Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Sep 2011 00:19:49 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: MSCHAPv2 Bug

On 2011-09-26 23:29, jmk wrote:
> My MSCHAPv2 format appears to ignore entries in which the username is a
> number (e.g., 1111). I'm not really sure why this is the case, but the
> attached patch seems to correct the issue.

Lol, from a comment in pass_gen.pl it seems I wrote that down to 
Digest::SHA and worked around it (by not using numeric usernames). In 
hindsight that was a bad assumption - or let's say I trusted you :)

I see the problem. I believe the enclosed patch is more correct (and it 
adds a self-test with username of 1111 too). You were scanning the 
username for hex digits instead of line ending - I'm sure it must have 
failed for "b0b" (there actually is a bOb with capital O in the tests, 
which confused me a while) or "abe" too, for example.

magnum

>From 4adef2bf2a150d420f5b4b93c6e85ca1c4ae11f2 Mon Sep 17 00:00:00 2001
From: magnum <magnum>
Date: Tue, 27 Sep 2011 00:13:42 +0200
Subject: [PATCH] j7: fix for MSCHAPv2 bogus username length check

---
 src/MSCHAPv2_fmt_plug.c |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/MSCHAPv2_fmt_plug.c b/src/MSCHAPv2_fmt_plug.c
index 460e5e0..f50efb4 100644
--- a/src/MSCHAPv2_fmt_plug.c
+++ b/src/MSCHAPv2_fmt_plug.c
@@ -67,6 +67,7 @@
 #endif
 
 static struct fmt_tests tests[] = {
+  {"$MSCHAPv2$4c092fd3fd98236502e8591100046326$b912ce522524d33123a982cf330a57f8e953fa7974042b5d$6a4915d0ce61d42be533640a75391925$1111", "2222"},
   {"$MSCHAPv2$5B5D7C7D7B3F2F3E3C2C602132262628$82309ECD8D708B5EA08FAA3981CD83544233114A3D85D6DF$21402324255E262A28295F2B3A337C7E$User", "clientPass"},
   {"$MSCHAPv2$d07054459a1fdbc266a006f0220e6fac$33c8331a9b03b7e003f09dd253d740a2bead544143cc8bde$3545cb1d89b507a5de104435e81b14a4$testuser1", "Cricket8"},
   {"$MSCHAPv2$56d64cbe7bad61349a0b752335100eaf$d7d829d9545cef1d631b4e568ffb7586050fa3a4d02dbc0b$7f8a466cff2a6bf0c80218bbf56d76bc$fred", "OMG!BBQ!11!one"}, /* domain\fred */
@@ -143,9 +144,7 @@ static int mschapv2_valid(char *ciphertext, struct fmt_main *pFmt)
     return 0;
 
   /* Validate Username Length */
-  pos2++; pos = pos2;
-  for (; atoi16[ARCH_INDEX(*pos2)] != 0x7F; pos2++);
-  if ( !(*pos2 && (pos2 - pos <= USERNAME_LENGTH)) )
+  if (strlen(++pos2) > USERNAME_LENGTH)
     return 0;
 
   return 1;
-- 
1.7.4.1


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ