Date: Sun, 27 Mar 2016 19:35:46 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: External Policy Filter On Sun, Mar 27, 2016 at 7:00 PM, Rich Rumble <richrumble@...il.com> wrote: > On Sat, Mar 26, 2016 at 2:00 PM, jfoug <jfoug@...nwall.net> wrote: >> Why not some rules: >> >> [List.Rules:PolicyFilter] >> # handle all permutations with all 5 ?l?u?d?s?b >>>7/?l/?u/?d : >>>7/?l/?u/?s : >>>7/?l/?u/?b : >>>7/?l/?d/?s : >>>7/?l/?d/?b : >>>7/?l/?s/?b : >> # handle all permutations with 4 ?u?d?s?b >>>7/?u/?d/?s : >>>7/?u/?d/?b : >>>7/?u/?s/?b : >> # handle ?d?s?b >>>7/?d/?s/?b : >> # I 'think' that is it, but I am doing this off the cuff, so I may have >> missed some. > That would work much better! I didn't think to use "mask" in conf like that! This is what I think I'm going with, the colon I don't think is needed: ./john.exe -w=rockyou.txt -rules=PolicyFilter -stdout |LC_ALL='C' sort -i | LC_ALL='C' uniq >policy.dic [List.Rules:PolicyFilter] #All 4 types >7/?l/?u/?d/?s #The remaining 3 types >7/?l/?u/?d >7/?l/?u/?s >7/?l/?d/?s >7/?u/?d/?s Thanks again! >> Then simply run: >> ./john -w=rocku.txt -rules=PolicyFilter -stdout | unique >> rockyou-policy-filter.dic >> >> $ wc rockyou.txt >> 14344391 14442062 139921497 rockyou.txt >> >> $ ../john -w=rockyou.txt -rules=PolicyFilter -stdout | ../unique >> rockyou-policy.dic >> Press 'q' or Ctrl-C to abort, almost any other key for status >> 747744p 0:00:00:11 100.00% (2016-03-26 12:53) 63909p/s 957£}~w0¬z?>4ko >> Total lines read 747744 Unique lines written 645347 >> >> So it completed in under 15s and built a file that was 22x smaller than >> rockyou.txt >> but contains only data that would likely pass the policy rules (note I say >> likely because >> it will depend upon code pages, etc, and the ?b does not map directly to >> unicode). >> >> This would not be a great method for a fast hash, but then if whoever wrote >> the login code >> was dumb enough to use a fast hash, then they certainly would not have been >> smart enough >> to use a policy like this, lol. > Nice work, thanks again! > -rich >> >> On 3/25/2016 8:02 PM, Rich Rumble wrote: >>> >>> I've been on many threads and re-read everything I can, but I can't >>> figure out how to change [List.External:Policy] to be closer to how >>> Microsoft has implemented their default complexity policy for >>> passwords. >>> https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx >>> I'm only interested in making that policy do more dynamic matching... >>> meaning instead of filtering on static character classes (?u?l?d, >>> ?u?l?s, ?u?s?d etc...) have do more if not at least 3 of these >>> combinations of classes, then reject. >>> So allow: ( >7 ) >>> Asdf12#$ (?u?l?d?s) >>> Asdf1234 (?u?d?l) >>> ABCD3fgh (?u?d?l) >>> asdf@$$1 (?l?s?d) >>> A@...5%% (u?l?d?s) >>> >>> Maybe a perl or regex script is better suited for the task, especially >>> since I can't seem to get the length to go beyond 8 in my version of >>> jtr. >>> ./john.exe -w=rockyou.txt -external=policy -stdout >>> The regex's I've come across haven't been working to my satisfaction. >>> -rich >> >> >> -- >> Community volunteer for John the Ripper project. >>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.