Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 9 Aug 2012 10:59:24 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Aleksey's daily status report #3

On Wed, Aug 08, 2012 at 11:12:53PM +0200, Frank Dittrich wrote:
> On 08/08/2012 09:49 PM, Aleksey Cherepanov wrote:
> > Done
> > 
> > - session restoration with one default session
> 
> Great. I just tested it, seems to work as expected.
> What is the "Open Last Session" button for? When does it get active?

When opened file is not the file from last session this button is
activated. Either open other file or just restart johnny (so no file
would be opened).

> >   Unusual usage brings minor problems.
> 
> What kind of "unusual usage"? Can you do that from within the GUI?
> Or does it involve mixed command line and GUI usage?
> What minor problems?

If there two johnnies and john already runs then other johnny could
overwrite file with file name but john will not overwrite .rec file so
supportive file does not reflect content of .rec file. I could remove
.rec if user asks to overwrite session file.

Other problem is that if all hashes are cracked and stored session
is not for that file then "start attack" asks about overwriting but
john does not overwrite file because all hashes are cracked and we get
old .rec file. We could restore this session but johnny could not show
results in table because table is filled with values from other file.

> > - pwdump format and lonely hashes loading
> 
> I did nit test this. I assume you did?

I tried different variants. It does not seem to produce problems. The
only minor thing is that I attack 2 field (uid) in pwdump format to
gecos while in original file they are not together.

Gecos is done by one field.

ntlm hashes are not supported.

> > To do
> > 
> > - --users and similar options
> > - trick with original hash in gecos
> 
> I don't know which trick you are talking about.

I plan to make copy of passwd file where hash is in gecos field so
`john --show` shows original hash together with password so I could
put password into table reliably.

BTW I do not need fifo here because I craft file once and then call
`john --show` many times.

> > - make config to live in ~/.john
> 
> I'd change the order, put the config into ~/.john  directory first.
> (And can you please get rid of spaces in the config file name?)

Ok. Spaces are in name because I do not specify name for config: qt
calculates it itself from application name. I'll put config into
~/.john/johnny.conf .

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ