You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Loaded 1 password hash (7z, 7-Zip [SHA256 AES 32/64])
Will run 8 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status Segmentation fault (core dumped) #2.2 GDB debug
#0 crk_guess_fixup_salt (
source=0x2a44b98 "$7z$0$19$0$1122$8$d1f5022775941589", '0' <repeats 16 times>, "$1412385885$112$112$5e5b8b734adf52a64c541a5a5369023d7cccb78bd910c0092535dfb013a5df84ac692c5311d2e7bbdc580f5b867f7b5dd43830f7b4f37e41c7277e228fb92a6dd8"...,
salt=0x13 <error: Cannot access memory at address 0x13>) at fake_salts.c:134
#1 0x00000000005e2175 in crk_process_guess (salt=salt@entry=0x2a44b10, pw=pw@entry=0x2a44b60, index=index@entry=2) at cracker.c:338 #2 0x00000000005e2c1a in crk_password_loop (salt=salt@entry=0x2a44b10) at cracker.c:729 #3 0x00000000005e344a in crk_salt_loop () at cracker.c:767 #4 0x000000000060b0f5 in do_wordlist_crack (db=db@entry=0x104a1c0 , name=, rules=,
rules@entry=1) at wordlist.c:1233
#5 0x00000000005d9fe9 in do_wordlist_pass (db=0x104a1c0 ) at batch.c:38 #6 do_batch_crack (db=0x104a1c0 ) at batch.c:58 #7 0x00000000005ecd5f in john_run () at john.c:1415 #8 0x00000000005ed528 in main (argc=3, argv=0x7ffef94f0578) at john.c:1687 #3. Debug
printf("%p\n", salt); == 0x13
fake_salts.c
voidcrk_guess_fixup_salt(char*source, char*salt)
cracker.c
staticintcrk_process_guess(structdb_salt*salt, structdb_password*pw, intindex)
{
...
if (options.regen_lost_salts)
crk_guess_fixup_salt(pw->source, *(char**)(salt->salt));
...
The text was updated successfully, but these errors were encountered:
This bug is found by fuzzing the options of John
#1. Prepare
1.1 content of 7z_fmt
$7z$0$19$0$1122$8$d1f50227759415890000000000000000$1412385885$112$112$5e5b8b734adf52a64c541a5a5369023d7cccb78bd910c0092535dfb013a5df84ac692c5311d2e7bbdc580f5b867f7b5dd43830f7b4f37e41c7277e228fb92a6dd854a31646ad117654182253706dae0c069d3f4ce46121d52b6f20741a0bb39fc61113ce14d22f9184adafd6b5333fb1
1.2 compile
$ ./configure && make -sj8
#2. Reproduce
#2.1 Run
$ ./john 7z_fmt --regen-lost-salts=1
Loaded 1 password hash (7z, 7-Zip [SHA256 AES 32/64])
Will run 8 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
Segmentation fault (core dumped)
#2.2 GDB debug
#0 crk_guess_fixup_salt (
#1 0x00000000005e2175 in crk_process_guess (salt=salt@entry=0x2a44b10, pw=pw@entry=0x2a44b60, index=index@entry=2) at cracker.c:338
#2 0x00000000005e2c1a in crk_password_loop (salt=salt@entry=0x2a44b10) at cracker.c:729
#3 0x00000000005e344a in crk_salt_loop () at cracker.c:767
#4 0x000000000060b0f5 in do_wordlist_crack (db=db@entry=0x104a1c0 , name=, rules=,
#5 0x00000000005d9fe9 in do_wordlist_pass (db=0x104a1c0 ) at batch.c:38
#6 do_batch_crack (db=0x104a1c0 ) at batch.c:58
#7 0x00000000005ecd5f in john_run () at john.c:1415
#8 0x00000000005ed528 in main (argc=3, argv=0x7ffef94f0578) at john.c:1687
#3. Debug
printf("%p\n", salt); == 0x13
fake_salts.c
cracker.c
The text was updated successfully, but these errors were encountered: