Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Mar 2016 19:35:46 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: External Policy Filter

On Sun, Mar 27, 2016 at 7:00 PM, Rich Rumble <richrumble@...il.com> wrote:
> On Sat, Mar 26, 2016 at 2:00 PM, jfoug <jfoug@...nwall.net> wrote:
>> Why not some rules:
>>
>> [List.Rules:PolicyFilter]
>> # handle all permutations with all 5 ?l?u?d?s?b
>>>7/?l/?u/?d :
>>>7/?l/?u/?s :
>>>7/?l/?u/?b :
>>>7/?l/?d/?s :
>>>7/?l/?d/?b :
>>>7/?l/?s/?b :
>> # handle all permutations with 4 ?u?d?s?b
>>>7/?u/?d/?s :
>>>7/?u/?d/?b :
>>>7/?u/?s/?b :
>> # handle  ?d?s?b
>>>7/?d/?s/?b :
>> # I 'think' that is it, but I am doing this off the cuff, so I may have
>> missed some.
> That would work much better! I didn't think to use "mask" in conf like that!
This is what I think I'm going with, the colon I don't think is needed:
./john.exe -w=rockyou.txt -rules=PolicyFilter -stdout |LC_ALL='C' sort
-i | LC_ALL='C' uniq >policy.dic

[List.Rules:PolicyFilter]
#All 4 types
>7/?l/?u/?d/?s
#The remaining 3 types
>7/?l/?u/?d
>7/?l/?u/?s
>7/?l/?d/?s
>7/?u/?d/?s

Thanks again!
>> Then simply run:
>> ./john -w=rocku.txt -rules=PolicyFilter -stdout | unique
>> rockyou-policy-filter.dic
>>
>> $ wc rockyou.txt
>>  14344391  14442062 139921497 rockyou.txt
>>
>> $ ../john -w=rockyou.txt -rules=PolicyFilter -stdout | ../unique
>> rockyou-policy.dic
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 747744p 0:00:00:11 100.00% (2016-03-26 12:53) 63909p/s 957£}~w0¬z?>4ko
>> Total lines read 747744 Unique lines written 645347
>>
>> So it completed in under 15s and built a file that was 22x smaller than
>> rockyou.txt
>> but contains only data that would likely pass the policy rules (note I say
>> likely because
>> it will depend upon code pages, etc, and the ?b does not map directly to
>> unicode).
>>
>> This would not be a great method for a fast hash, but then if whoever wrote
>> the login code
>> was dumb enough to use a fast hash, then they certainly would not have been
>> smart enough
>> to use a policy like this, lol.
> Nice work, thanks again!
> -rich
>>
>> On 3/25/2016 8:02 PM, Rich Rumble wrote:
>>>
>>> I've been on many threads and re-read everything I can, but I can't
>>> figure out how to change [List.External:Policy] to be closer to how
>>> Microsoft has implemented their default complexity policy for
>>> passwords.
>>> https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx
>>> I'm only interested in making that policy do more dynamic matching...
>>> meaning instead of filtering on static character classes (?u?l?d,
>>> ?u?l?s, ?u?s?d etc...) have do more if not at least 3 of these
>>> combinations of classes, then reject.
>>> So allow: ( >7 )
>>> Asdf12#$  (?u?l?d?s)
>>> Asdf1234   (?u?d?l)
>>> ABCD3fgh (?u?d?l)
>>> asdf@$$1  (?l?s?d)
>>> A@...5%% (u?l?d?s)
>>>
>>> Maybe a perl or regex script is better suited for the task, especially
>>> since I can't seem to get the length to go beyond 8 in my version of
>>> jtr.
>>> ./john.exe -w=rockyou.txt -external=policy -stdout
>>> The regex's I've come across haven't been working to my satisfaction.
>>> -rich
>>
>>
>> --
>> Community volunteer for John the Ripper project.
>>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.