Date: Sun, 27 Mar 2016 19:00:02 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: External Policy Filter On Sat, Mar 26, 2016 at 2:00 PM, jfoug <jfoug@...nwall.net> wrote: > Why not some rules: > > [List.Rules:PolicyFilter] > # handle all permutations with all 5 ?l?u?d?s?b >>7/?l/?u/?d : >>7/?l/?u/?s : >>7/?l/?u/?b : >>7/?l/?d/?s : >>7/?l/?d/?b : >>7/?l/?s/?b : > # handle all permutations with 4 ?u?d?s?b >>7/?u/?d/?s : >>7/?u/?d/?b : >>7/?u/?s/?b : > # handle ?d?s?b >>7/?d/?s/?b : > # I 'think' that is it, but I am doing this off the cuff, so I may have > missed some. That would work much better! I didn't think to use "mask" in conf like that! > Then simply run: > ./john -w=rocku.txt -rules=PolicyFilter -stdout | unique > rockyou-policy-filter.dic > > $ wc rockyou.txt > 14344391 14442062 139921497 rockyou.txt > > $ ../john -w=rockyou.txt -rules=PolicyFilter -stdout | ../unique > rockyou-policy.dic > Press 'q' or Ctrl-C to abort, almost any other key for status > 747744p 0:00:00:11 100.00% (2016-03-26 12:53) 63909p/s 957£}~w0¬z?>4ko > Total lines read 747744 Unique lines written 645347 > > So it completed in under 15s and built a file that was 22x smaller than > rockyou.txt > but contains only data that would likely pass the policy rules (note I say > likely because > it will depend upon code pages, etc, and the ?b does not map directly to > unicode). > > This would not be a great method for a fast hash, but then if whoever wrote > the login code > was dumb enough to use a fast hash, then they certainly would not have been > smart enough > to use a policy like this, lol. Nice work, thanks again! -rich > > On 3/25/2016 8:02 PM, Rich Rumble wrote: >> >> I've been on many threads and re-read everything I can, but I can't >> figure out how to change [List.External:Policy] to be closer to how >> Microsoft has implemented their default complexity policy for >> passwords. >> https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx >> I'm only interested in making that policy do more dynamic matching... >> meaning instead of filtering on static character classes (?u?l?d, >> ?u?l?s, ?u?s?d etc...) have do more if not at least 3 of these >> combinations of classes, then reject. >> So allow: ( >7 ) >> Asdf12#$ (?u?l?d?s) >> Asdf1234 (?u?d?l) >> ABCD3fgh (?u?d?l) >> asdf@$$1 (?l?s?d) >> A@...5%% (u?l?d?s) >> >> Maybe a perl or regex script is better suited for the task, especially >> since I can't seem to get the length to go beyond 8 in my version of >> jtr. >> ./john.exe -w=rockyou.txt -external=policy -stdout >> The regex's I've come across haven't been working to my satisfaction. >> -rich > > > -- > Community volunteer for John the Ripper project. >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.