search

DanMcInerney / net-creds

Sniffs sensitive data from interface or pcap
GNU General Public License v3.0
1.65k stars 432 forks source link

Crash with incomplete ntlm hash #15

Closed sha0coder closed 8 years ago

sha0coder commented 8 years ago

Control the index access of arrays, be care with incomplete streams

POST load: Traceback (most recent call last): File "./net-creds.py", line 995, in main(parse_args()) File "./net-creds.py", line 972, in main pkt_parser(pkt) File "./net-creds.py", line 195, in pkt_parser other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose) File "./net-creds.py", line 639, in other_parser netntlm_found = parse_netntlm(authenticate_header, authorization_header, headers, ack, seq) File "./net-creds.py", line 700, in parse_netntlm parse_netntlm_chal(headers, chal_header, ack) File "./net-creds.py", line 821, in parse_netntlm_chal msg2 = header_val2[1] IndexError: list index out of range

DanMcInerney commented 8 years ago

Thanks for the work, I'll try to fix this in the near future when time allows.

DanMcInerney commented 8 years ago

Fixed with try/except on line 821.