Don't try to be too helpful

John cares not one whit how many colons are in a hash line, only that there are enough for the format (at least 2 for regular /etc/passwd, at least 3 for NTLM, etc). So there is no simple way to programmatically determine whether a password had a colon or there was just an extra on the end of the original hash line. [MSP-9778] See #2515
2014-04-09 18:43:04 -05:00 · 2014-04-09 18:43:04 -05:00 · 95399b0de7
parent 2de210f1c3
commit 95399b0de7
1 changed files with 3 additions and 4 deletions
--- a/lib/msf/core/auxiliary/jtr.rb
+++ b/lib/msf/core/auxiliary/jtr.rb
@ -142,12 +142,11 @@ module Auxiliary::JohnTheRipper
          res[:uncracked] = $2.to_i
        end

+        # XXX: If the password had : characters in it, we're screwed
+
        bits = line.split(':', -1)

-        # If the password had : characters in it, put them back together
-        while bits.length > 7
-          bits[1,2] = bits[1,2].join(":")
-        end
+        # Skip blank passwords
        next if not bits[2]

        if (format== 'lm' or format == 'nt')