Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Feb 2008 10:38:08 +0530
From: "Dhirendra Singh Kholia" <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: NETHALFLM patch

On 2/5/08, Solar Designer <solar@...nwall.com> wrote:
> On Mon, Feb 04, 2008 at 12:06:47PM +0530, Dhirendra Singh Kholia wrote:
> > This patch adds support for cracking first 7 characters of LM response.
>
> Thank you for the contribution!
>
> Unfortunately, something (your webmail service?) has garbled the
> whitespace within the patch.  Can you please re-post it by other means -
> e.g., using a regular mail client (SMTP) and with the patch as a
> text/plain attachment?  Note that it is important to have MIME type of
> the attachment as text/plain in order for the patch to be readily
> visible in web-based archives of the list.

Sorry for that. I don't have SMTP mail access unfortunately.

I have tried to attach the patch as text/plain attachment. In case of any issues
can you please pick it from:

http://dhiru.kholia.googlepages.com/JtR-1.7.2-all9-nethalflm.patch

>
> > + tmp = (char *) mem_alloc(7 + strlen(challenge) + strlen(nethalflm) + 1);
> > + memset(tmp, 0, 7 + strlen(challenge) + strlen(nethalflm) + 1);
> > + sprintf(tmp, "$NETHALFLM$%s$%s", challenge, nethalflm);
>
> You don't need the memset() and you have a buffer overflow with the
> sprintf() - the constant should be 12, not 7.

fixed.

>
> > +  static char out[TOTAL_LENGTH + 1];
> > +
> > +  memset(out, 0, TOTAL_LENGTH + 1);
> > +  memcpy(&out, ciphertext, TOTAL_LENGTH);
>
> You don't need the memset(), you only need:
>
> out[TOTAL_LENGTH] = 0;

fixed.

>
> > +  memset(password, 0, 7 + 1);
>
> memset() not needed since you use strncpy() below, which NUL-pads.
>
> > +  memset(output, 0, 24);
>
> Too large.

fixed.

> > +  strncpy((char *) password, saved_plain, 14);
>
> Should be 7, not 14.

fixed.
>
> > +  memset(saved_plain, 0, PLAINTEXT_LENGTH + 1);
> > +  strncpy(saved_plain, key, PLAINTEXT_LENGTH);
>
> No need for the memset() and for NUL-padding with strncpy() if you also
> use strncpy() on saved_plain later (above), but you do need
> NUL-termination for your get_key() (or you can do it there).
>

fixed. ( I think we can avoid memset and srtncpy both and instead use
the loop below for copying ??? )

> > +  /* Upper-case password */
> > +  for(i=0; i<PLAINTEXT_LENGTH; i++)
> > +    if ((saved_plain[i] >= 'a') && (saved_plain[i] <= 'z'))
> > saved_plain[i] ^= 0x20;
>
> Should exit the loop on first NUL seen.

fixed i hope.

>
> > +    FMT_8_BIT | FMT_BS | FMT_SPLIT_UNIFIES_CASE,
>
> FMT_BS is wrong here, it stands for "bitslice".

I really don't have any idea how this piece works. I have just removed
FMT_BS from the new patch.

>
> > +      fmt_default_binary_hash,
> > +      fmt_default_binary_hash,
> > +      fmt_default_binary_hash
>
> That's the special case of loader slowness that I've just mentioned in
> my previous posting...
>

Will read up on that.

> These are just some of the bugs and inefficiencies that I was able to
> spot quickly.  Yet I do appreciate contributed patches. :-)
>
> Thanks again,

Thank you Solar Designer for all the comments.

Its eighth-wonder that my patch worked at all. It was horrible, i agree :)

I hope that this version is OK enough.

Still Left:

- Speed fixes by using better DES implementation ( DES bs?)
- Cracking remaining 7chars of password by using 8->16bytes of LM response.
  (Cain and Abel does this!).
   I guess that by prefixing a random byte to the LM hash(first 7
bytes) of    password's  2nd part we can try to do it. Sound messy
though.

>
> --
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
> http://www.openwall.com - bringing security into open computing environments
>
> --
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
>
>


-- 
dsk

Download attachment "JtR-1.7.2-all9-nethalflm.patch" of type "application/octet-stream" (9156 bytes)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.