Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 May 2005 10:39:57 +0200
From: Michael Behrisch <behrisch@...ormatik.hu-berlin.de>
To: john-users@...ts.openwall.com
Subject: Comparing John session files and more

Hello,
We use JtR to check our passwords on a regular basis and I would 
like to know whether something like the following would be 
considered possible from your point of view.

While testing a passwd (of say 1000 users) the users keep on 
changing passwords, thus one could try to check the new
passwords whenever they reached a certain limit (say 100).
In order not to loose the progress on the remaining 900 
passwords I would like to stop the first process, start another 
john just checking the 100 new ones and joining the two
when the second reached the state of the first.
The following questions occur:
Is it save to restore a session with a different passwd than 
it was interrupted with?
How do I know whether the second process did catch up?
(At the moment I do compare the rule number in wordlist mode 
and the entry number in incremental mode which are both recorded 
in the .rec file. Is that the right thing to do?)

Attached You will find my bash-script which runs as a daily cron job.
Maybe it's helpful.

Thanks for your help,
Michael Behrisch


-- 
Michael Behrisch (Tel. +49 30 2093-3123)
HU Berlin, Institut fuer Informatik, Arbeitsgruppe Algorithmen
http://www.informatik.hu-berlin.de/~behrisch/

#!/bin/sh

DIFF="diff --old-line-format='' --unchanged-line-format=''"
JOHN="${HOME}/john/john"
PASSWORDFILE="${HOME}/john/passwd"
NEWPASSWORDFILE="${HOME}/john/newpasswd"
DIFFPASSWORDFILE="${HOME}/john/diffpasswd"
MINDIFF=100
MAILTO="behrisch"

DIFFCOUNT=`$DIFF $PASSWORDFILE $NEWPASSWORDFILE | wc -l`
( echo -n "unchecked passwords: $DIFFCOUNT  "; $JOHN --status 2>&1 ; $JOHN 
--show $NEWPASSWORDFILE | cut -f 1,5,6 -d : ) | mail -s "Users with insecure 
passwords" $MAILTO
if [ $DIFFCOUNT -ge $MINDIFF ]; then
  cp $NEWPASSWORDFILE $PASSWORDFILE
  killall -9 john
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN $PASSWORDFILE* >/dev/null
  else
    $DIFF $PASSWORDFILE $NEWPASSWORDFILE > $DIFFPASSWORDFILE
    $JOHN --session=john2 $DIFFPASSWORDFILE >/dev/null
  fi
elif ! ps -ef | grep $JOHN | grep -v -q grep; then
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN --restore=john2 >/dev/null
  else
    $JOHN --restore >/dev/null
  fi
elif [ ${JOHN}2.rec -nt $JOHN.rec ]; then
  #if john2 is as far as john kill john2 and resume john
  PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' $JOHN.rec`
  PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' ${JOHN}
2.rec`
  if [ $PASS2 -eq $PASS ]; then
    PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' 
$JOHN.rec`
    PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' ${JOHN}
2.rec`
  fi
  if [ $PASS2 -gt $PASS ]; then
    killall -9 john
    $JOHN --restore >/dev/null
  fi
fi

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ