Monday, February 4, 2008

Perl Script To Mail Users JTR Password Warnings

Hey there,

Today's post harkens back to an earlier post regarding a popular password cracking program called John The Ripper (JTR).

This Perl script we've put together for today will run equally well on Unix or Linux and takes the output file of a JTR run as its input. Then, it mails every account with a cracked password a little reminder note. The default filename JTR uses to save the passwords its cracked is called john.pot, so I'll use that in our example. You can, theoretically, change that output file name (which would change this script's input file name) to whatever you want.

You'd run the following script like so:

./pwwarn.pl <john.pot

You'll note that we're not reading the ARGV array to get the argument for the file name in the script, but rather reading from the standard input file descriptor (STDIN or <>). This should make it easier to integrate into any larger Perl script you've already written.

Hopefully this will help save you some administrative hassle. Also, hopefully, the automated password generation used to print the "threat password" (as in: You really don't want us to change it to this, do you? ;) will work to bring people over to your side of the security fence.

Cheers,


Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/usr/bin/perl

# pwwarn.pl
# Take output from JTR and send reminders via
# email to folks with really bad passwords
#
# 2008 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

$tripwire = 0;
while ( <> ) {
if ( $_ =~ /^Loaded/ ) {
$tripwire = 1;
}
if ( $_ =~ /^Subject/ ) {
$hostname = $_;
chomp($hostname);
$hostname =~ s/.*Cracked on (.*)/$1/;
}
next if ( ! $tripwire );
next if ( $_ =~ /^Loaded/ );
next if ( $_ =~ /^guess/ );
next if ( $_ =~ /^ * *$/ );
push(@passwd, $_);
}

foreach $entry (@passwd) {
if ( $entry =~ /\(/ ) {
$entry =~ s/\(//;
$entry =~ s/\)//;
@entrees = split(/\s+/,$entry);
$entries{$entrees[1]} = $entrees[0];
}
}
foreach $key ( sort {$a <=> $b} keys %entries ) {

$random = rand('netstat -a'*10000);
$count=0;
$newpassword = "";
while ( $count < 8 ) {
$tester = rand('netstat -a')*100;
if ( $tester < 33 ) {
$tester += 33;
} elsif ( $tester > 93 ) {
$tester -= 7;
}
$newpassletter = sprintf("%c", $tester);
$newpassword .= $newpassletter;
$count++;
}
$newpassword =~ s/ ?//g;

open(MAILER, "|/usr/lib/sendmail -t ${key}\@xyz.com");
select MAILER;
print MAILER "Subject: Cracked Password\n";
print MAILER "From: sysadmin\@xyz.com\n";
print MAILER "Reply-To: sysadmin\@xyz.com\n";
print MAILER "This is an automatically generated notice.\n";
print MAILER "Do not reply to this letter.\n";
print MAILER "Replies will not be answered.\n";
print MAILER "\n";
print MAILER "The password for your account on $hostname was\n";
printf("cracked in %2.2f seconds.\n", $random);
print MAILER " username: $key\n";
print MAILER " password: $entries{$key}\n";
print MAILER "\n";
print MAILER " In the best-case scenario, a malicious user\n";
print MAILER "could have logged in as you and performed operations\n";
print MAILER "as you. In the worst-case scenario, someone could\n";
print MAILER "have logged in as you and used your account to wage\n";
print MAILER "an attack against this machine or other machines on \n";
print MAILER "the network.\n";
print MAILER " Please change your password immediately. After a\n";
print MAILER "certain amount of warnings, your password will be changed\n";
print MAILER "for you to something ugly like:\n";
print MAILER "\n";
print MAILER " $newpassword\n";
print MAILER "\n";
print MAILER " If you want to change it, and do not know how, please\n";
print MAILER "contact help\@xyz.com\n";
print MAILER "\n";
print MAILER " Remember, the security of the entire network depends on the\n";
print MAILER "security of its parts.\n";
print MAILER "\n";
print MAILER " Thank you,\n";
print MAILER " System Administration\n";
print MAILER "\n";
}


, Mike