[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Aug 2012 13:14:25 +0200
From: Guth <guth@...posor.com>
To: john-users@...ts.openwall.com
Subject: Wordlist memory corruption - 1.7.9-jumbo-6
Hi,
It seems that jtr segfault/corrupt memory on wordlist attacks under some
circonstances:
guth[run]$ ./john
John the Ripper password cracker, ver: 1.7.9-jumbo-6 [linux-x86-64-native]
guth[run]$ echo test:$(echo -n 'whatever, Crak me If you can.' | md5sum
|cut -c -32) > testfile.hash
guth[run]$ cat testfile.hash
test:f74a21cbdce75195e6ce7fe4c9dd2281
guth[run]$ echo 'whatever, Crak me If you can.' >dicOK.txt
guth[run]$ ./john testfile.hash --format=raw-md5 -w=dicOK.txt
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
whatever, Crak me If you can. (test)
guesses: 1 time: 0:00:00:00 DONE (Wed Aug 1 11:56:04 2012) c/s: 50.00
trying: whatever, Crak me If you can.
guth[run]$ ./john testfile.hash --format=raw-md5 -w=dicKO-rev.txt
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
guesses: 0 time: 0:00:00:00 DONE (Wed Aug 1 11:57:51 2012) c/s: 500
trying: tset - enodllew
guth[run]$ cat dicKO-rev.txt
tset
2tset
3t
éhéh
enodllew
./john testfile.hash --format=raw-md5 -w=polish_rev
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
Segmentation fault
guth[run]$ head -1 polish_rev >polish_rev_1
guth[run]$ head -2 polish_rev >polish_rev_2
guth[run]$ cat polish_rev_1
zciwonakaba
guth[run]$ cat -e polish_rev_1
^Mzciwonakaba$
guth[run]$ cat polish_rev_2
zciwonakaba
ruzaba
guth[run]$ cat -e polish_rev_2
^Mzciwonakaba$
^Mruzaba$
guth[run]$ ./john testfile.hash --format=raw-md5 -w=polish_rev_1
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
guesses: 0 time: 0:00:00:00 DONE (Wed Aug 1 12:08:43 2012) c/s: 200
trying: - zciwonakaba
guth[run]$ ./john testfile.hash --format=raw-md5 -w=polish_rev_2
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
*** glibc detected *** ./john: malloc(): memory corruption:
0x00000000008603b0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7a25b)[0x7f3ba9f9025b]
/lib64/libc.so.6(__libc_malloc+0x6e)[0x7f3ba9f927ce]
/lib64/libc.so.6(fdopen+0x127)[0x7f3ba9f7d967]
./john[0x4b8fb4]
./john[0x4c25e2]
./john[0x4b2b74]
./john[0x4b30cf]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f3ba9f34e5d]
./john[0x404729]
======= Memory map: ========
00400000-00524000 r-xp 00000000 08:01 579681
/test/john-1.7.9-jumbo-6/run/john
00724000-00745000 rw-p 00124000 08:01 579681
/test/john-1.7.9-jumbo-6/run/john
00745000-008f6000 rw-p 00000000 00:00 0
[heap]
7f3ba4000000-7f3ba4021000 rw-p 00000000 00:00 0
7f3ba4021000-7f3ba8000000 ---p 00000000 00:00 0
7f3ba9d01000-7f3ba9d16000 r-xp 00000000 08:01 135476
/usr/lib64/libgcc_s.so.1
7f3ba9d16000-7f3ba9f15000 ---p 00015000 08:01 135476
/usr/lib64/libgcc_s.so.1
7f3ba9f15000-7f3ba9f16000 rw-p 00014000 08:01 135476
/usr/lib64/libgcc_s.so.1
7f3ba9f16000-7f3baa0b1000 r-xp 00000000 08:01 392513
/lib64/libc-2.13.so
7f3baa0b1000-7f3baa2b1000 ---p 0019b000 08:01 392513
/lib64/libc-2.13.so
7f3baa2b1000-7f3baa2b5000 r--p 0019b000 08:01 392513
/lib64/libc-2.13.so
7f3baa2b5000-7f3baa2b6000 rw-p 0019f000 08:01 392513
/lib64/libc-2.13.so
7f3baa2b6000-7f3baa2bc000 rw-p 00000000 00:00 0
7f3baa2bc000-7f3baa2be000 r-xp 00000000 08:01 392518
/lib64/libdl-2.13.so
7f3baa2be000-7f3baa4be000 ---p 00002000 08:01 392518
/lib64/libdl-2.13.so
7f3baa4be000-7f3baa4bf000 r--p 00002000 08:01 392518
/lib64/libdl-2.13.so
7f3baa4bf000-7f3baa4c0000 rw-p 00003000 08:01 392518
/lib64/libdl-2.13.so
7f3baa4c0000-7f3baa4c9000 r-xp 00000000 08:01 392516
/lib64/libcrypt-2.13.so
7f3baa4c9000-7f3baa6c9000 ---p 00009000 08:01 392516
/lib64/libcrypt-2.13.so
7f3baa6c9000-7f3baa6ca000 r--p 00009000 08:01 392516
/lib64/libcrypt-2.13.so
7f3baa6ca000-7f3baa6cb000 rw-p 0000a000 08:01 392516
/lib64/libcrypt-2.13.so
7f3baa6cb000-7f3baa6f9000 rw-p 00000000 00:00 0
7f3baa6f9000-7f3baa70f000 r-xp 00000000 08:01 153945
/usr/lib64/libz.so.1.2.5
7f3baa70f000-7f3baa90e000 ---p 00016000 08:01 153945
/usr/lib64/libz.so.1.2.5
7f3baa90e000-7f3baa90f000 rw-p 00015000 08:01 153945
/usr/lib64/libz.so.1.2.5
7f3baa90f000-7f3baa993000 r-xp 00000000 08:01 392519
/lib64/libm-2.13.so
7f3baa993000-7f3baab92000 ---p 00084000 08:01 392519
/lib64/libm-2.13.so
7f3baab92000-7f3baab93000 r--p 00083000 08:01 392519
/lib64/libm-2.13.so
7f3baab93000-7f3baab94000 rw-p 00084000 08:01 392519
/lib64/libm-2.13.so
7f3baab94000-7f3baacf5000 r-xp 00000000 08:01 434555
/lib64/libcrypto.so.0.9.8
7f3baacf5000-7f3baaef5000 ---p 00161000 08:01 434555
/lib64/libcrypto.so.0.9.8
7f3baaef5000-7f3baaf1a000 rw-p 00161000 08:01 434555
/lib64/libcrypto.so.0.9.8
7f3baaf1a000-7f3baaf1e000 rw-p 00000000 00:00 0
7f3baaf1e000-7f3baaf6b000 r-xp 00000000 08:01 434556
/lib64/libssl.so.0.9.8
7f3baaf6b000-7f3bab16a000 ---p 0004d000 08:01 434556
/lib64/libssl.so.0.9.8
7f3bab16a000-7f3bab171000 rw-p 0004c000 08:01 434556
/lib64/libssl.so.0.9.8
7f3bab171000-7f3bab192000 r-xp 00000000 08:01 392569
/lib64/ld-2.13.so
7f3bab361000-7f3bab366000 rw-p 00000000 00:00 0
7f3bab38e000-7f3bab391000 rw-p 00000000 00:00 0
7f3bab391000-7f3bab392000 r--p 00020000 08:01 392569
/lib64/ld-2.13.so
7f3bab392000-7f3bab394000 rw-p 00021000 08:01 392569
/lib64/ld-2.13.so
7fffd5288000-7fffd52a9000 rw-p 00000000 00:00 0
[stack]
7fffd53d7000-7fffd53d8000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Abandon
gcc --version
gcc (GCC) 4.5.2
problem is triggered on rec_init(db, save_state); (called from wordlist.c):
void rec_init(struct db_main *db, void (*save_mode)(FILE *file))
{
fprintf(stderr, "debug rec_init open OK\n");
rec_done(1);
if (!rec_argc) return;
rec_name_complete();
if ((rec_fd = open(path_expand(rec_name), O_RDWR | O_CREAT, 0600))
< 0)
pexit("open: %s", path_expand(rec_name));
rec_lock();
fprintf(stderr, "debug rec_init fdopen(%x)\n", rec_fd);
if (!(rec_file = fdopen(rec_fd, "w"))) pexit("fdopen");
fprintf(stderr, "debug rec_init after fdopen OK\n");
rec_db = db;
rec_save_mode = save_mode;
}
guth[run]$ ./john testfile.hash --format=raw-md5 -w=polish_rev_2
Loaded 1 password hash (Raw MD5 [128/128 AVX intrinsics 8x])
debug Started init_this_time OK
debug init_this_time - before rec_init OK
debug rec_init open OK
debug rec_init before fdopen OK
debug rec_init fdopen(7)
*** glibc detected *** ./john: malloc(): memory corruption:
0x00000000008f33b0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7a25b)[0x7f32f7bee25b]
/lib64/libc.so.6(__libc_malloc+0x6e)[0x7f32f7bf07ce]
/lib64/libc.so.6(fdopen+0x127)[0x7f32f7bdb967]
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
