[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100425021656.GA15922@openwall.com>
Date: Sun, 25 Apr 2010 06:16:56 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NTLMv2 Challenge/Response Cracking
On Wed, Apr 14, 2010 at 12:41:33PM -0500, jmk wrote:
> I've uploaded a patch and added a link on the Wiki to hopefully improve
> what's currently there of mine. The patch adds some documentation
> related to the challenge/response formats, attempts to address your
> concerns with the netntlm.pl script and includes a "--config" option for
> John.
>
> I've also uploaded a minor tweak for the Oracle format. I found that
> "john -format:oracle -show" wasn't returning the cracked passwords. This
> should correct that issue.
Thank you! I've just released 1.7.5-jumbo-3, which includes your
changes as well as other minor bug fixes that have been posted in here.
In netntlm.pl, I think that your use of /tmp is still inappropriate, but
I've mitigated the risk (limiting the impact to just DoS-against-itself)
by changing:
mkdir("/tmp/john.$$");
to:
mkdir("/tmp/john.$$") || die;
As to your "--config" patch, I don't understand the rationale behind
your introduction of FLG_CONFIG_DEFAULT, but I kept it in the patch.
I think we may drop it later to free up that bit.
Thanks again,
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
