search

openwall / john

John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
https://www.openwall.com/john/
Other
10.14k stars 2.08k forks source link

Crash --format=leet with username > 32 #3584

Closed jeroen-80 closed 5 years ago

jeroen-80 commented 5 years ago 
bofh@dev:/opt/JohnTheRipper-bleeding-jumbo/run$ cat /tmp/leet.32
12345678901234567890123456789012:18e88ee30dc13ff8f2977118263060fd84ac8c81b4669715101474549a0d4a18eaba8efbaa88ab18d3ebd70ae66bdb22a93046e0ee52da56d0a9e91826d54dfd
bofh@dev:/opt/JohnTheRipper-bleeding-jumbo/run$ ./john --format=leet /tmp/leet.32
Using default input encoding: UTF-8
Loaded 1 password hash (leet [SHA-512(256/256 AVX2 4x) + Whirlpool(OpenSSL/64)])
Will run 8 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
<SNAP>
<CTRL-C>
Session aborted
bofh@dev:/opt/JohnTheRipper-bleeding-jumbo/run$ cat /tmp/leet.33
123456789012345678901234567890123:18e88ee30dc13ff8f2977118263060fd84ac8c81b4669715101474549a0d4a18eaba8efbaa88ab18d3ebd70ae66bdb22a93046e0ee52da56d0a9e91826d54dfd
bofh@dev:/opt/JohnTheRipper-bleeding-jumbo/run$ ./john --format=leet /tmp/leet.33
*** buffer overflow detected ***: ./john terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fc5da3327e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fc5da3d415c]
/lib/x86_64-linux-gnu/libc.so.6(+0x117160)[0x7fc5da3d2160]
/lib/x86_64-linux-gnu/libc.so.6(+0x116609)[0x7fc5da3d1609]
./john[0x5e4885]
./john[0x6d297b]
./john[0x6d0791]
./john[0x6d4081]
./john[0x6cdddb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fc5da2db830]
./john[0x405669]
======= Memory map: ========
00400000-0093e000 r-xp 00000000 fc:03 55190246                           /opt/JohnTheRipper-bleeding-jumbo/run/john
00b3d000-00b3e000 r--p 0053d000 fc:03 55190246                           /opt/JohnTheRipper-bleeding-jumbo/run/john
00b3e000-00bcc000 rw-p 0053e000 fc:03 55190246                           /opt/JohnTheRipper-bleeding-jumbo/run/john
00bcc000-01fb1000 rw-p 00000000 00:00 0
026af000-04503000 rw-p 00000000 00:00 0                                  [heap]
7fc5d15cb000-7fc5d15e1000 r-xp 00000000 fc:03 21627405                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc5d15e1000-7fc5d17e0000 ---p 00016000 fc:03 21627405                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc5d17e0000-7fc5d17e1000 rw-p 00015000 fc:03 21627405                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7fc5d17e1000-7fc5d9fe3000 rw-p 00000000 00:00 0
7fc5d9fe3000-7fc5da2bb000 r--p 00000000 fc:03 28575520                   /usr/lib/locale/locale-archive
7fc5da2bb000-7fc5da47b000 r-xp 00000000 fc:03 21631366                   /lib/x86_64-linux-gnu/libc-2.23.so
7fc5da47b000-7fc5da67b000 ---p 001c0000 fc:03 21631366                   /lib/x86_64-linux-gnu/libc-2.23.so
7fc5da67b000-7fc5da67f000 r--p 001c0000 fc:03 21631366                   /lib/x86_64-linux-gnu/libc-2.23.so
7fc5da67f000-7fc5da681000 rw-p 001c4000 fc:03 21631366                   /lib/x86_64-linux-gnu/libc-2.23.so
7fc5da681000-7fc5da685000 rw-p 00000000 00:00 0
7fc5da685000-7fc5da69d000 r-xp 00000000 fc:03 21631365                   /lib/x86_64-linux-gnu/libpthread-2.23.so
7fc5da69d000-7fc5da89c000 ---p 00018000 fc:03 21631365                   /lib/x86_64-linux-gnu/libpthread-2.23.so
7fc5da89c000-7fc5da89d000 r--p 00017000 fc:03 21631365                   /lib/x86_64-linux-gnu/libpthread-2.23.so
7fc5da89d000-7fc5da89e000 rw-p 00018000 fc:03 21631365                   /lib/x86_64-linux-gnu/libpthread-2.23.so
7fc5da89e000-7fc5da8a2000 rw-p 00000000 00:00 0
7fc5da8a2000-7fc5da8c3000 r-xp 00000000 fc:03 28577131                   /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7fc5da8c3000-7fc5daac2000 ---p 00021000 fc:03 28577131                   /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7fc5daac2000-7fc5daac3000 r--p 00020000 fc:03 28577131                   /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7fc5daac3000-7fc5daac4000 rw-p 00021000 fc:03 28577131                   /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7fc5daac4000-7fc5daacd000 r-xp 00000000 fc:03 21631385                   /lib/x86_64-linux-gnu/libcrypt-2.23.so
7fc5daacd000-7fc5daccc000 ---p 00009000 fc:03 21631385                   /lib/x86_64-linux-gnu/libcrypt-2.23.so
7fc5daccc000-7fc5daccd000 r--p 00008000 fc:03 21631385                   /lib/x86_64-linux-gnu/libcrypt-2.23.so
7fc5daccd000-7fc5dacce000 rw-p 00009000 fc:03 21631385                   /lib/x86_64-linux-gnu/libcrypt-2.23.so
7fc5dacce000-7fc5dacfc000 rw-p 00000000 00:00 0
7fc5dacfc000-7fc5dacff000 r-xp 00000000 fc:03 21631368                   /lib/x86_64-linux-gnu/libdl-2.23.so
7fc5dacff000-7fc5daefe000 ---p 00003000 fc:03 21631368                   /lib/x86_64-linux-gnu/libdl-2.23.so
7fc5daefe000-7fc5daeff000 r--p 00002000 fc:03 21631368                   /lib/x86_64-linux-gnu/libdl-2.23.so
7fc5daeff000-7fc5daf00000 rw-p 00003000 fc:03 21631368                   /lib/x86_64-linux-gnu/libdl-2.23.so
7fc5daf00000-7fc5daf19000 r-xp 00000000 fc:03 21627502                   /lib/x86_64-linux-gnu/libz.so.1.2.8
7fc5daf19000-7fc5db118000 ---p 00019000 fc:03 21627502                   /lib/x86_64-linux-gnu/libz.so.1.2.8
7fc5db118000-7fc5db119000 r--p 00018000 fc:03 21627502                   /lib/x86_64-linux-gnu/libz.so.1.2.8
7fc5db119000-7fc5db11a000 rw-p 00019000 fc:03 21627502                   /lib/x86_64-linux-gnu/libz.so.1.2.8
7fc5db11a000-7fc5db222000 r-xp 00000000 fc:03 21631362                   /lib/x86_64-linux-gnu/libm-2.23.so
7fc5db222000-7fc5db421000 ---p 00108000 fc:03 21631362                   /lib/x86_64-linux-gnu/libm-2.23.so
7fc5db421000-7fc5db422000 r--p 00107000 fc:03 21631362                   /lib/x86_64-linux-gnu/libm-2.23.so
7fc5db422000-7fc5db423000 rw-p 00108000 fc:03 21631362                   /lib/x86_64-linux-gnu/libm-2.23.so
7fc5db423000-7fc5db63e000 r-xp 00000000 fc:03 21626963                   /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fc5db63e000-7fc5db83d000 ---p 0021b000 fc:03 21626963                   /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fc5db83d000-7fc5db859000 r--p 0021a000 fc:03 21626963                   /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fc5db859000-7fc5db865000 rw-p 00236000 fc:03 21626963                   /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fc5db865000-7fc5db868000 rw-p 00000000 00:00 0
7fc5db868000-7fc5db88e000 r-xp 00000000 fc:03 21631364                   /lib/x86_64-linux-gnu/ld-2.23.so
7fc5db9a6000-7fc5dba80000 rw-p 00000000 00:00 0
7fc5dba8c000-7fc5dba8d000 rw-p 00000000 00:00 0
7fc5dba8d000-7fc5dba8e000 r--p 00025000 fc:03 21631364                   /lib/x86_64-linux-gnu/ld-2.23.so
7fc5dba8e000-7fc5dba8f000 rw-p 00026000 fc:03 21631364                   /lib/x86_64-linux-gnu/ld-2.23.so
7fc5dba8f000-7fc5dba90000 rw-p 00000000 00:00 0
7ffed7929000-7ffed794a000 rw-p 00000000 00:00 0                          [stack]
7ffed797d000-7ffed7980000 r--p 00000000 00:00 0                          [vvar]
7ffed7980000-7ffed7982000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
bofh@dev:/opt/JohnTheRipper-bleeding-jumbo/run$
magnumripper commented 5 years ago

I can't reproduce. Can you get a proper backtrace? Is your binary stripped from debugging symbols?

magnumripper commented 5 years ago

I can reproduce now, will look into it.