Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Fri, 13 May 2005 10:39:57 +0200
From: Michael Behrisch <behrisch@...ormatik.hu-berlin.de>
To: john-users@...ts.openwall.com
Subject: Comparing John session files and more

Hello,
We use JtR to check our passwords on a regular basis and I would 
like to know whether something like the following would be 
considered possible from your point of view.

While testing a passwd (of say 1000 users) the users keep on 
changing passwords, thus one could try to check the new
passwords whenever they reached a certain limit (say 100).
In order not to loose the progress on the remaining 900 
passwords I would like to stop the first process, start another 
john just checking the 100 new ones and joining the two
when the second reached the state of the first.
The following questions occur:
Is it save to restore a session with a different passwd than 
it was interrupted with?
How do I know whether the second process did catch up?
(At the moment I do compare the rule number in wordlist mode 
and the entry number in incremental mode which are both recorded 
in the .rec file. Is that the right thing to do?)

Attached You will find my bash-script which runs as a daily cron job.
Maybe it's helpful.

Thanks for your help,
Michael Behrisch


-- 
Michael Behrisch (Tel. +49 30 2093-3123)
HU Berlin, Institut fuer Informatik, Arbeitsgruppe Algorithmen
http://www.informatik.hu-berlin.de/~behrisch/

#!/bin/sh

DIFF="diff --old-line-format='' --unchanged-line-format=''"
JOHN="${HOME}/john/john"
PASSWORDFILE="${HOME}/john/passwd"
NEWPASSWORDFILE="${HOME}/john/newpasswd"
DIFFPASSWORDFILE="${HOME}/john/diffpasswd"
MINDIFF=100
MAILTO="behrisch"

DIFFCOUNT=`$DIFF $PASSWORDFILE $NEWPASSWORDFILE | wc -l`
( echo -n "unchecked passwords: $DIFFCOUNT  "; $JOHN --status 2>&1 ; $JOHN 
--show $NEWPASSWORDFILE | cut -f 1,5,6 -d : ) | mail -s "Users with insecure 
passwords" $MAILTO
if [ $DIFFCOUNT -ge $MINDIFF ]; then
  cp $NEWPASSWORDFILE $PASSWORDFILE
  killall -9 john
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN $PASSWORDFILE* >/dev/null
  else
    $DIFF $PASSWORDFILE $NEWPASSWORDFILE > $DIFFPASSWORDFILE
    $JOHN --session=john2 $DIFFPASSWORDFILE >/dev/null
  fi
elif ! ps -ef | grep $JOHN | grep -v -q grep; then
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN --restore=john2 >/dev/null
  else
    $JOHN --restore >/dev/null
  fi
elif [ ${JOHN}2.rec -nt $JOHN.rec ]; then
  #if john2 is as far as john kill john2 and resume john
  PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' $JOHN.rec`
  PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' ${JOHN}
2.rec`
  if [ $PASS2 -eq $PASS ]; then
    PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' 
$JOHN.rec`
    PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' ${JOHN}
2.rec`
  fi
  if [ $PASS2 -gt $PASS ]; then
    killall -9 john
    $JOHN --restore >/dev/null
  fi
fi

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux