1 Reply Latest reply: Jun 4, 2010 7:14 AM by Vinz42 RSS

Windows File Contents Compliance Checks : regexp pattern to find password

Hi,

 

I have build this .audit file to match passwords in file :

<check_type : "WindowsFiles">
<item>
 type  : FILE_CONTENT_CHECK
 description : "File contains a password"
 file_extension: "txt" | "doc" | "xls" 
 regex  : "pass(.+)"
 expect  : "."
 max_size  : "50K"
 only_show : "4"
include_paths: "e:\"
</item>
</check_type>


here is my test file (pass.txt) that nessus will search in :

pass= testpass
PASS=testPASS
pass : test:pass

 

I would like to have a output like :

"File contains a password" : [FAILED]
- error message: 
The following files do not match your policy :
Share: E$, path: \pass.txt (XXXXpass)
Share: E$, path: \pass.txt (XXXXPASS)Share: E$, path: \pass.txt (XXXXXpass)


As my regexp skill definitively need an upgrade, can someone help me building the ultimate password matcher regular expression  ?

 

Thanks, Vincent

  • Re: Windows File Contents Compliance Checks : regexp pattern to find password

    this is maybe not ultimate, but some progress that i wanted to share :

     

    <check_type : "WindowsFiles">
    <item>
     type  : FILE_CONTENT_CHECK
     description : "File contains a password"
     file_extension: "txt" | "doc" | "xls" | "cmd" | "DAT" | "bat"
     regex  : "[m,M][d,D][p,P][ \t]*(.*)|[p,P][a,A][s,S][s,S][ \t]*(.*)|[p,P][w,W][d,D][ \t]*(.*)"
     #regex_replace : "\0"
     expect  : "."
     #max_size  : "3K"
     only_show : "4"
    #exclude_paths: "c:\" | "d:\" | "e:\"
    #include_paths: "o:\" 
    </item>
    </check_type>