Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CABtNtWFR75_92LcjUeTuCMKyH-L3KRYbJ37cyz-CzPVGW0MZcA@mail.gmail.com>
Date: Thu, 19 Mar 2015 19:38:37 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Bug found by AFL fuzzing john.conf

Hi,
I am going to describe the bug found by AFL fuzzing john.conf.
If you have some questions or advice,  feel free to send to me.

1. Links
    1.1 issue #1120

https://github.com/magnumripper/JohnTheRipper/issues/1120

    1.2 patch to fix this bug #1121

https://github.com/magnumripper/JohnTheRipper/commit/6decd7b005d9ca25332744eca093ceb6d0e105ad

2. How to reproduce this bug
    2.1 Change the run/john.conf

- 739  [List.Rules:Loopback]
+739  [?List.Rules:Loopback]

    2.2 Run john using the default john.conf

3. How to fuzz config file

$ cd JohnTheRipper/run
$ mkdir config_test
$ cd config_test
$ mkdir test_cases
$ cp ../john.conf test_cases/
$ echo "something" > hashes
$ afl-fuzz -m none -i test_cases -o out ../john hashes --nolog
--max-run-time=1  --skip-self-test --config=@@

4. Below is the status screen of AFL

                                               american fuzzy lop 1.55b
(john)

┌─ process timing ─────────────────────────────────────┬─ overall results
─────┐
│        run time : 0 days, 20 hrs, 47 min, 39 sec
                          │  cycles done : 0      │
│   last new path : 0 days, 0 hrs, 0 min, 16 sec
                         │  total paths : 163    │
│ last uniq crash : 0 days, 0 hrs, 25 min, 20 sec
                       │ uniq crashes : 3      │
│  last uniq hang : 0 days, 11 hrs, 48 min, 58 sec
                       │   uniq hangs : 1      │
├─ cycle progress ────────────────────┬─ map coverage
─┴───────────────────────┤
│  now processing : 0 (0.00%)                                  │    map
density : 3291 (5.02%)          │
│ paths timed out : 0 (0.00%)                                    │ count
coverage : 1.25 bits/tuple       │
├─ stage progress ────────────────────┼─ findings in depth
────────────────────┤
│  now trying : bitflip 1/1                                            │
favored paths : 1 (0.61%)              │
│ stage execs : 180k/662k (27.18%)                        │  new edges on :
44 (26.99%)            │
│ total execs : 182k                                                  │
total crashes : 144 (3 unique)         │
│  exec speed : 2.16/sec (zzzz...)                             │   total
hangs : 1 (1 unique)           │
├─ fuzzing strategy yields ───────────┴───────────────┬─ path geometry
────────┤
│   bit flips : 0/0, 0/0, 0/0
                          │    levels : 2          │
│  byte flips : 0/0, 0/0, 0/0
                        │   pending : 163        │
│ arithmetics : 0/0, 0/0, 0/0
                      │  pend fav : 1          │
│  known ints : 0/0, 0/0, 0/0
                     │ own finds : 162        │
│  dictionary : 0/0, 0/0, 0/0
                       │  imported : n/a        │
│       havoc : 0/0, 0/0
                          │  variable : 0          │
│        trim : 2.27%/1287, n/a
                    ├────────────────────────┘
└─────────────────────────────────────────────────────┘
[cpu:163%]


Thank you for your time!

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.