From 77a04c0981eb39bfed29bd04241f5cae1586f278 Mon Sep 17 00:00:00 2001
From: Fry <fryx0r@gmail.com>
Date: Wed, 27 Sep 2023 15:03:18 +1000
Subject: [PATCH] Expand regex for nested dirs and double timeout

---
 docker/worker/Dockerfile             | 1 +
 turbinia/lib/utils.py                | 2 ++
 turbinia/workers/analysis/jenkins.py | 4 ++--
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docker/worker/Dockerfile b/docker/worker/Dockerfile
index b21440e87..61e159140 100644
--- a/docker/worker/Dockerfile
+++ b/docker/worker/Dockerfile
@@ -158,6 +158,7 @@ RUN cd /home/turbinia && echo "" > password.lst
 RUN cd /home/turbinia && curl -s https://raw.githubusercontent.com/danielmiessler/SecLists/285474cf9bff85f3323c5a1ae436f78acd1cb62c/Passwords/UserPassCombo-Jay.txt >> password.lst
 RUN cd /home/turbinia && curl -s https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt >> password.lst
 RUN cp /home/turbinia/password.lst /root/
+RUN echo ':\nd' > /home/turbinia/turbinia.rules
 
 # Copy Kubernetes support tool to home folder
 COPY --chown=turbinia:turbinia k8s/tools/check-lockfile.py /home/turbinia/check-lockfile.py
diff --git a/turbinia/lib/utils.py b/turbinia/lib/utils.py
index abd5fe1a5..e739ff25f 100644
--- a/turbinia/lib/utils.py
+++ b/turbinia/lib/utils.py
@@ -171,6 +171,7 @@ def bruteforce_password_hashes(
 
   pot_file = os.path.join((tmp_dir or tempfile.gettempdir()), 'hashcat.pot')
   password_list_file_path = os.path.expanduser('~/password.lst')
+  password_rules_file_path = os.path.expanduser('~/turbinia.rules')
 
   # Fallback
   if not os.path.isfile(password_list_file_path):
@@ -193,6 +194,7 @@ def bruteforce_password_hashes(
     cmd = cmd + [f'--potfile-path={pot_file}']
     cmd = cmd + [
         password_hashes_file_path, password_list_file_path]
+    cmd = cmd + ['-r', password_rules_file_path]
 
   with open(os.devnull, 'w') as devnull:
     try:
diff --git a/turbinia/workers/analysis/jenkins.py b/turbinia/workers/analysis/jenkins.py
index b236ea00a..d6d14594b 100644
--- a/turbinia/workers/analysis/jenkins.py
+++ b/turbinia/workers/analysis/jenkins.py
@@ -37,7 +37,7 @@ class JenkinsAnalysisTask(TurbiniaTask):
   TASK_CONFIG = {
       # This is the length of time in seconds that the collected passwords will
       # be bruteforced.
-      'bruteforce_timeout': 300
+      'bruteforce_timeout': 600
   }
 
   def run(self, evidence, result):
@@ -72,7 +72,7 @@ def run(self, evidence, result):
 
     jenkins_artifacts = []
     jenkins_re = re.compile(
-        r'^.*jenkins[^\/]*(\/home)?(\/users\/[^\/]+)*\/config\.xml$')
+        r'^.*?jenkins[^\/]*(\/home)?(\/users)?(\/.*?)\/config\.xml$')
     for collected_artifact in collected_artifacts:
       if re.match(jenkins_re, collected_artifact):
         jenkins_artifacts.append(collected_artifact)