Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add max_length to wordlist generation #11261

Merged
merged 3 commits into from Jan 20, 2019
Merged

Conversation

@h00die
Copy link
Contributor

h00die commented Jan 15, 2019

This adds the ability to set the max length of a word going into a word list when written to file.

Some password hash formats have a max length (DES = 8) and therefore when generating a wordlist with anything more than that, those items will either always fail or be ignored by JTR (not sure JTR's behavior).

This currently only changes how the libraries work, i'm going through the jtr modules now and cleaning them up, writing docs, fixing logic, and implementing this behavior in other PRs.

Default behavior is 0, which means ignore so the current behavior will stick.

With the default behavior on my system:

msf5 auxiliary(analyze/jtr_linux) > wc -L /tmp/jtrtmp20190114-18029-1hpr9zf
[*] exec: wc -L /tmp/jtrtmp20190114-18029-1hpr9zf

296 /tmp/jtrtmp20190114-18029-1hpr9zf

After setting it to 8:

msf5 auxiliary(analyze/jtr_linux) > wc -L /tmp/jtrtmp20190114-17944-wzzpsf
[*] exec: wc -L /tmp/jtrtmp20190114-17944-wzzpsf

8 /tmp/jtrtmp20190114-17944-wzzpsf
h00die added 2 commits Jan 15, 2019
@h00die h00die mentioned this pull request Jan 15, 2019
0 of 3 tasks complete
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Jan 20, 2019

Works as described.

Before

root@kali:/pentest/exploit/metasploit-framework# head /tmp/jtrtmp20190119-11675-13fwg87
1qwerty
1qwerty
QWE123qwe
QWE123qwe
Q2w
Q2w
E4r
E4r
Q2w3e4r
Q2w3e4r

After

root@kali:/pentest/exploit/metasploit-framework# head /tmp/jtrtmp20190119-11675-1c89fa7
1qwerty
1qwerty
QWE123qw
QWE123qw
Q2w
Q2w
E4r
E4r
Q2w3e4r
Q2w3e4r
@bcoles
bcoles approved these changes Jan 20, 2019
@bcoles bcoles self-assigned this Jan 20, 2019
@bcoles bcoles merged commit 4d847e9 into rapid7:master Jan 20, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
bcoles added a commit that referenced this pull request Jan 20, 2019
msjenkins-r7 added a commit that referenced this pull request Jan 20, 2019
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Jan 20, 2019

Release Notes

This adds an option to set the maximum word length during JtR wordlist generation.

@h00die h00die deleted the h00die:max_len_passwords branch Jan 22, 2019
@h00die h00die mentioned this pull request Jan 22, 2019
0 of 3 tasks complete
@h00die h00die mentioned this pull request Jan 25, 2019
0 of 3 tasks complete
@h00die h00die mentioned this pull request Feb 3, 2019
4 of 4 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.