition.
As shown in fig. 3, fig. 3 is a schematic structural diagram of an electronic device provided in the embodiment of the present application.
The embodiment of the present application provides an electronic device 300, which includes a memory 310, a processor 320, and a computer program 311 stored in the memory 310 and executable on the processor 320, where the processor 320 executes the computer program 311 to implement the following steps:
identifying a communication protocol of a network to which a target computer belongs;
under the condition that the communication protocol is an SMB protocol, acquiring the login password of the target computer through a flow acquisition technology;
acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and determining the password strength of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
In a specific implementation, when the processor 320 executes the computer program 311, any of the embodiments corresponding to fig. 1 may be implemented.
Since the electronic device described in this embodiment is a device used for implementing an apparatus in this embodiment, based on the method described in this embodiment, a person skilled in the art can understand the specific implementation manner of the electronic device of this embodiment and various variations thereof, so that how to implement the method in this embodiment by the electronic device is not described in detail herein, and as long as the person skilled in the art implements the device used for implementing the method in this embodiment, the device is within the scope of the present application.
As shown in fig. 4, fig. 4 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present application.
The present embodiment provides a computer-readable storage medium 400 having stored thereon a computer program 411, the computer program 411, when executed by a processor, implementing the steps of:
identifying a communication protocol of a network to which a target computer belongs;
under the condition that the communication protocol is an SMB protocol, acquiring the login password of the target computer through a flow acquisition technology;
acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and determining the password strength of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
It should be noted that, in the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to relevant descriptions of other embodiments for parts that are not described in detail in a certain embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Embodiments of the present application further provide a computer program product, which includes computer software instructions, when the computer software instructions are run on a processing device, cause the processing device to execute the flow in the weak password identification method in the corresponding embodiment of fig. 1.
The computer program product includes one or more computer instructions. The procedures or functions described above in accordance with the embodiments of the present application may be generated in whole or in part when the above computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that a computer can store or a data storage device including one or more available media, an integrated server, a data center, and the like. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), etc.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is only one type of division of logical functions, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the technical solutions of the present application, which are essential or part of the technical solutions contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the above methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In summary, the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present application.

Claims (10)

1. A weak password identification method is characterized by comprising the following steps:
identifying a communication protocol of a network to which a target computer belongs;
under the condition that the communication protocol is an SMB protocol, acquiring a login password of the target computer through a flow acquisition technology;
acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and determining the password strength of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
2. The method of claim 1, further comprising:
acquiring account information of the target computer;
acquiring a server account robustness list of a network to which the target computer belongs;
acquiring the remaining effective time of the account information in the server account robustness list if the account information in the server account robustness list includes the account information of the target computer;
and determining the password strength condition corresponding to the account information as the password strength condition of the target computer under the condition that the residual effective time is greater than or equal to the preset time.
3. The method of claim 1, further comprising:
and sending an alarm message under the condition that the login password of the target computer is a weak password.
4. The method of claim 2, further comprising:
determining the remaining effective time of the account information of the target computer based on the password strength condition of the target computer under the condition that the account information in the server account robustness list does not include the account information of the target computer;
and storing the account information of the target computer, the password strength condition of the target computer and the remaining effective time of the account information of the target computer into the server account robustness list.
5. The method of claim 1, further comprising:
and sending a prompt message under the condition that the communication protocol is not the SMB protocol.
6. The method of claim 1, wherein the obtaining Net-NTLM Hash information corresponding to the target computer's login password comprises:
acquiring version information of the SMB protocol;
and acquiring Net-NTLM Hash information of the login password of the target computer corresponding to the version information based on the version information and the login password of the target computer.
7. The method of claim 1, wherein the determining the password strength of the target computer through the Net-NTLM Hash information of the built-in weak password set corresponding to the login password of the target computer comprises:
saving Net-NTLM Hash information corresponding to the login password of the target computer;
the Net-NTLM Hash information corresponding to the login password of the target computer is cracked through hashcat based on the built-in weak password set;
and under the condition that the cracking is successful, determining that the login password of the target computer is a weak password.
8. A weak password recognition device, comprising:
the identification module is used for identifying a communication protocol of a network to which the target computer belongs;
the acquisition module is used for acquiring the login password of the target computer through a flow acquisition technology under the condition that the communication protocol is an SMB protocol;
the acquisition module is used for acquiring Net-NTLM Hash information corresponding to the login password of the target computer;
and the determining module is used for determining the password strength condition of the target computer through the Net-NTLM Hash information corresponding to the built-in weak password set and the login password of the target computer.
9. An electronic device comprising a memory, a processor, wherein the processor is configured to implement the steps of the weak password identification method of any one of claims 1 to 7 when executing a computer program stored in the memory.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program when executed by a processor implements the steps of the weak password identification method of any one of claims 1 to 7.
CN202211028425.4A 2022-08-25 2022-08-25 Weak password identification method and related equipment Pending CN115442097A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211028425.4A CN115442097A (en) 2022-08-25 2022-08-25 Weak password identification method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211028425.4A CN115442097A (en) 2022-08-25 2022-08-25 Weak password identification method and related equipment

Publications (1)

Publication Number Publication Date
CN115442097A true CN115442097A (en) 2022-12-06

Family

ID=84244406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211028425.4A Pending CN115442097A (en) 2022-08-25 2022-08-25 Weak password identification method and related equipment

Country Status (1)

Country Link
CN (1) CN115442097A (en)

Similar Documents

Publication Publication Date Title
US10135818B2 (en) User biological feature authentication method and system
CN102316112A (en) Password authentication method in network application and system
US10262122B2 (en) Analysis apparatus, analysis system, analysis method, and analysis program
US20170171188A1 (en) Non-transitory computer-readable recording medium, access monitoring method, and access monitoring apparatus
CN111898124B (en) Process access control method and device, storage medium and electronic equipment
KR101960060B1 (en) Method and apparatus for user authentication
CN110740140A (en) network information security supervision system based on cloud platform
CN103607281A (en) Safety device unlocking method and system
CN111143808B (en) System security authentication method and device, computing equipment and storage medium
CN107911232B (en) Method and device for determining business operation rule
US11916953B2 (en) Method and mechanism for detection of pass-the-hash attacks
CN107437996B (en) Identity authentication method, device and terminal
Mohammadmoradi et al. Making whitelisting-based defense work against badusb
KR101436404B1 (en) User authenticating method and apparatus
CN112398787B (en) Mailbox login verification method and device, computer equipment and storage medium
CN112583789A (en) Method, device and equipment for determining illegally logged-in login interface
CN115118504B (en) Knowledge base updating method and device, electronic equipment and storage medium
CN116782232A (en) Method and related device for detecting potential risks in real time through network security identification
CN115442097A (en) Weak password identification method and related equipment
CN107911500B (en) Method, equipment and device for positioning user based on situation awareness and storage medium
CN113127875A (en) Vulnerability processing method and related equipment
CN108234491B (en) Protocol association verification method and device and electronic equipment
CN111949952A (en) Method for processing verification code request and computer-readable storage medium
CN113938314A (en) Encrypted flow detection method and device and storage medium
WO2019159809A1 (en) Access analysis system and access analysis method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination