My computer is at home so I think 4 length password is enough for avoiding my family to view my files in the normal user, what I worry about is the hackers around the LAN (including router) and the ISP (internet), but it is said if the hacker try to attack you from there they should get your root password first or the attacking is difficalt or impossible, so the root password should be very long and random. Is this true or a rumor? For the attakers from there normal user is better to have long password or itâs easy to be cracked?
People who do penetration testing (whether âwhite hatâ or âblack hatâ) tend to look for weaknesses in system security - any weakness - and try to exploit it.
If the root password is the weak part of the system, theyâll identify that and attack it. If itâs a user account, theyâll try to exploit that instead and then use something called âprivilege escalationâ to get more permissions on the system.
For system security, you need to assess, generally speaking, the balance between security & convenience. That is generally done by looking at the value of what you have on the system and the risk that someoneâs going to (a) know that itâs there, and (b) that theyâre going to be interested in what you have.
There is no reason to be overly concerned if what you have on your system has little value to an attacker. That doesnât mean the risk is zero, but if your data isnât interesting, theyâre not going to be coming after your system.
I find a video âSimple Penetration Testing Tutorial for Beginners!â on Youtube, the risky target are FTP or web server. Is any other video talking about user password if it is weak?
There are probably videos or information out on the Internet - I would suggest using a search engine to find some.
If youâre not using a service on your system (ftp, web server, etc), disable it, and then someone attacking the system canât attack those services.
But again - short passwords are weak. Simple passwords (like âpasswordâ or â123456â) are weak. There are lots of resources out there on creating strong passwords.
A good search term would be âpassword strengthâ.
I nmap my machine from a VM, no services you are listing is found at the time. How can I scan locally scan which services running on host machine? How can I know which services run the risky protocol which can be cracked by Hydra and something else?
lsof -i -P will show you the open ports on the local system and the process that is connected to those ports.
What that wonât tell you is if the firewall port is open or not - if the portâs open, it doesnât matter if thereâs something listening or not on the port - the firewall will block access.
To look at your firewall configuration, use yast2 firewall or read the docs for using the firewall-cmd command.
As for your question regarding Hydra - there are a lot of conditions regarding whether or not it could be used on your specific setup or not. For example, http might be enabled on your system (it probably isnât, but letâs talk hypothetically) - whether or not it could be used to compromise your system depends on whether the web server thatâs listening is (a) set up to use password authentication at all, (b) if it uses passwords that are related to your system passwords, (c) if those passwords are strong or weak.
And, of course, if that instance is blocked from external access by a firewall (for example, I run several Docker containers with Apache in them, but theyâre only accessible through a reverse proxy and not accessible from systems other than my own directly).
Best practice is to look at the running services on your system, and if you donât need them, disable them. If youâre not sure if you need them, ask before disabling them so you donât disable something that is needed by the system.
Without seeing the command you executed, itâs hard to say, but a port being open isnât necessarily a sign of a bad configuration, either.
Rather than take screenshots, copy and paste the text as âpreformatted textâ (the </> button in the editor). Include both the command entered and the output all the way to the following prompt.
You have two separate nmap outputs. Please include the command and output together - that provides the best picture of what youâre doing.
I donât understand what you mean here. Are you running nmap against your system from a VirtualBox running on the same host? If so, then there are additional questions that have to be considered - like if youâre running against the hostâs external IP address or the NAT or host-only interface rather than the external interface.
Itâs best to do port scanning from outside the host, but again, all that will tell you is if a port is open or closed (or âfilteredâ, which means the connection request was denied, but not whether or not something is actually listening there). Ports being open arenât necessarily a bad thing, depending on what it is listening.
The output of 192.168.56.1 -sV -O -p1-65535 is too long for manually type. Installing Virtualbox Additional can help you copy the text to the host. Is there any bad results from the screenshot?
If you have the openvm tools installed, you should be able to just copy/paste from the guest to the host, if you have the options enabled in VirtualBox for that. Never manually enter text that should be copied and pasted - that can lead to errors in whatâs copied and make it harder to address the information in the output.
Without knowing what you scanned (ie, what the IP address is of the destination), itâs hard to advise on the state of the host. It is better to do port scanning of a host from outside the host, not from a VM running on the host.
Which, again, doesnât tell us anything about the host or what exactly you scanned. How is the network in the VMâs configured? Is it a NAT network, a bridged network?
As I said, filtered results are ports the system says it got no response back from, rather than a definitive âthis port is closedâ response from.
Port scans are not as useful as understanding whatâs actually listening on the ports (with sudo lsof -i -P on the system youâre talking about) to see what is actually listening on the system, but even then, just because you have, say, ftp listening doesnât mean the system is compromised, beacuse it depends on why you have it enabled, and whether itâs accessible from the Internet specifically (which isnât up to your system unless your system is directly connected to the Internet, instead of connected through a router).