search

openwall / john-tests

Test Suite for John the Ripper
24 stars 15 forks source link

Should jtrts.pl handle -passthru="--dupe-suppression" or -passthru="--save-memory=1"? #50

Closed frank-dittrich closed 9 years ago

frank-dittrich commented 9 years ago 
$ ./jtrts.pl -v -stoponerror -passthru="--dupe-suppression"
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.13, Dec 21, 2014.  By, Jim Fougeron & others
- Testing:  John the Ripper password cracker, version 1.8.0.4-jumbo-1-bleeding [linux-gnu 32-bit AVX2-autoconf]
--------------------------------------------------------------------------------

John Jumbo build detected.
Invalid options combination or duplicate option: "--dupe-suppression"
--pot=NAME option is valid
--encoding=NAME option is valid
all.chr (../run/all.chr) not found
alnum.chr found, inc_alnum_ee8763c850dee8e4b88ef547a8ed39b8 added as a capability
Setting default for john-jumbo to be:   base+koi8r+utf8
Capabilities in this build of john:
jumbo core inc local_pot_valid encode_valid utf8 cp1252 cp1251 koi8r cp437 cp737 cp850 cp858 cp866 iso8859-1 iso8859-15 inc_alnum_ee8763c850dee8e4b88ef547a8ed39b8

form=asa-md5                      guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:asa-md5                  guesses: 1500 0:00:00:00 DONE  [PASSED] (1500 val-pwd)

form=asa-md5                      guesses: 1293 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:asa-md5                  guesses: 1293 0:00:00:00 DONE  [PASSED] (1293 val-pwd)

form=formspring                   guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:formspring               guesses: 1500 0:00:00:00 DONE  [PASSED] (1500 val-pwd)

form=formspring                   guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:formspring               guesses: 1500 0:00:00:00 DONE  [PASSED] (1500 val-pwd)

form=raw-md5u-raw                 guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:raw-md5u-raw             guesses: 1500 0:00:00:00 DONE  [PASSED] (1500 val-pwd)

form=raw-md5u                     guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:raw-md5u                 guesses: 1500 0:00:00:00 DONE  [PASSED] (1500 val-pwd)

form=raw-md5u-raw-utf8            guesses: 1229 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
.pot CHK:raw-md5u-raw-utf8        guesses: 1229 0:00:00:00 DONE  [PASSED] (1229 val-pwd)

form=raw-md5u-raw-utf8            guesses: 1500 0:00:00:00 DONE  [PASSED]
Use of uninitialized value in split at ./jtrts.pl line 652.
Use of uninitialized value $details[4] in hex at ./jtrts.pl line 653.
Invalid negative number (-1) in chr at ./jtrts.pl line 660.
Invalid negative number (-1) in chr at ./jtrts.pl line 660.
FAILED line = à(àç&ç-à         (à(àç&ç-à)
FAILED line = é-àçéàà(         (é-àçéàà()
.pot CHK:raw-md5u-raw-utf8        guesses: 1500 -show=1500 0:00:00:00 DONE : Expected count(s) (1500)  [!!!FAILED4!!!]  (1498 val-pwd  2 inval-pwd)
Exiting on error. The .pot file ./tst.pot contains the found data
The command used to run this test was:

../run/john -ses=./tst  --dupe-suppression -pot=./tst.pot rawmd5u_raw_tst_utf8.in --wordlist=pw-utf8.dic -form=raw-md5u --encoding=utf-8
[fd@f20x32 test]$ ./jtrts.pl -v -stoponerror -passthru="--save-memory=1" -type rar
-------------------------------------------------------------------------------
- JtR-TestSuite (jtrts). Version 1.13, Dec 21, 2014.  By, Jim Fougeron & others
- Testing:  John the Ripper password cracker, version 1.8.0.4-jumbo-1-bleeding [linux-gnu 32-bit AVX2-autoconf]
--------------------------------------------------------------------------------

John Jumbo build detected.
--pot=NAME option is valid
--encoding=NAME option is valid
all.chr (../run/all.chr) not found
alnum.chr found, inc_alnum_ee8763c850dee8e4b88ef547a8ed39b8 added as a capability
Types to filter on:
rar
Capabilities in this build of john:
jumbo core inc local_pot_valid encode_valid utf8 cp1252 cp1251 koi8r cp437 cp737 cp850 cp858 cp866 iso8859-1 iso8859-15 inc_alnum_ee8763c850dee8e4b88ef547a8ed39b8

form=rar                          guesses:  130 0:00:01:05 DONE  [PASSED]
FAILED line = Bert$ErnIE       (?)
FAILED line = Bert$ErnIE       (?)
FAILED line = Bert$ErnIE       (?)
[...]
FAILED line = alsfdkja;        (?)
FAILED line = alsfdkja;        (?)
FAILED line = alsfdkja;        (?)
.pot CHK:rar                      guesses:  130 -show= 130 0:00:00:11 DONE : Expected count(s) (130)  [!!!FAILED4!!!]  (0 val-pwd  130 inval-pwd)
Exiting on error. The .pot file ./tst.pot contains the found data
The command used to run this test was:

../run/john -ses=./tst  --save-memory=1 -pot=./tst.pot rar_tst.in --wordlist=pw-40.dic -form=rar
frank-dittrich commented 9 years ago

--mem-file-size= is another option --show can't handle. Another is --fix-state-delay=, while --show happily ignores --nolog.

There are some more (questionable) options listed as hidden options. Some of them surely break the test suite (like --log-stderr), but I doubt we should care.

magnumripper commented 9 years ago

Maybe we should use a white-list instead?

--device
--platform

I think most/all others should be stripped.

frank-dittrich commented 9 years ago

Whitelist can also be tricky. You never know what options get added in future releases. I would only care about options that are likely to be added, but need to be ignored for --show.

magnumripper commented 9 years ago

You never know what options get added in future releases.

That goes for a blacklist too. With a whitelist it won't break (but may need a fix) while with a blacklist it will.

frank-dittrich commented 9 years ago

I think since you have to handle abbreviated option names as well, even a whitelist might break in future.

frank-dittrich commented 9 years ago

Nevertheless, I committed f3d889a7a89c578c424c50f87030d0cfcea4aa0e for now, blacklisting --dupe-suppresission, --mem-file-size, --fix-state-delay= and --progress-every= for --show.

jfoug commented 9 years ago

I have simply disabled --save-memory all the way around. You can added it to the -passthru= item, but it will be ignored fully. We need the user id's.

jfoug commented 9 years ago

I think this issue is completed.