infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't try to be too helpful 

John cares not one whit how many colons are in a hash line, only that
there are enough for the format (at least 2 for regular /etc/passwd, at
least 3 for NTLM, etc). So there is no simple way to programmatically
determine whether a password had a colon or there was just an extra on
the end of the original hash line.

[MSP-9778]
See #2515
bug/bundler_fix
James Lee 2014-04-09 18:43:04 -05:00
parent 2de210f1c3
commit 95399b0de7
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/msf/core/auxiliary/jtr.rb
View File

@ -142,12 +142,11 @@ module Auxiliary::JohnTheRipper
res[:uncracked] = $2.to_i res[:uncracked] = $2.to_i
end end
# XXX: If the password had : characters in it, we're screwed
bits = line.split(':', -1) bits = line.split(':', -1)
# If the password had : characters in it, put them back together # Skip blank passwords
while bits.length > 7
bits[1,2] = bits[1,2].join(":")
end
next if not bits[2] next if not bits[2]
if (format== 'lm' or format == 'nt') if (format== 'lm' or format == 'nt')