Date: Tue, 5 Feb 2008 10:38:08 +0530 From: "Dhirendra Singh Kholia" <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: NETHALFLM patch On 2/5/08, Solar Designer <solar@...nwall.com> wrote: > On Mon, Feb 04, 2008 at 12:06:47PM +0530, Dhirendra Singh Kholia wrote: > > This patch adds support for cracking first 7 characters of LM response. > > Thank you for the contribution! > > Unfortunately, something (your webmail service?) has garbled the > whitespace within the patch. Can you please re-post it by other means - > e.g., using a regular mail client (SMTP) and with the patch as a > text/plain attachment? Note that it is important to have MIME type of > the attachment as text/plain in order for the patch to be readily > visible in web-based archives of the list. Sorry for that. I don't have SMTP mail access unfortunately. I have tried to attach the patch as text/plain attachment. In case of any issues can you please pick it from: http://dhiru.kholia.googlepages.com/JtR-1.7.2-all9-nethalflm.patch > > > + tmp = (char *) mem_alloc(7 + strlen(challenge) + strlen(nethalflm) + 1); > > + memset(tmp, 0, 7 + strlen(challenge) + strlen(nethalflm) + 1); > > + sprintf(tmp, "$NETHALFLM$%s$%s", challenge, nethalflm); > > You don't need the memset() and you have a buffer overflow with the > sprintf() - the constant should be 12, not 7. fixed. > > > + static char out[TOTAL_LENGTH + 1]; > > + > > + memset(out, 0, TOTAL_LENGTH + 1); > > + memcpy(&out, ciphertext, TOTAL_LENGTH); > > You don't need the memset(), you only need: > > out[TOTAL_LENGTH] = 0; fixed. > > > + memset(password, 0, 7 + 1); > > memset() not needed since you use strncpy() below, which NUL-pads. > > > + memset(output, 0, 24); > > Too large. fixed. > > + strncpy((char *) password, saved_plain, 14); > > Should be 7, not 14. fixed. > > > + memset(saved_plain, 0, PLAINTEXT_LENGTH + 1); > > + strncpy(saved_plain, key, PLAINTEXT_LENGTH); > > No need for the memset() and for NUL-padding with strncpy() if you also > use strncpy() on saved_plain later (above), but you do need > NUL-termination for your get_key() (or you can do it there). > fixed. ( I think we can avoid memset and srtncpy both and instead use the loop below for copying ??? ) > > + /* Upper-case password */ > > + for(i=0; i<PLAINTEXT_LENGTH; i++) > > + if ((saved_plain[i] >= 'a') && (saved_plain[i] <= 'z')) > > saved_plain[i] ^= 0x20; > > Should exit the loop on first NUL seen. fixed i hope. > > > + FMT_8_BIT | FMT_BS | FMT_SPLIT_UNIFIES_CASE, > > FMT_BS is wrong here, it stands for "bitslice". I really don't have any idea how this piece works. I have just removed FMT_BS from the new patch. > > > + fmt_default_binary_hash, > > + fmt_default_binary_hash, > > + fmt_default_binary_hash > > That's the special case of loader slowness that I've just mentioned in > my previous posting... > Will read up on that. > These are just some of the bugs and inefficiencies that I was able to > spot quickly. Yet I do appreciate contributed patches. :-) > > Thanks again, Thank you Solar Designer for all the comments. Its eighth-wonder that my patch worked at all. It was horrible, i agree :) I hope that this version is OK enough. Still Left: - Speed fixes by using better DES implementation ( DES bs?) - Cracking remaining 7chars of password by using 8->16bytes of LM response. (Cain and Abel does this!). I guess that by prefixing a random byte to the LM hash(first 7 bytes) of password's 2nd part we can try to do it. Sound messy though. > > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 > http://www.openwall.com - bringing security into open computing environments > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply > to the automated confirmation request that will be sent to you. > > -- dsk Download attachment "JtR-1.7.2-all9-nethalflm.patch" of type "application/octet-stream" (9156 bytes) -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.