Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Jul 2015 19:46:48 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

Hi Alexander,

> And I'd test further format methods as well, perhaps those the loader
> would use.  So don't proceed to crypt_all(), but do test everything
> leading up to it.

To mimic the real cracking process, I tried to change the loader.c to reuse
for fuzzing. The last three commits reuse loader.c for fuzzing.

https://github.com/loverszhaokai/JohnTheRipper/commit/c4a3fc5c177d5a4181ca5cb3d2b72de95ab8818e
https://github.com/loverszhaokai/JohnTheRipper/commit/6300f5fae0713e740169250877a67ab9380ce71a
https://github.com/loverszhaokai/JohnTheRipper/commit/f8a6f01a12e47cb9d951a7733fa0a69af1bd6204

After reuse loader.c::ldr_load_pw_line(), --fuzz now fuzz those functions:
prepare(), valid(), init(), split(), binary(), salt(), salt_hash().
However, there
are some functions in crack.c before crypt_all(), such as set_salt(),
clear_keys(), set_key(). **Should I fuzz these functions ? **

There are 4 bugs found by the latest --fuzz.

https://github.com/loverszhaokai/JohnTheRipper/tree/fuzz_option

Bugs are below:

https://github.com/magnumripper/JohnTheRipper/issues/1548
https://github.com/magnumripper/JohnTheRipper/issues/1547
https://github.com/magnumripper/JohnTheRipper/issues/1546
https://github.com/magnumripper/JohnTheRipper/issues/1545

Thanks,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ