Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 May 2006 00:45:20 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: john --format=NT segfaults when using wrong password file forma

I wrote:
>The offending strncpy is in the patched loader.c
>
>@@ -206,10 +207,27 @@
>                if (!strncmp(*ciphertext, "NO PASSWORD", 11))
>                        *ciphertext = "";
>
>+                /* NT loader hack starts here ! */
>+
>+                if (options.format && (strncmp(options.format,
>"nt", 2)==0)) {
>+
>+                        tmp = ldr_get_field(&line);
>+                        *ciphertext = tmp;
>+
>+                        if (!strncmp(*ciphertext, "NO PASSWORD",
>11))
>+                                *ciphertext = "";
>+                        else {
>+                                *ciphertext -= 4;
>+                                strncpy(*ciphertext,"$NT$",4);
>+                        }
>+                }
>+
>+                /* NT loader hack ends here ! */
>+

Replacing the unconditional else and adding some basic sanity check
at least avoids the seg fault:

@@ -206,10 +207,27 @@
                if (!strncmp(*ciphertext, "NO PASSWORD", 11))
                        *ciphertext = "";

+                /* NT loader hack starts here ! */
+
+                if (options.format && (strncmp(options.format, "nt", 
2)==0)) {
+
+                        tmp = ldr_get_field(&line);
+                        *ciphertext = tmp;
+
+                        if (!strncmp(*ciphertext, "NO PASSWORD", 11))
+                                *ciphertext = "";
+                        else if(strlen(*ciphertext) == 32) {
+                                *ciphertext -= 4;
+                                strncpy(*ciphertext,"$NT$",4);
+                        }
+                }
+
+                /* NT loader hack ends here ! */
+

But even if john --format=nt fdtest_LM will correctly report
"No password hashes loaded" (because valid is processed and fails),
john --show --format=nt will report an invalid line like this one:
1:TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT:UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
as cracked:

1:NO PASSWORD:TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT:(null)


Regards, Frank


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.