Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 7 May 2015 20:23:24 +0300
From: Shinnok <admin@...nnok.com>
To: john-dev@...ts.openwall.com
Subject: Re: Session names somename.[0-9]+ shouldn't be allowed


> On May 7, 2015, at 8:04 PM, Mathieu Laprise <mathlaprise@...il.com> wrote:
> 
> On Thu, May 7, 2015 at 12:45 PM, Shinnok <admin@...nnok.com <mailto:admin@...nnok.com>> wrote:
> I agree. I was more hinting Mathieu at the fact that we should use http://doc.qt.io/qt-5/qstandardpaths.html <http://doc.qt.io/qt-5/qstandardpaths.html> to figure out where to store Johnny's stuff cross-platform.
> Weather that'd be just .ini settings or include sessions too remains to be decided as a result of this thread.
> 
> Yes, I'll keep an eye on this thread to modify Johnny if it is decided to not permit dot.
> PS : This doc page is a good reference for further uses. Right now we use QDir::home() (same as QStandardPaths::HomeLocation) + /.john/.

On a second thought, we can fix this properly right now.

--
     // We create folder for us in home dir if it does not exist.
    // TODO: Are this checks are enough?
    // TODO: Claim on mkdir fails.
    // TODO: Do not do it on start up. Choose other good time.
    if (!QDir(QDir::home().filePath(".john")).exists()) {
        QDir::home().mkdir(".john");
    }
    if (!QDir(QDir(QDir::home().filePath(".john")).filePath("johnny")).exists()) {
        QDir(QDir::home().filePath(".john")).mkdir("johnny");
    }

    // Session for johnny
    m_session = QDir(
        QDir(QDir::home().filePath(
                 ".john")).filePath(
                     "johnny")).filePath(
                         "default");
---

Rewrite the above to the following:
1. Use QStandardPaths::writableLocation() for application data, store the .conf there
2. Export $JOHN to the previous path + "/sessions/" in JohnProcess. You already know how to do that.
3. Use only "johnny_default" for  m_session;

Is there reason to suspect that this won't suffice for pre and post core patch? Also this paves some of the ground work for the multi-session task.

BTW, is JtR cli ever supposed to use ~/.john, I can't find references?

Shinnok


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.