Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 17 Apr 2016 14:02:12 -0500
From: jfoug <jfoug@...nwall.net>
To: john-dev@...ts.openwall.com
Subject: New Feature: Calling external from rules

This is a 'talk it out' thread.  I have opened a github issue also 
(https://github.com/magnumripper/JohnTheRipper/issues/2121).  Solar 
mentioned this idea in another github thread, but in relation to the 'e' 
rule being taken while he was thinking of using it to trigger a call to 
an external script.

Here is the text from the new request issue on github:

This idea came from #2095 
<https://github.com/magnumripper/JohnTheRipper/issues/2095> 
https://github.com/magnumripper/JohnTheRipper/issues/2095

    Solar: It makes me thinking what command character we'd (eventually)
    use for executing an external mode function from a ruleset, though -
    'e' could have stood for "external" - but perhaps this should in
    fact be a separate topic

As for external being called as a rule, I really only see calling a 
filter function to modify the word, or reject it.

As for the rule to use, these are already spoken for. Note: where there 
are letters available of either case, there is a gap

|A cCdDeE f i kKlL M oOpPqQ rRsStTuUvV xXyYzZ { } [ ] () <> _ ' : / $ ^ 
# % @ ! = \ * + - . , 12 4 6|

So we can see we are getting pretty 'tight' on letters. However, for 
calling an external function, could we view this as a 'spawn', and wrap 
it in sh syntax? |`function`| ?

The ` is not used, and seems a safe bet as having to real meaning (other 
than spawn meaning from the shell languages). That way, we could even 
comment it could be a extern function or even a system spawn (Yes, I 
know Solar will not agree to this security hole, but we can wish, lol).

So a rule such as:

|\]\]$[a-f0-9]$[ -~]c`corp_complexity`|
would chop last 2 letters, append a hex, then some other ASCII char, 
then case the word, and then finally call the corp_complexity external 
script which would accept or cause the final word to be dropped as not 
meeting some corp standard, or perform some other task

-- Community volunteer for John the Ripper project.


Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ