Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CABtNtWEYrvrPPXLLu70+3GSn4y5LZM5uOjiK=VN7V7m=R1xaUQ@mail.gmail.com>
Date: Mon, 25 May 2015 09:57:50 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Fuzzing Report on wordlist, rules, chr

1. Fuzz wordlist
---------------------

I use some of the wordlist from the website as input cases:

http://www.openwall.com/wordlists/

Add __afl_manual_init() before do_wordlist_crack();

if (options.flags & FLG_WORDLIST_CHK) {
    __afl_manual_init();
    do_wordlist_crack(&database, options.wordlist,
                            (options.flags & FLG_RULES) != 0);
}

Command:
afl-fuzz -i input_cases/ -o out ../john test_pw --nolog --wordlist=@@

Speed: about 100~200/sec
Run time: more than two days
Unique crashes: 0

2. Fuzz rules
---------------------

Fuzz config rules: single mode and wordlist mode.

For single mode:

I create several rules based on the original john.conf as input cases. Then,
comment the line below in john.c to speed up fuzzing.

cnt = dynamic_Register_formats(&selfs);
// cnt = dynamic_Register_formats(&selfs);
cnt = 0;

Command:
afl-fuzz -i input_cases/ -o out -f rules.conf ../john test_pw --nolog
--single --config=local.conf

Speed: about 400~600/sec (without asan), 50/sec (with asan).
Run time: more than three days
Unique crashes: 0

3. Fuzz chr
---------------------

Fuzz chr should use the incremental mode which takes more time, so
the speed is very slow. Comment the line below in john.c to speed up
fuzzing.

cnt = dynamic_Register_formats(&selfs);
// cnt = dynamic_Register_formats(&selfs);
cnt = 0;

The incremental part of local.conf:

[Incremental:LanMan]
File = fuzz.chr
MinLen = 0
MaxLen = 7
CharCount = 132

Command:
afl-fuzz -t 1500+ -m none -i input_cases/ -o out -f fuzz.chr ../john ppww
--nolog --skip-self-test --format=md5crypt --incremental=Lanman
--config=local.conf --max-run-time=1

Speed: about 1~10/sec (without asan), 0.9/sec (with asan).
Run time: more than two days
Unique crashes: 0


Thanks,

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.