Search

CN-116545752-B - Method for realizing zero-miss-report rate high-efficiency blasting weak password

CN116545752BCN 116545752 BCN116545752 BCN 116545752BCN-116545752-B

Abstract

The invention provides a method for realizing zero-miss-report rate high-efficiency blasting of a weak password, which aims to realize the high-performance zero-miss-report weak password blasting method in a high-concurrency programming and error re-scanning mode. According to the method, the producer queue and the consumer cooperative distance are set, the blasting weak password task is uniformly distributed to a plurality of cooperative distances, the blasting weak password task is operated at high concurrency, and then the scanning failure task caused by the non-password authentication error of the weak password is scanned again, so that the zero report missing rate scanning is realized. The invention provides an effective method for realizing the high-efficiency blasting weak password with zero report missing rate, which improves the blasting efficiency of the weak password and realizes the scanning of zero report missing scanning rate.

Inventors

  • WU CHUNMING
  • HUANG LUMING
  • TANG XIN
  • WU ZHIYU
  • BIAN ZHENKUN

Assignees

  • 浙江大学

Dates

Publication Date
20260508
Application Date
20230607

Claims (7)

  1. 1. The method for realizing the zero-leakage-rate high-efficiency blasting weak password is characterized by comprising the following steps of: (1) Firstly, establishing a 13-tuple blasting weak password model M, wherein the model M is expressed as: M=(n,A * ,A,U,P,f,E,Q,C,T,T * ,R,H); wherein n is the set concurrent cooperative number; The method comprises the steps of collecting network addresses, wherein one network address consists of IP and ports, w is the number of the network addresses, A= { a 1 ,a 2 ,...,a x } is a surviving network address set, x is the number of surviving network addresses, U= { U 1 ,u 2 ,...,u y } is a user name set, y is the number of user names, P= { P 1 ,p 2 ,...,p z } is a password set, z is the number of passwords, f is a single password authentication scanning function used for verifying whether (a i ,u j ,p k ) is a valid password, the return value of the password is an error abnormal value, E is an error abnormal set of invalid scanning, tasks corresponding to errors belonging to the set need to be retried for scanning, Q is a scanning task producer queue, the capacity of which is the set concurrent cooperative range number n, C= (C 1 ,C 2 ,...,C n ) is a scanning task consumer cooperative range pool, T is a scanning task set, T * is a failure task set, R is a blasting result set, storing tasks which have been blasted successfully, H is a hash value set, and storing task values which have been blasted successfully; (2) The blasting weak password process is realized by generating a blasting weak password task set according to a survival network address set, a user name set and a password set, uniformly distributing the blasting weak password task to a plurality of cooperative paths through setting a producer queue and a consumer cooperative path, and completing the high-concurrency operation of the blasting weak password task, wherein the survival network address and the user name pair which are successfully cracked are not scanned any more, and then the task which is failed to be scanned due to the failure of weak password non-password authentication is scanned again, so that zero-missing report rate scanning is realized.
  2. 2. The method for implementing the zero-miss rate high-efficiency blasting weak password according to claim 1, wherein the single-pass password authentication scanning function f is a password authentication scanning function for ssh, redis, mysql, postgresql, mssql and mondab services.
  3. 3. The method for implementing the zero-miss rate high-efficiency explosion weak password according to claim 1, wherein the error exception set E of the invalid scan comprises error exceptions of "connection reset by peer", "Timeout" and "EOF".
  4. 4. The method for realizing the zero-leakage-rate high-efficiency blasting weak password according to claim 1, wherein the step (2) is specifically as follows: (2.1) initializing a concurrent protocol number n of the model M, a network address set a * , a user name set U, a password set P, a one-time password authentication scan function f, an error exception set E of invalid scans, and initializing surviving network address sets A, T, T * , R, and H according to the input parameters; (2.2) traversing network Address set A * for any network Address Attempts to detect survival if Is a surviving network address, added to the surviving network address set a, the a= { a| CHECKALIVE (A) = true a e a * }, otherwise, discarded; (2.3) generating a scanning task set T based on the Cartesian products of the survival network address set A, the user name set U and the password set P, further generating n consumer cooperation courses, wherein each consumer cooperation course is in a starvation state, calculating a task hash value H for each task (a i ,u j ,p k ) to be entered, wherein a i ∈A,u j ∈U,p k epsilon P, if H epsilon H, the password P ′ corresponding to the network address user name pair (a i ,u j ) is cracked, the scanning task is directly ended without scanning operation, otherwise, entering scanning the task (a i ,u j ,p k ), and initiating an error value obtained by connecting a corresponding service from a client to a network address of a server: e=f(a i ,u j ,p k ); if the error outlier e is null, the connection is successful, the cracking is successful, the (a i ,u j ,p k ) is added into the blasting result set, and the task hash value H is added into the hash value set H: R=R∪{(a i ,u j ,p k )}; H=H∪{h}; Otherwise, the connection failure is represented, and whether E is in an error anomaly set E of invalid blasting is judged; If E E is E, the scanning is invalid, and the scanning is added into a invalidation task set T * , and the mathematical expression is as follows: T * =T * ∪{(a i ,u j ,p k )}; Otherwise, the scanning is indicated to be failed to be cracked due to the password error, and the scanning task is directly ended; (2.5) initializing a scanning task producer queue Q with the capacity of n, traversing the scanning task set T and adding the scanning task set T into the scanning task producer queue Q; (2.6) waiting for n coroutines to run out the scanning task, and generating a new task set T according to the failure task set T * : If it is Then And (3) jumping to (2.4) to rescan invalid task, otherwise, outputting a blasting result set R after all tasks are successfully scanned, and ending the weak key blasting flow.
  5. 5. The method for realizing the zero-leakage-rate high-efficiency blasting weak password according to claim 4, wherein the step (2.3) is characterized by calculating a mathematical expression of a task hash value; h=hash(a i ,u j )。
  6. 6. The method for implementing the zero-miss rate high-efficiency explosion weak password according to claim 4, wherein in the step (2.3), a scan task set is generated based on a cartesian product of the surviving network address set a, the user name set U and the password set P, and a mathematical expression of the scan task set T is as follows: T=A×U×P; ={(a 1 ,u 1 ,p 1 ),(a 1 ,u 1 ,p 2 ),...,(a x ,u y ,p z )}.
  7. 7. The method for implementing the zero-leakage-rate high-efficiency explosion weak password according to claim 4, wherein the hash function in the step (2.6) is any one of hash functions of a message digest algorithm MD5 and SHA-1.

Description

Method for realizing zero-miss-report rate high-efficiency blasting weak password Technical Field The invention belongs to the technical field of network security, and particularly relates to a method for realizing zero-miss-report rate high-efficiency blasting weak passwords. Background With the continuous expansion of internet services, the network security risks and the daily increases faced by the internet. Hacker security events frequently and increasingly strict security supervision make internet enterprises pay more attention to information security, and most internet enterprises establish own security defense systems. To verify the effective defenses of the security defenses, red and blue attacks and defenses have arisen. Weak password blasting tools are tools commonly used by red teams in network security exercises, and red team attackers often find security breaches of the system by using the weak password blasting tools. However, the conventional weak password blasting tool often has the problems of too low blasting efficiency or missing report caused by too large concurrent thread number setting, and how to improve the weak password blasting efficiency and solve the defect of missing report of the blasting tool is a key problem. Disclosure of Invention The invention aims to provide a method for realizing zero-leakage-rate high-efficiency blasting weak password aiming at the defects of the prior art. The invention is realized by the following technical scheme that the method for realizing the zero-miss-report rate high-efficiency blasting weak password comprises the following steps: (1) Firstly, establishing a blasting weak password model M of 13 tuples; (2) The blasting weak password process is realized by generating a blasting weak password task set according to a survival network address set, a user name set and a password set, uniformly distributing the blasting weak password task to a plurality of cooperative paths through setting a producer queue and a consumer cooperative path, and completing the high-concurrency operation of the blasting weak password task, wherein the survival network address and the user name pair which are successfully cracked are not scanned any more, and then the task which is failed to be scanned due to the failure of weak password non-password authentication is scanned again, so that zero-missing report rate scanning is realized. Further, the representation of the model M of step (1) is: M=(n,A*,A,U,P,f,E,Q,C,T,T*,R,H); wherein n is the set concurrent cooperative number; The method comprises the steps of collecting network addresses, wherein one network address consists of IP and ports, w is the number of the network addresses, A= { a 1,a2,...,ax } is a surviving network address set, x is the number of surviving network addresses, U= { U 1,u2,...,uy } is a user name set, y is the number of user names, P= { P 1,p2,...,pz } is a password set, z is the number of passwords, f is a one-time password authentication scanning function used for verifying whether (a i,uj,pk) is a valid password, the return value of the one-time password authentication scanning function is an error abnormal value, E is an error abnormal set of invalid scanning, tasks corresponding to errors belonging to the set need to be retried to be scanned, Q is a scanning task producer queue, the capacity of which is the set concurrent cooperative range number n, C= (C 1,C2,...,Cn) is a scanning task consumer cooperative range pool, T is a scanning task set, T * is a failure task set, R is a blasting result set, a task which is successfully blasted is stored, H is a hash value set which is successfully blasted. Specifically, the one-time password authentication scan function f is a password authentication scan function for ssh, redis, mysql, postgresql, mssql and mondab services. Specifically, the error anomaly set E of the invalid blasting includes error anomalies of "connection reset by peer", "Timeout", "EOF". Further, the step (2) specifically comprises: (2.1) initializing a concurrent protocol number n of the model M, a network address set a *, a user name set U, a password set P, a one-time password authentication scan function f, an error exception set E of invalid scans, and initializing surviving network address sets A, T, T *, R, and H according to the input parameters; (2.2) traversing network Address set A * for any network Address Attempts to detect survival ifIs a surviving network address, added to the surviving network address set a, the a= { a| CHECKALIVE (A) = true a e a * }, otherwise, discarded; (2.3) generating a scanning task set T based on the Cartesian products of the survival network address set A, the user name set U and the password set P, further generating n consumer cooperation courses, wherein each consumer cooperation course is in a starvation state, calculating a task hash value H for each task (a i,uj,pk) to be entered, wherein a i∈A,uj∈U,pk epsilon P, if H epsilon H, t