Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Sep 2016 17:02:02 +0200
From: patpro@...pro.net
To: john-users@...ts.openwall.com
Subject: Re: Error: wordlist contains NULL bytes - aborting

On 14 sept. 2016, at 16:49, jfoug <jfoug@...nwall.net> wrote:

> On 9/14/2016 9:11 AM, patpro@...pro.net wrote:
>> Remove the 2 lines with these passwords:
>>> [240600046375]
>>> [4000646f6232]
>>> 
>>> and the null problems will go away.
>> Thank you for the tip. My question is a little bit wider though: is there any way for john to handle passwords with null character? Are those password just artifacts (from a hacking attempt for example), or could they be legitimate?
>> 
> Here is another couple 'fun' ones for john:
> 
> [310d316e6b61]
> [326d610d6b61]
> [3174650d6b61]
> 
> These have a carriage return in them (the 0d).  There are 3 characters which are very hard to deal with in JtR.  That is \x00 (null), \x0a and \x0d (line feed and carriage return).  Also, the ':' can be tough in certain situations (but is not a problem for an input wordlist).  The \x0a and \x0d 'can' be handled in wordlist (using rules, external or mask).  I am not sure if john can (or ever will) be able to handle a null byte.  It may be that we can handle them with mask mode, I am not sure.  It will almost certainly never be able to handle embedded null bytes in wordlist mode


thanks a lot for those informations, and for the test on mask mode. Looks like hashcat is a nice complement to john when we deal with very odd passwords. Too bad I don't have a box full of GFX 1080 to play with. Brute-forcing 0x00-0xFF is a never ending task on a single Radeon 270X (~980 M hashes/sec on those unsalted SHA1, IIRC).

thanks again
patpro

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.