Date: Mon, 25 Jan 2010 18:39:25 -0600 From: "JFoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: Patch to John-220.127.116.11 after jumbo2 There is a bug in john (crash). If you use a -w and do not provide a hash file (or no hashes of the proper type are loaded), john will crash. So: cat gen_1.in 2394894928f1efc505d46b9c5f49311c_1:md5_gen(1)2394894928f1efc505d46b9c5f49311c$jkA915IS eea8fc6dbd862bb93d8f14e71f477a2a_password:md5_gen(1)eea8fc6dbd862bb93d8f14e71f477a2a$m1VjKm3w john-18.104.22.168 -w=pw.dic gen_1.in Loaded 2 password hashes with 2 different salts ( md5_gen(1): md5($p.$s) (joomla) [md5-gen SSE2 16x4]) 1 (2394894928f1efc505d46b9c5f49311c_1) password (eea8fc6dbd862bb93d8f14e71f477a2a_password) guesses: 2 time: 0:00:00:00 100.00% (ETA: 01/25/10 18:33:59) c/s: 8533 trying: Skipping and* - enterNow rm john.pot john-22.214.171.124 -w=pw.dic -format=md5 gen_1.in crash here. What happened was the loading code was totally changed (for the better). When it returns, and there were no hashes loaded, the DB structure still has the list of them as a null value, and it is dereferenced PRIOR to the check for no hashes loaded. I simply changed that, so if I know I am in pw mode, that I will first check to see if ANY hashes were loaded. If not, then bail with 'no hashes loaded' message. Again, we have to keep the other code, because we trim out hashes that were found in the john.pot file, so we may have loaded some, but then later removed them all, so the 2nd check (after the pot cleanup) is still needed to again state 'no hashes loaded'. Jim. Download attachment "john-126.96.36.199-jumbo2-jf-fix.patch" of type "application/octet-stream" (1241 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.