-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it clearer where passwords are in --show output #5074
Comments
We should also look into how |
I think we should do this, and by default. Currently, I'd like color as well. I have plans in my head, and in #3511. IIRC, pwdump and others will still output password as field 2, so the current output is weird with LM hash replaced by the password and the NT hash is shown after it. So the "drop field 3+" would work for them too. |
On another note, I think the current output for bare hashes is useless, with BTW that goes for real time crack output as well. We currently get Also, we could change the
As I wrote in this example, the |
I edited the two previous comments extensively while brainstorming. I came to the conclusion we should do exactly this:
|
As seen in #5058, a new user might not figure out where to look for the cracked password in
--show
output.One way to address this is to highlight the passwords in color when output is to a tty.
Another way is to suppress extra fields (beyond field 2) in some cases - or maybe by default, unless explicitly requested otherwise (by option parameter? new option? higher verbosity?)
The latter would also address the issue of parsing
--show
output with passwords that contain a colon (then everything after first colon is the password, just like injohn.pot
).We can also implement both of these ideas.
The text was updated successfully, but these errors were encountered: