Posts: 67
Threads: 12
Joined: Sep 2011
Awesome job, philsmd!!!
Mem5, I would suggest you put in a Trac ticket with the outfile-format=7 results and philsmd's test cases, since outfile-format=7 should have shown something like the correct:
9a214e678ed4e501d1576326ce84b41c:elec@:656c65634000
7863783c727bc742d503f232f277e327:elec@:656c656340
instead of the clearly incorrect:
9a214e678ed4e501d1576326ce84b41c:elec@:656c656340
7863783c727bc742d503f232f277e327:elec@:656c656340
Posts: 5,185
Threads: 230
Joined: Apr 2010
I agree, nice testing philsmd
Posts: 803
Threads: 135
Joined: Feb 2011
04-19-2013, 07:51 AM
(This post was last modified: 04-19-2013, 07:51 AM by Mem5.)
Ok, I'll open a TRAC. Thank you for your help.
Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
Posts: 5,185
Threads: 230
Joined: Apr 2010
No, you can not. But I've seen lots of hashlist examples where admins salting hashes with 0-bytes.
Posts: 67
Threads: 12
Joined: Sep 2011
(04-19-2013, 07:51 AM)Mem5 Wrote: Ok, I'll open a TRAC. Thank you for your help.
Curious question : how can somebody login into a system using a password with the null byte character ? As it is not printable.. ?!
Easy - just as an application can salt using any set of byte the programer likes, client applications can login using whatever set of byte values they care to send to the server application. Not all hashes come from data a human puts in via a keyboard at time of login!
Alternately, systems like Truecrypt and KeePass can use the contents of a binary file to generate a hash or part of a hash. Perhaps some other applications allow file-based entry.
I don't know enough about widgets like the Yubikey to know if it can do anything like that or not.
Posts: 2,267
Threads: 16
Joined: Feb 2013
Trac ticket and further discussion about possible solutions are located here:
https://hashcat.net/trac/ticket/154
