Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 21 Feb 2011 15:50:22 -0600
From: "Joshua J. Drake" <jtr-users@...p.org>
To: john-users@...ts.openwall.com
Subject: JtR jumbo-12 with nul bytes in wordlists

Guys,

I have attached a patch which allows JtR w/jumbo 12 to work on
wordlists containing nul bytes again. This has to be applied after
jumbo-12. 

I didn't do a ton of testing, but it worked in my simple test case of
"one\n\0\ntwo\n" .. 

A nul byte should be effectively equal to a line terminator.. With
jumbo 12 it terminates the entire wordlist. JtR 1.7.6 w/o jumbo 12 is
not affected and does the right thing.

Check out your wordlists and see if you might have been skipping some
candidates!

-- 
Joshua J. Drake

--- john-1.7.6-jumbo-12/src/wordlist.c.orig	2010-06-14 17:43:48.000000000 -0500
+++ john-1.7.6-jumbo-12/src/wordlist.c	2011-02-21 15:40:29.000000000 -0600
@@ -218,6 +218,8 @@
 		/* If the file is < max_wordfile_memory, then we work from a memory map of the file */
 		if (file_len < db->options->max_wordfile_memory)
 		{
+			char *aep;
+
 			/* probably should only be debug message, but I left it in */
 			log_event("loading wordfile %s into memory (%lu bytes, max_size=%u)\n", name, file_len, db->options->max_wordfile_memory);
 /* XXX: would need to alloc more for dummy_rules_apply()'s "blind truncation" */
@@ -228,16 +230,17 @@
 				fprintf(stderr, "fread: Unexpected EOF\n");
 				error();
 			}
-			word_file_str[file_len] = 0;
+			aep = word_file_str + file_len;
+			*aep = 0;
 			csearch = '\n';
-			cp = strchr(word_file_str, csearch);
+			cp = memchr(word_file_str, csearch, file_len);
 			if (!cp)
 			{
 				csearch = '\r';
-				cp = strchr(word_file_str, csearch);
+				cp = memchr(word_file_str, csearch, file_len);
 			}
 			for (nWordFileLines = 1; cp; ++nWordFileLines)
-				cp = strchr(&cp[1], csearch);
+				cp = memchr(&cp[1], csearch, file_len - (cp - word_file_str) - 1);
 			words = mem_alloc(nWordFileLines * sizeof(char*));
 			log_event("wordfile had %u lines and required %lu bytes for index.\n", nWordFileLines, (unsigned long)(nWordFileLines * sizeof(char*)));
 
@@ -246,18 +249,18 @@
 			do
 			{
 				char *ep = cp, ec;
-				while (*ep && *ep != '\n' && *ep != '\r') ep++;
+				while ((ep < aep) && *ep && *ep != '\n' && *ep != '\r') ep++;
 				ec = *ep;
 				*ep = 0;
 				if (ep - cp >= LINE_BUFFER_SIZE)
 					cp[LINE_BUFFER_SIZE-1] = 0;
 				if (strncmp(cp, "#!comment", 9))
 					words[i++] = cp;
-				if (!ec || i == nWordFileLines)
+				if (i == nWordFileLines)
 					break;
 				cp = ep + 1;
 				if (ec == '\r' && *cp == '\n') cp++;
-			} while (*cp);
+			} while (cp < aep);
 			nWordFileLines = i;
 			nCurLine=0;
 		}


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ