Short password security

My computer is at home so I think 4 length password is enough for avoiding my family to view my files in the normal user, what I worry about is the hackers around the LAN (including router) and the ISP (internet), but it is said if the hacker try to attack you from there they should get your root password first or the attacking is difficalt or impossible, so the root password should be very long and random. Is this true or a rumor? For the attakers from there normal user is better to have long password or it’s easy to be cracked?

And many more helpful results when using a search machine…

Longer passwords are harder to crack.

People who do penetration testing (whether ‘white hat’ or ‘black hat’) tend to look for weaknesses in system security - any weakness - and try to exploit it.

If the root password is the weak part of the system, they’ll identify that and attack it. If it’s a user account, they’ll try to exploit that instead and then use something called ‘privilege escalation’ to get more permissions on the system.

For system security, you need to assess, generally speaking, the balance between security & convenience. That is generally done by looking at the value of what you have on the system and the risk that someone’s going to (a) know that it’s there, and (b) that they’re going to be interested in what you have.

There is no reason to be overly concerned if what you have on your system has little value to an attacker. That doesn’t mean the risk is zero, but if your data isn’t interesting, they’re not going to be coming after your system.

2 Likes

I find a video ‘Simple Penetration Testing Tutorial for Beginners!’ on Youtube, the risky target are FTP or web server. Is any other video talking about user password if it is weak?

Is any other video shows that penetration test easier if password is weak.

There are probably videos or information out on the Internet - I would suggest using a search engine to find some.

If you’re not using a service on your system (ftp, web server, etc), disable it, and then someone attacking the system can’t attack those services.

But again - short passwords are weak. Simple passwords (like ‘password’ or ‘123456’) are weak. There are lots of resources out there on creating strong passwords.

A good search term would be “password strength”.

I nmap my machine from a VM, no services you are listing is found at the time. How can I scan locally scan which services running on host machine? How can I know which services run the risky protocol which can be cracked by Hydra and something else?

lsof -i -P will show you the open ports on the local system and the process that is connected to those ports.

What that won’t tell you is if the firewall port is open or not - if the port’s open, it doesn’t matter if there’s something listening or not on the port - the firewall will block access.

To look at your firewall configuration, use yast2 firewall or read the docs for using the firewall-cmd command.

As for your question regarding Hydra - there are a lot of conditions regarding whether or not it could be used on your specific setup or not. For example, http might be enabled on your system (it probably isn’t, but let’s talk hypothetically) - whether or not it could be used to compromise your system depends on whether the web server that’s listening is (a) set up to use password authentication at all, (b) if it uses passwords that are related to your system passwords, (c) if those passwords are strong or weak.

And, of course, if that instance is blocked from external access by a firewall (for example, I run several Docker containers with Apache in them, but they’re only accessible through a reverse proxy and not accessible from systems other than my own directly).

Best practice is to look at the running services on your system, and if you don’t need them, disable them. If you’re not sure if you need them, ask before disabling them so you don’t disable something that is needed by the system.

And use strong passwords, always.

My screenshot of nmap output:

2n

n1

Is there any bad results from the screenshot?

Without seeing the command you executed, it’s hard to say, but a port being open isn’t necessarily a sign of a bad configuration, either.

Rather than take screenshots, copy and paste the text as “preformatted text” (the </> button in the editor). Include both the command entered and the output all the way to the following prompt.

1 Like

My host and VM can be accessed eachother by host-only network.
My command is: sudo nmap 192.168.56.1 -sV -O -p1-65535

Not all Linux is allowed installing VirtualBox Addition.

You have two separate nmap outputs. Please include the command and output together - that provides the best picture of what you’re doing.

I don’t understand what you mean here. Are you running nmap against your system from a VirtualBox running on the same host? If so, then there are additional questions that have to be considered - like if you’re running against the host’s external IP address or the NAT or host-only interface rather than the external interface.

It’s best to do port scanning from outside the host, but again, all that will tell you is if a port is open or closed (or “filtered”, which means the connection request was denied, but not whether or not something is actually listening there). Ports being open aren’t necessarily a bad thing, depending on what it is listening.

The output of 192.168.56.1 -sV -O -p1-65535 is too long for manually type. Installing Virtualbox Additional can help you copy the text to the host. Is there any bad results from the screenshot?

I have two outputs from two VMs.

If you have the openvm tools installed, you should be able to just copy/paste from the guest to the host, if you have the options enabled in VirtualBox for that. Never manually enter text that should be copied and pasted - that can lead to errors in what’s copied and make it harder to address the information in the output.

Without knowing what you scanned (ie, what the IP address is of the destination), it’s hard to advise on the state of the host. It is better to do port scanning of a host from outside the host, not from a VM running on the host.

Which, again, doesn’t tell us anything about the host or what exactly you scanned. How is the network in the VM’s configured? Is it a NAT network, a bridged network?

As I said, filtered results are ports the system says it got no response back from, rather than a definitive “this port is closed” response from.

Port scans are not as useful as understanding what’s actually listening on the ports (with sudo lsof -i -P on the system you’re talking about) to see what is actually listening on the system, but even then, just because you have, say, ftp listening doesn’t mean the system is compromised, beacuse it depends on why you have it enabled, and whether it’s accessible from the Internet specifically (which isn’t up to your system unless your system is directly connected to the Internet, instead of connected through a router).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.