1
mirror of https://github.com/hashcat/hashcat synced 2025-01-07 02:16:23 +01:00

Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256

This commit is contained in:
Jens Steube 2019-10-08 12:33:11 +02:00
parent b197610811
commit a0284b8378
4 changed files with 23 additions and 8 deletions

View File

@ -67,6 +67,7 @@
- Fixed incorrect progress-only result in a special race condition - Fixed incorrect progress-only result in a special race condition
- Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session
- Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character
- Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256
- Fixed maximum password length limit which was announced as 256 but actually was 255 - Fixed maximum password length limit which was announced as 256 but actually was 255
- Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position
- Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter

View File

@ -1390,8 +1390,6 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param)
{ {
get_next_word (hashcat_ctx_tmp, &fp, &line_buf, &line_len); get_next_word (hashcat_ctx_tmp, &fp, &line_buf, &line_len);
line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
// post-process rule engine // post-process rule engine
if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))

View File

@ -125,6 +125,8 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u
{ {
line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE);
line_len = convert_from_hex (hashcat_ctx, line_buf, line_len);
// post-process rule engine // post-process rule engine
if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))
@ -180,8 +182,6 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
get_next_word (hashcat_ctx, fp, &line_buf, &line_len); get_next_word (hashcat_ctx, fp, &line_buf, &line_len);
line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
// post-process rule engine // post-process rule engine
char rule_buf_out[RP_PASSWORD_SIZE]; char rule_buf_out[RP_PASSWORD_SIZE];
@ -250,21 +250,22 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
{ {
get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len); get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len);
line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
// post-process rule engine // post-process rule engine
char rule_buf_out[RP_PASSWORD_SIZE];
if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l)) if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))
{ {
if (line_len >= RP_PASSWORD_SIZE) continue; if (line_len >= RP_PASSWORD_SIZE) continue;
char rule_buf_out[RP_PASSWORD_SIZE];
memset (rule_buf_out, 0, sizeof (rule_buf_out)); memset (rule_buf_out, 0, sizeof (rule_buf_out));
const int rule_len_out = _old_apply_rule (user_options->rule_buf_l, (int) user_options_extra->rule_len_l, line_buf, (int) line_len, rule_buf_out); const int rule_len_out = _old_apply_rule (user_options->rule_buf_l, (int) user_options_extra->rule_len_l, line_buf, (int) line_len, rule_buf_out);
if (rule_len_out < 0) continue; if (rule_len_out < 0) continue;
line_buf = rule_buf_out;
line_len = (u32) rule_len_out;
} }
break; break;
@ -288,6 +289,8 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
{ {
line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE); line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE);
line_len = convert_from_hex (hashcat_ctx, line_buf, line_len);
// post-process rule engine // post-process rule engine
if (run_rule_engine ((int) user_options_extra->rule_len_r, user_options->rule_buf_r)) if (run_rule_engine ((int) user_options_extra->rule_len_r, user_options->rule_buf_r))

View File

@ -187,7 +187,13 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32
wl_data->pos += off; wl_data->pos += off;
// do the on-the-fly hex decode using original buffer
// this is safe as length only decreases in size
len = (u32) convert_from_hex (hashcat_ctx, ptr, len);
// do the on-the-fly encoding // do the on-the-fly encoding
// needs to write into new buffer because size case both decrease and increase
if (wl_data->iconv_enabled == true) if (wl_data->iconv_enabled == true)
{ {
@ -204,6 +210,8 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32
len = HCBUFSIZ_TINY - iconv_sz; len = HCBUFSIZ_TINY - iconv_sz;
} }
// this is only a test for length, not writing into output buffer
if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l)) if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l))
{ {
if (len >= RP_PASSWORD_SIZE) continue; if (len >= RP_PASSWORD_SIZE) continue;
@ -444,6 +452,11 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u
i += off; i += off;
// do the on-the-fly hex decode using original buffer
// this is safe as length only decreases in size
len = (u32) convert_from_hex (hashcat_ctx, ptr, len);
// do the on-the-fly encoding // do the on-the-fly encoding
if (wl_data->iconv_enabled == true) if (wl_data->iconv_enabled == true)