Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 31726 Details for
Bug 51442
app-crypt/johntheripper mega patch ebuild. skey is broken
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
john-1.6-gentoo.patch
john-1.6-gentoo.patch (text/plain), 150.43 KB, created by
Daniel Black (RETIRED)
on 2004-05-19 16:52:09 UTC
(
hide
)
Description:
john-1.6-gentoo.patch
Filename:
MIME Type:
Creator:
Daniel Black (RETIRED)
Created:
2004-05-19 16:52:09 UTC
Size:
150.43 KB
patch
obsolete
>diff -urN john-1.6.orig/debian/CONFIG.mailer john-1.6/debian/CONFIG.mailer >--- john-1.6.orig/debian/CONFIG.mailer 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/CONFIG.mailer 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,59 @@ >+This version of john has two new conffiles for the mailer script: >+ >+/etc/john-mail.conf >+--------------------- >+ >+This is where you define the command used to send messages to users, >+and the shells to be ignored when sending the messages. A working >+example is already installed. >+ >+You can set the shells to be ignored, for example: >+ >+shells=-,/bin/false,/dev/null,/bin/sync,/usr/bin/falselogin >+ >+The default is set to: >+ >+shells=-,/bin/false,/dev/null,/bin/sync >+ >+And you may set the command used to send the message (the message >+will be piped into this command): >+ >+mailcmd=/usr/sbin/sendmail >+ >+That is the default. If you use sendmail, or if your mailer provides >+a "sendmail" executable, you may use the above line. >+ >+And if you want to pass extra arguments to your mailer, set >+mailargs: >+ >+mailargs= ... >+ >+The default is not to define mailargs. >+ >+/etc/john-mail.msg >+------------------ >+ >+This is the message template to be sent to the user. In the message, >+the strings @LOGIN and @HOSTNAME will be substituted for the user's >+login and the host name. >+ >+If you use sendmail as mail command, you may include the headers >+at the top of the template message, like this: >+ >+ >+============================================================= >+Subject: Gotcha! >+Cc: root >+ >+Just cracked your password for account @LOGIN at @HOSTNAME. >+Please change it. >+ >+John the Ripper. >+============================================================= >+ >+You may also use some binary of yours as the mail command; then it >+will be called, and the template (with the variables already >+substituted) will be piped into it. This may be useful if you want >+to use complex logging (using a DBMS, for example), or if you >+want to automatically run scripts (that block the account, >+perhaps?) >diff -urN john-1.6.orig/debian/changelog john-1.6/debian/changelog >--- john-1.6.orig/debian/changelog 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/changelog 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,126 @@ >+john (1.6-17) unstable; urgency=low >+ >+ * Rewording of comments in config file. (Closes: #115556) >+ (Thanks to Martin F Krafft) >+ * Included hack to remove cronjob if needed. (Closes: #114835,#117034) >+ >+ -- Christian Kurz <shorty@debian.org> Sun, 14 Oct 2001 20:14:42 +0200 >+ >+john (1.6-16) unstable; urgency=low >+ >+ * Integrated patch from Damyan Ivanov to fix unquoted sed >+ expressions. (Closes: #113557) >+ >+ -- Christian Kurz <shorty@debian.org> Wed, 26 Sep 2001 12:57:53 +0200 >+ >+john (1.6-15) unstable; urgency=low >+ >+ * Fixed typo in debconf templates. (Closes: #112058,#113166) >+ * Should fix another problem with the lock-file. (Closes: #113332) >+ >+ -- Christian Kurz <shorty@debian.org> Wed, 12 Sep 2001 16:08:30 +0200 >+ >+john (1.6-14) unstable; urgency=low >+ >+ * Added german debconf translation from Sebastian Feltel. >+ (Closes: #109980) >+ * Fixed two typos in the john.1 manpage, noted by Stephen Frost. >+ * Applied patch from Daniel Kobras to fix two oversights in the >+ cronjob script. (Closes: #110272) >+ * Applied patch from Jeronimo Pellegrini to fix some small problems >+ in the scripts. (Closes: #110957) >+ >+ -- Christian Kurz <shorty@debian.org> Sat, 25 Aug 2001 09:09:18 +0200 >+ >+john (1.6-13) unstable; urgency=low >+ >+ * We'll gzip the example file, which is about 12k. But the other files >+ which are just 2-6k will be stay uncompressed, until some very good >+ reasons are presented to convince me. (Closes: #96650) >+ * Integration of Patch from Jeronimo Pellegrini to support the >+ installation and deinstallation of a cronjob. (Closes: #101970) >+ >+ -- Christian Kurz <shorty@debian.org> Thu, 12 Jul 2001 22:55:09 +0200 >+ >+john (1.6-12) unstable; urgency=low >+ >+ * Now we finally added manpages for john which have been written by >+ Jordi Mallach and Jeronimo Pellegrini. (Closes: #62498) >+ * Applied a patch from Jeronimo Pellegrini to make the mailer script >+ more configurable. (Closes: #101968) >+ >+ -- Christian Kurz <shorty@debian.org> Sun, 20 May 2001 10:18:56 +0200 >+ >+john (1.6-11) unstable; urgency=low >+ >+ * Fixed Symlinks for $ARCHITECURE != i386. (Closes: #92280) >+ >+ -- Christian Kurz <shorty@debian.org> Sat, 31 Mar 2001 18:34:42 +0200 >+ >+john (1.6-10) unstable; urgency=low >+ >+ * Fixed the symlinks, since we didn't notice that we broke them with >+ the 1.6-8 release. Now, it should work fine again. (Closes: #91824) >+ >+ -- Christian Kurz <shorty@debian.org> Wed, 28 Mar 2001 08:22:18 +0200 >+ >+john (1.6-9) unstable; urgency=low >+ >+ * Fixed the name of the override file for john and also it' >+ location. (Closes: #81218) >+ >+ -- Christian Kurz <shorty@debian.org> Sun, 25 Mar 2001 00:30:33 +0100 >+ >+john (1.6-8) unstable; urgency=low >+ >+ * Fixed the startup script for john to correctly use bash. >+ >+ -- Christian Kurz <shorty@debian.org> Thu, 1 Mar 2001 20:00:13 +0100 >+ >+john (1.6-7) unstable; urgency=low >+ >+ * Fixed a typo to build john also on Alpha (Closes: #83696) >+ >+ -- Christian Kurz <shorty@debian.org> Sat, 27 Jan 2001 09:13:13 +0100 >+ >+john (1.6-6) unstable; urgency=low >+ >+ * Added sparc-fix from Solar Designer (Closes: #81756). >+ * Changed rules file to build two different versions of john, one with >+ mmx extensions, and one without. >+ * Added wrapper script to start john. >+ >+ -- Christian Kurz <shorty@debian.org> Fri, 12 Jan 2001 22:31:05 +0100 >+ >+john (1.6-5) unstable; urgency=low >+ >+ * Moved overrides file to correct location (Closes: 81218). >+ * Added 3 lines to overrides file for the symlinks. >+ >+ -- Christian Kurz <shorty@debian.org> Thu, 4 Jan 2001 20:51:32 +0100 >+ >+john (1.6-4) unstable; urgency=low >+ >+ * Hopefully I fixed now the logfile-path-bug. >+ >+ -- Christian Kurz <shorty@debian.org> Fri, 8 Dec 2000 22:26:26 +0100 >+ >+john (1.6-3) unstable; urgency=low >+ >+ * Fixed pre-rm to allow removal of package (Closes: 74091). >+ >+ -- Christian Kurz <shorty@debian.org> Thu, 5 Oct 2000 21:55:51 +0200 >+ >+john (1.6-2) unstable; urgency=low >+ >+ * Changed debian/rules to be faster and more portable. >+ * Fixed prerm-script to run only on purges. >+ * Fixed some pathes to better defaults. >+ >+ -- Christian Kurz <shorty@getuid.com> Mon, 15 May 2000 19:37:07 +0200 >+ >+john (1.6-1) unstable; urgency=low >+ >+ * First Debian release. >+ >+ -- Christian Kurz <shorty@debian.org> Sat, 1 Apr 2000 12:23:57 +0200 >diff -urN john-1.6.orig/debian/conffiles john-1.6/debian/conffiles >--- john-1.6.orig/debian/conffiles 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/conffiles 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,3 @@ >+/etc/john.ini >+/etc/john-mail.conf >+/etc/john-mail.msg >diff -urN john-1.6.orig/debian/config john-1.6/debian/config >--- john-1.6.orig/debian/config 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/config 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,5 @@ >+#!/bin/sh -e >+ >+. /usr/share/debconf/confmodule >+db_input medium john/cronjob || true >+db_go >diff -urN john-1.6.orig/debian/control john-1.6/debian/control >--- john-1.6.orig/debian/control 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/control 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,15 @@ >+Source: john >+Section: admin >+Priority: optional >+Maintainer: Christian Kurz <shorty@debian.org> >+Origin: debian >+Bugs: debbugs://bugs.debian.org >+Standards-Version: 3.5.6 >+ >+Package: john >+Architecture: i386 alpha sparc >+Depends: ${shlibs:Depends} >+Description: An active password cracking tool >+ john, normally called john the ripper, is a tool to find >+ weak passwords of your users, and even mail them automatically >+ if you want. >diff -urN john-1.6.orig/debian/copyright john-1.6/debian/copyright >--- john-1.6.orig/debian/copyright 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/copyright 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,26 @@ >+This is a Debian prepackaged version of john the ripper. The package has >+been created by Christian Kurz <shorty@debian.org>. >+ >+Source code was obtained from: >+ http://www.openwall.com/john/ >+ >+The following copyright applies to this package: >+ >+ Copyright (c) 2000 Solar Designer <solar@false.com>. >+ All rights reserved. >+ >+ This program is free software; you can redistribute it and/or modify it >+ under the terms of the GNU General Public License as published by the Free >+ Software Foundation; either version 2 of the License, or (at your option) >+ any later version. >+ >+ This program is distributed in the hope that it will be useful, but WITHOUT >+ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or >+ FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for >+ more details. >+ >+ You should have received a copy of the GNU General Public License along >+ with this program; if not, write to the Free Software Foundation, Inc., >+ 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. >+ >+ A complete version of the GPL can be found in /usr/share/common-licenses/GPL. >diff -urN john-1.6.orig/debian/john john-1.6/debian/john >--- john-1.6.orig/debian/john 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,12 @@ >+#!/bin/bash -e >+ >+if [ -d /proc ]; then >+ if grep -q '^flags.* mmx' /proc/cpuinfo; then >+ exec -a john /usr/sbin/john-mmx $* >+ else >+ exec -a john /usr/sbin/john-any $* >+ fi >+else >+ echo "Proc File System not available. Can't run john." >+fi >+exit 0 >diff -urN john-1.6.orig/debian/john-cronjob john-1.6/debian/john-cronjob >--- john-1.6.orig/debian/john-cronjob 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john-cronjob 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,28 @@ >+#!/bin/sh >+ >+usage() { >+ echo "Usage: john-cronjob [ install | remove ]" >+} >+ >+if [ $# -ne 1 ];then >+ usage >+ exit 0 >+fi >+ >+case "$1" in >+ remove) >+ if [ -f /etc/cron.daily/john -a ! -L /etc/cron.daily/john ]; then >+ rm /etc/cron.daily/john >+ fi >+ ;; >+ install) >+ if [ ! -e /etc/cron.daily/john -a ! -L /etc/cron.daily/john ]; then >+ cp /usr/share/john/john-dailyscript /etc/cron.daily/john >+ chmod u+x,og-rwx /etc/cron.daily/john >+ fi >+ ;; >+ *) >+ usage >+ exit 0 >+ ;; >+esac >diff -urN john-1.6.orig/debian/john-cronjob.1 john-1.6/debian/john-cronjob.1 >--- john-1.6.orig/debian/john-cronjob.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john-cronjob.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,43 @@ >+\" Hey, EMACS: -*- nroff -*- >+\" >+.\" john.1 is copyright 1999-2001 by >+.\" Jeronimo Pellegrini <pellegrini@mpcnet.com.br> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH JOHN-CRONJOB 1 "August 21, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+john-cronjob \- installs or removes the john cronjob >+.SH SYNOPSIS >+.B john-cronjob >+install | remove >+.SH DESCRIPTION >+This manual page describes the john-cronjob script, an add-on to the john >+package. \fBjohn-cronjob\fP is used to install or remove a cronjob that will >+run automatically every day, trying to crack passwords (a script will be >+placed >+under \fI/etc/cron.daily\fP). When the script is called, it will check if an >+instance of john is already running. If not, it will start a new \fBjohn\fP(1) >+process, and then run the \fBmailer\fP(1) script. >+.br >+When installing or removing the cronjob, this script will never touch a >+symlink. >+.SH SEE ALSO >+.BR mailer (1), >+.BR john (1), >+.BR unafs (1), >+.BR unique (1), >+.BR unshadow (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jeronimo Pellegrini >+<pellegrini@mpcnet.com.br>, for the Debian GNU/Linux system (but >+may be used by others). >+.br >+John the Ripper was written by Solar Designer <solar@openwall.com>. >+The complete list of contributors can be found in the CREDITS file >+in the documentation directory. >diff -urN john-1.6.orig/debian/john-dailyscript john-1.6/debian/john-dailyscript >--- john-1.6.orig/debian/john-dailyscript 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john-dailyscript 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,48 @@ >+#!/bin/sh >+# >+# This script runs every day, trying to crack passwords, and then calls >+# mailer to warn the users (and maybe also root) about that. >+ >+JOHNDIR=/usr/sbin >+PASSWD=/etc/passwd >+SHADOW=/etc/shadow >+ >+PASSFILE=`grep -e "[ ]*passfile[ ]*=[ ]*" /etc/john-mail.conf | >+ sed -e "s/#.*//" -e "s/.*=[ ]*//"` >+ >+if [ -z $PASSFILE ]; then >+ mail -s "John cronjob is not configured yet!" root <<EOF >+John was set up to run every day, but it needs you to specify a >+temporary file, with a "passfile=" line in /etc/john-mail.conf. >+ >+Thank you, >+ >+John the Ripper, an automated password cracking tool. >+EOF >+ exit 0 >+fi >+ >+TMPFILE=`mktemp $PASSFILE.XXXXXX` || exit 1 >+ >+chmod og-rwx $TMPFILE >+ >+ >+if [ -f $SHADOW ]; then >+ $JOHNDIR/unshadow $PASSWD $SHADOW >> $TMPFILE >+else >+ cat $PASSWD >> $TMPFILE >+fi >+ >+ >+if [ ! -f /var/lock/john ]; then >+ touch /var/lock/john >+ $JOHNDIR/john -single $TMPFILE >+ rm -f /var/lock/john >+ $JOHNDIR/mailer $TMPFILE >+ rm -f $TMPFILE >+else >+ mail -s "John is running" root <<EOF >+John is running at $HOSTNAME -- either the cronjob lasted too long, >+or someone else is running john. >+EOF >+fi >diff -urN john-1.6.orig/debian/john-mail.conf john-1.6/debian/john-mail.conf >--- john-1.6.orig/debian/john-mail.conf 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john-mail.conf 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,21 @@ >+# Sample configuration file for john. >+# >+ >+# These are the shells that should be ignored by john. If you >+# install falselogin, for example, you may want to add it to >+# the list. >+shells=-,/bin/false,/dev/null,/bin/sync >+ >+# This is the mail command. You may actually use any program >+# here; the message in /etc/john.msg will be piped into it, >+# with the login name and host name substituted. >+# You may want to use a program to log information about >+# weak passwords (but that means sensitive information would be >+# kept somewhere - be careful!) >+mailcmd=/usr/sbin/sendmail >+ >+# This is the passfile, which defines a temporary file that contains >+# the content of /etc/passwd and /etc/shadow while the cronjob is run. >+# Since this file contains sensible data, no default is provided and >+# you need to specify a file name to be used." >+# passfile= >diff -urN john-1.6.orig/debian/john-mail.msg john-1.6/debian/john-mail.msg >--- john-1.6.orig/debian/john-mail.msg 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john-mail.msg 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,8 @@ >+Subject: Bad password! >+ >+Hello! >+ >+Your password for account @LOGIN at host @HOSTNAME is too easy! >+Please change it as soon as possible. >+ >+John the Ripper, an automated password cracker. >diff -urN john-1.6.orig/debian/john.1 john-1.6/debian/john.1 >--- john-1.6.orig/debian/john.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/john.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,204 @@ >+.\" Hey, EMACS: -*- nroff -*- >+.\" >+.\" john.1 is copyright 1999-2001 by >+.\" Jordi Mallach <jordi@debian.org> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH JOHN 1 "June 25, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+john \- a tool to find weak passwords of your users >+.SH SYNOPSIS >+.B john >+.RI [ options ] " password-files" >+.SH DESCRIPTION >+This manual page documents briefly the >+.B john >+command. >+This manual page was written for the Debian GNU/Linux distribution >+because the original program does not have a manual page. >+\fBjohn\fP, better known as John the Ripper, is a tool to find weak >+passwords of users in a server. John can use a dictionary or some search >+pattern as well as a password file to check for passwords. John supports >+different cracking modes and understands many ciphertext formats, like >+several DES variants, MD5 and blowfish. It can also be used to extract AFS >+and Windows NT passwords. >+.SH USAGE >+To use John, you just need to supply it a password file and the desired >+options. If no mode is specified, john will try "single" first, then >+"wordlist" and finally "incremental". >+.P >+Once John finds a password, it will be printed to the terminal and saved >+into a file called ~/john.pot. John will read this file when it restarts >+so it doesn't try to crack already done passwords. >+.P >+To see the cracked passwords, use >+.P >+john -show passwd >+.P >+While cracking, you can press any key for status, or Ctrl+C to abort the >+session, saving point information to a file ( >+.I ~/restore >+by default). By the >+way, if you press Ctrl+C twice John will abort immediately without saving. >+The point information is also saved every 10 minutes (configurable in the >+configuration file, >+.I ~/john.ini >+) in case of a crash. >+.P >+To continue an interrupted session, run: >+.P >+john -restore >+.P >+Now, you may notice that many accounts have a disabled shell, you can make >+John ignore these (assume that shell is called ' >+.I /etc/expired >+'): >+.P >+john -show -shells:-/etc/expired passwd >+.P >+You might want to mail all the users who got weak passwords, >+to tell them to change the passwords. It's not always a good idea though >+(unfortunately, lots of people seem to ignore such mail, it can be used >+as a hint for crackers, etc), but anyway, I'll assume you know what you're >+doing. Get a copy of the 'mailer' script supplied with John, so you won't >+change anything that's under >+.I /usr/bin >+; edit the message it sends, and >+possibly the mail command inside it (especially if the password file is >+from a different box than you got John running on). >+Then run: >+.P >+ ./mailer passwd >+.P >+Anyway, you probably should have a look at >+.I /usr/share/doc/john/OPTIONS >+for a list of all the command line options, and at >+.I /usr/share/doc/john/EXAMPLES >+for more John usage examples with other cracking modes. >+.SH OPTIONS >+All the options recognized by john start with a single dash (`-'). >+A summary of options is included below. >+.TP >+.B \-external:MODE >+Enables an external mode, using external functions defined in ~/john.ini's >+[List.External:MODE] section. >+.TP >+.B \-format:NAME >+Allows you to override the ciphertext format detection. Currently, valid >+format names are DES, BSDI, MD5, BF, AFS, LM. You can use this option when >+cracking or with '-test'. Note that John can't crack password files with >+different ciphertext formats at the same time. >+.TP >+.B \-groups:[-]GID[,..] >+Tells John to load users of the specified group(s) only. >+.TP >+.B \-incremental[:MODE] >+Enables the incremental mode, using the specified ~/john.ini definition >+(section [Incremental:MODE], or [Incremental:All] by default). >+.TP >+.B \-makechars:FILE >+Generates a charset file, based on character frequencies from ~/john.pot, >+for use with the incremental mode. The entire ~/john.pot will be used for >+the charset file unless you specify some password files. You can also use >+an external filter() routine with this option. >+.TP >+.B \-restore[:FILE] >+Continues an interrupted cracking session, reading point information from >+the specified file (~/restore by default). >+.TP >+.B \-rules >+Enables wordlist rules, that are read from [List.Rules:Wordlist]. >+.TP >+.B \-salts:[-]COUNT >+This feature sometimes allows to achieve better performance. For example >+you can crack only some salts using '-salts:2' faster, and then crack the >+rest using '-salts:-2'. Total cracking time will be about the same, but >+you will get some passwords cracked earlier. >+.TP >+.B \-savemem:LEVEL >+You might need this option if you don't have enough memory, or don't want >+John to affect other processes too much. Level 1 tells John not to waste >+memory on login names, so you won't see them while cracking. Higher levels >+have a performance impact: you should probably avoid using them unless John >+doesn't work or gets into swap otherwise. >+.TP >+.B \-session:FILE >+Allows you to specify another point information file's name to use for >+this cracking session. This is useful for running multiple instances of >+John in parallel, or just to be able to recover an older session later, >+not always continue the latest one. >+.TP >+.B \-shells:[-]SHELL[,..] >+This option is useful to load accounts with a valid shell only, or not to >+load accounts with a bad shell. You can omit the path before a shell name, >+so '-shells:csh' will match both '/bin/csh' and '/usr/bin/csh', while >+'-shells:/bin/csh' will only match '/bin/csh'. >+.TP >+.B \-show >+Shows the cracked passwords in a convenient form. You should also specify >+the password files. You can use this option while another John is cracking, >+to see what it did so far. >+.TP >+.B \-single >+Enables the "single crack" mode, using rules from [List.Rules:Single]. >+.TP >+.B \-status[:FILE] >+Prints status of an interrupted or running session. To get an up to date >+status information of a detached running session, send that copy of John >+a SIGHUP before using this option. >+.TP >+.B \-stdin >+These are used to enable the wordlist mode (reading from stdin). >+.TP >+.B \-stdout[:LENGTH] >+When used with a cracking mode, except for "single crack", makes John >+print the words it generates to stdout instead of cracking. While applying >+wordlist rules, the significant password length is assumed to be LENGTH, >+or unlimited by default. >+.TP >+.B \-test >+Benchmarks all the enabled ciphertext format crackers, and tests them for >+correct operation at the same time. >+.TP >+.B \-users:[-]LOGIN|UID[,..] >+Allows you to filter a few accounts for cracking, etc. A dash before the >+list can be used to invert the check (that is, load all the users that >+aren't listed). >+.TP >+.B \-wordfile:FILE >+These are used to enable the wordlist mode, reading words from FILE. >+.SH MODES >+John can work in the following modes: >+.TP >+\fBWordlist\fP >+John will simply use a file with a list of words that will be checked >+against the passwords. See RULES for the format of wordlist files. >+.TP >+\fBSingle crack\fP >+In this mode, john will try to crack the password using the login/GECOS >+information as passwords. >+.TP >+\fBIncremental\fP >+This is the most powerful mode. John will try any character combination >+to resolve the password. >+Details about these modes can be found in the MODES file in john's >+documentation, including how to define your own cracking methods. >+.SH SEE ALSO >+.BR mailer (1), >+.BR unafs (1), >+.BR unique (1), >+.BR unshadow (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jordi Mallach <jordi@debian.org> >+and Jeronimo Pellegrini <pellegrini@mpcnet.com.br>, for the >+Debian GNU/Linux system (but may be used by others). >+.br >+John the Ripper was written by Solar Designer <solar@openwall.com>. >+The complete list of contributors can be found in the CREDITS file >+in the documentation directory. >diff -urN john-1.6.orig/debian/mailer john-1.6/debian/mailer >--- john-1.6.orig/debian/mailer 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/mailer 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,50 @@ >+#!/bin/sh >+# >+# This file is part of John the Ripper password cracker, >+# Copyright (c) 1996-98 by Solar Designer >+# >+ >+if [ $# -ne 1 ]; then >+ echo "Usage: $0 PASSWORD-FILE" >+ exit 0 >+fi >+ >+if [ ! -f /etc/john-mail.conf ]; then >+ echo "Couldn't find /etc/john-mail.conf -- stopping!" >+ exit 0 >+fi >+ >+if [ ! -f /etc/john-mail.msg ]; then >+ echo "Couldn't find /etc/john-mail.msg -- stopping!" >+ exit 0 >+fi >+ >+# In Debian, john should be in /usr/sbin. "john" binaries in other >+# locations should not be used. >+JOHNDIR=/usr/sbin >+ >+# Let's get stuff from conf file: >+SHELLS=`grep -e "shells[ ]*=[ ]*" /etc/john-mail.conf | sed "s/.*=[ ]*//"` >+MAILCMD=`grep -e "mailcmd[ ]*=[ ]*" /etc/john-mail.conf | sed "s/.*=[ ]*//"` >+MAILARGS=`grep -e "mailargs[ ]*=[ ]*" /etc/john-mail.conf | sed "s/.*=[ ]*//"` >+ >+# Let's start >+$JOHNDIR/john -show "$1" -shells:$SHELLS | sed -n 's/:.*//p' | >+( >+ SENT=0 >+ >+ while read LOGIN; do >+ echo Sending mail to "$LOGIN"... >+ >+# Sends a message to each user; a template is in /etc/john.msg >+# Subject, Reply-to, and other header lines should be put >+# at the top of that file. >+ sed -e 's/@LOGIN/'$LOGIN'/g' \ >+ -e 's/@HOSTNAME/'$HOSTNAME'/g' /etc/john-mail.msg | >+ $MAILCMD $MAILARGS $LOGIN >+ >+ SENT=$(($SENT+1)) >+ done >+ >+ echo $SENT messages sent >+) >diff -urN john-1.6.orig/debian/mailer.1 john-1.6/debian/mailer.1 >--- john-1.6.orig/debian/mailer.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/mailer.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,45 @@ >+.\" Hey, EMACS: -*- nroff -*- >+.\" >+.\" mailer.1 is copyright 1999-2001 by >+.\" Jordi Mallach <jordi@debian.org> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH MAILER 1 "May 19, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+mailer \- script to warn users about their week passwords >+.SH SYNOPSIS >+.B mailer >+\fIpassword-files\fP >+.SH DESCRIPTION >+This manual page documents briefly the >+.B mailer >+command, which is part of the john package. >+This manual page was written for the Debian GNU/Linux distribution >+because the original program does not have a manual page. >+\fBjohn\fP, better known as John the Ripper, is a tool to find weak >+passwords of users in a server. >+.br >+The \fBmailer\fP tool is useful to inform users which have been found to >+be using weak passwords by mail. >+.P >+You should edit the message mailer will send to the users, but remember to >+copy the script to a safe place before editing it, as it's >+generally a bad idea to modify things living in /usr. >+.SH SEE ALSO >+.BR john (1), >+.BR unafs (1), >+.BR unique (1), >+.BR unshadow (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jordi Mallach <jordi@debian.org>, >+for the Debian GNU/Linux system (but may be used by others). >+.br >+John the Ripper and mailer were written by Solar Designer >+<solar@openwall.com>. The complete list of contributors can be found in >+the CREDITS file in the documentation directory. >diff -urN john-1.6.orig/debian/overrides.Lintian john-1.6/debian/overrides.Lintian >--- john-1.6.orig/debian/overrides.Lintian 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/overrides.Lintian 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,4 @@ >+john: interpreter-not-absolute ./usr/share/john/password.lst #!comment: >+john: script-not-executable ./usr/share/john/password.lst >+john: unusual-interpreter ./usr/share/john/password.lst #!comment: >+john: missing-debconf-dependency >diff -urN john-1.6.orig/debian/postinst john-1.6/debian/postinst >--- john-1.6.orig/debian/postinst 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/postinst 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,37 @@ >+#!/bin/sh -e >+if [ "$1" = "configure" ]; then >+ if [ -d /usr/doc -a ! -e /usr/doc/john -a -d /usr/share/doc/john ]; then >+ ln -sf ../share/doc/john /usr/doc/john >+ fi >+fi >+ >+if [ -f /usr/share/debconf/confmodule ]; then >+ . /usr/share/debconf/confmodule >+ >+ db_get john/cronjob ; INSTCRON="$RET" >+ if [ "$INSTCRON" = "true" ]; then >+ john-cronjob install >+ else >+ john-cronjob remove >+ fi >+else >+ cat <<%END% >+ I can install a cronjob for you that will run periodically, trying >+ to crack passwords, and then mail users with weak passwords. >+ You will have to configure the path and name of the temporary >+ file in /etc/john-mailer.conf. >+ . >+ If you decide not to install now, you can always run >+ "john.cron install" to install it if you change your mind. >+ >+Should I install the cronjob? >+%END% >+ read a >+ case "$a" in >+ [yY]*) >+ john-cronjob install >+ ;; >+ [nN]*) >+ john-cronjob remove >+ esac >+fi >diff -urN john-1.6.orig/debian/postrm john-1.6/debian/postrm >--- john-1.6.orig/debian/postrm 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/postrm 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,6 @@ >+#!/bin/sh >+ >+if [ "$1" = purge -a -e /usr/share/debconf/confmodule ]; then >+ . /usr/share/debconf/confmodule >+ db_purge >+fi >diff -urN john-1.6.orig/debian/prerm john-1.6/debian/prerm >--- john-1.6.orig/debian/prerm 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/prerm 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,14 @@ >+#!/bin/sh >+ >+# Remove runtime file when purging john. >+ >+[ "$1" = "remove" ] && rm -f /usr/share/john/restore >+ >+if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/john ]; then >+ rm -f /usr/doc/john >+fi >+ >+# Check if a cronjob was installed and if yes, remove it. >+if [ -f /etc/cron.daily/john ]; then >+ /usr/sbin/john-cronjob remove >+fi >diff -urN john-1.6.orig/debian/rules john-1.6/debian/rules >--- john-1.6.orig/debian/rules 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/rules 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,126 @@ >+#!/usr/bin/make -f >+ >+PACKAGE := john >+TARGET:=$(shell dpkg --print-architecture | sed 's/i386/linux-x86-any-elf/;s/alpha/linux-alpha/;s/sparc/linux-sparc/') >+ARCHITECURE:=$(shell dpkg --print-architecture) >+ >+build: build-stamp >+build-stamp: >+ test -e debian/control >+ifeq ($(ARCHITECURE),i386) >+ cd $(CURDIR)/src && make $(TARGET) >+ mv run/john run/john-any >+ cd $(CURDIR)/src && make clean >+ cd $(CURDIR)/src && make linux-x86-mmx-elf >+ mv run/john run/john-mmx >+else >+ cd $(CURDIR)/src && make $(TARGET) >+endif >+ touch build-stamp >+ >+clean: >+ test -e debian/control >+ test 0 = "`id -u`" || (echo need root privileges; exit 1) >+ rm -f build-stamp install-stamp >+ -$(MAKE) clean >+ rm -rf debian/substvars debian/files debian/tmp >+ >+# Build architecture-independent files here. >+binary-indep: build >+# We have nothing to do by default. >+ >+# Build architecture-dependent files here. >+binary-arch: build debian/control >+ test -e debian/control >+ test 0 = "`id -u`" || (echo need root privileges; exit 1) >+ rm -rf debian/substvars debian/tmp >+ install -d --mode=0755 debian/tmp >+ install -d --mode=0755 "debian/tmp/usr/share/doc/$(PACKAGE)" >+ install -d --mode=0755 "debian/tmp/usr/share/man/man1" >+ install -d --mode=0755 "debian/tmp/usr/share/lintian/overrides" >+ install -d --mode=0755 "debian/tmp/usr/share/$(PACKAGE)" >+ install -d --mode=0755 "debian/tmp/usr/sbin" >+ install -d --mode=0755 "debian/tmp/etc" >+ install -m 644 run/john.ini debian/tmp/etc >+ install -m 644 run/all.chr debian/tmp/usr/share/john >+ install -m 644 run/alpha.chr debian/tmp/usr/share/john >+ install -m 644 run/digits.chr debian/tmp/usr/share/john >+ install -m 644 run/lanman.chr debian/tmp/usr/share/john >+ install -m 644 run/password.lst debian/tmp/usr/share/john >+ >+ # Extra Stuff that should be removed after the next >+ # upstream release of john the ripper >+ install -m 644 debian/john-mail.msg debian/tmp/etc >+ install -m 644 debian/john-mail.conf debian/tmp/etc >+ install -m 644 debian/CONFIG.mailer debian/tmp/usr/share/doc/$(PACKAGE) >+ install -m 755 debian/mailer debian/tmp/usr/sbin >+ install -m 755 debian/john-cronjob debian/tmp/usr/sbin >+ install -m 755 debian/john-dailyscript debian/tmp/usr/share/$(PACKAGE) >+ >+ifeq (i386,$(ARCHITECURE)) >+ install -s run/john-any debian/tmp/usr/sbin/john-any >+ install -s run/john-mmx debian/tmp/usr/sbin/john-mmx >+ install -m 755 debian/john debian/tmp/usr/sbin/john >+else >+ install -s run/john debian/tmp/usr/sbin/john >+endif >+ >+ #Commented out, because currently we'll use a special >+ #hacked version. Comment it in after new upstream release. >+ #install run/mailer debian/tmp/usr/sbin >+ >+ifeq (i386,$(ARCHITECURE)) >+ (cd debian/tmp/usr/sbin; ln -s john-any unafs; ln -s john-any unique; \ >+ ln -s john-any unshadow) >+else >+ (cd debian/tmp/usr/sbin; ln -s john unafs; ln -s john unique; \ >+ ln -s john unshadow) >+endif >+ install --mode=0644 debian/overrides.Lintian \ >+ debian/tmp/usr/share/lintian/overrides/john >+ install --mode=0644 debian/copyright \ >+ "debian/tmp/usr/share/doc/$(PACKAGE)" >+ install --mode=0644 doc/CONFIG doc/CREDITS doc/EXAMPLES doc/EXTERNAL doc/README \ >+ "debian/tmp/usr/share/doc/$(PACKAGE)" >+ install --mode=0644 doc/FAQ doc/MODES doc/OPTIONS doc/RULES doc/NEWS \ >+ "debian/tmp/usr/share/doc/$(PACKAGE)" >+ install --mode=0644 debian/changelog \ >+ "debian/tmp/usr/share/doc/$(PACKAGE)/changelog.Debian" >+ mv debian/tmp/usr/share/doc/$(PACKAGE)/NEWS \ >+ debian/tmp/usr/share/doc/$(PACKAGE)/changelog >+ install --mode=0644 debian/john.1 "debian/tmp/usr/share/man/man1" >+ install --mode=0644 debian/mailer.1 "debian/tmp/usr/share/man/man1" >+ install --mode=0644 debian/unafs.1 "debian/tmp/usr/share/man/man1" >+ install --mode=0644 debian/unique.1 "debian/tmp/usr/share/man/man1" >+ install --mode=0644 debian/unshadow.1 "debian/tmp/usr/share/man/man1" >+ install --mode=0644 debian/john-cronjob.1 "debian/tmp/usr/share/man/man1" >+ gzip -9 debian/tmp/usr/share/doc/$(PACKAGE)/changelog >+ gzip -9 debian/tmp/usr/share/doc/$(PACKAGE)/changelog.Debian >+ gzip -9 debian/tmp/usr/share/doc/$(PACKAGE)/EXAMPLES >+ gzip -9 debian/tmp/usr/share/man/man1/john.1 >+ gzip -9 debian/tmp/usr/share/man/man1/mailer.1 >+ gzip -9 debian/tmp/usr/share/man/man1/unafs.1 >+ gzip -9 debian/tmp/usr/share/man/man1/unique.1 >+ gzip -9 debian/tmp/usr/share/man/man1/unshadow.1 >+ gzip -9 debian/tmp/usr/share/man/man1/john-cronjob.1 >+ifeq (i386,$(ARCHITECURE)) >+ strip --remove-section=.comment --remove-section=.note debian/tmp/usr/sbin/john-any >+ strip --remove-section=.comment --remove-section=.note debian/tmp/usr/sbin/john-mmx >+else >+ strip --remove-section=.comment --remove-section=.note debian/tmp/usr/sbin/john >+endif >+ install -d --mode=0755 debian/tmp/DEBIAN >+ install --mode=0755 debian/prerm debian/postinst debian/tmp/DEBIAN >+ install --mode=0644 debian/conffiles debian/tmp/DEBIAN >+ install --mode=0755 debian/config debian/tmp/DEBIAN >+ install --mode=0644 debian/templates debian/tmp/DEBIAN >+ install --mode=0755 debian/postinst debian/tmp/DEBIAN >+ dpkg-shlibdeps debian/tmp/usr/sbin/* >+ dpkg-gencontrol -isp >+ dpkg --build debian/tmp .. >+ >+source diff: >+ @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false >+ >+binary: binary-indep binary-arch >+.PHONY: build clean binary-indep binary-arch binary >diff -urN john-1.6.orig/debian/templates john-1.6/debian/templates >--- john-1.6.orig/debian/templates 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/templates 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,21 @@ >+Template: john/cronjob >+Type: boolean >+Default: false >+Description: Should John run periodically and mail users? >+ I can install a cronjob for you that will run periodically, trying >+ to crack passwords, and then mail users with weak passwords. >+ You will have to configure the path and name of the temporary >+ file in /etc/john-mail.conf. >+ . >+ If you decide not to install now, you can always run >+ "john.cron install" to install it if you change your mind. >+ Should I install the cronjob? >+Description-de: John regelmäßig ausführen und Nutzer anmailen? >+ Es kann ein Cron-Job installiert werden, der John regelmäßig ausführt, >+ und versucht Passwörter zu knacken. Nutzer mit zu einfachen Passwörtern >+ werden dann per eMail darüber informiert. Sie müsssen dazu den Pfad und >+ Namen einer temporären Datei in /etc/john-mail.conf angeben. >+ . >+ Wenn Sie dies jetzt nicht tun möchten, dann können Sie jederzeit >+ "john.cron install" ausführen, um den Cron-Job nachträglich zu >+ installieren >diff -urN john-1.6.orig/debian/unafs.1 john-1.6/debian/unafs.1 >--- john-1.6.orig/debian/unafs.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/unafs.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,40 @@ >+.\" Hey, EMACS: -*- nroff -*- >+.\" >+.\" unafs.1 is copyright 1999-2001 by >+.\" Jordi Mallach <jordi@debian.org> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH UNAFS 1 "May 19, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+unafs \- script to warn users about their week passwords >+.SH SYNOPSIS >+.B unafs >+\fIpassword-files cell-name\fP >+.SH DESCRIPTION >+This manual page documents briefly the >+.B unafs >+command, which is part of the john package. >+This manual page was written for the Debian GNU/Linux distribution >+because the original program does not have a manual page. >+\fBjohn\fP, better known as John the Ripper, is a tool to find weak >+passwords of users in a server. >+.br The \fBunafs\fP tool gets password hashes out of the binary AFS >+database, and produces a file usable by John. >+.SH SEE ALSO >+.BR john (1), >+.BR mailer (1), >+.BR unique (1), >+.BR unshadow (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jordi Mallach <jordi@debian.org>, >+for the Debian GNU/Linux system (but may be used by others). >+.br >+John the Ripper and mailer were written by Solar Designer >+<solar@openwall.com>. The complete list of contributors can be found in >+the CREDITS file in the documentation directory. >diff -urN john-1.6.orig/debian/unique.1 john-1.6/debian/unique.1 >--- john-1.6.orig/debian/unique.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/unique.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,41 @@ >+.\" Hey, EMACS: -*- nroff -*- >+.\" >+.\" unique.1 is copyright 1999-2001 by >+.\" Jordi Mallach <jordi@debian.org> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH UNIQUE 1 "May 19, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+unique \- removes duplicates from a wordlist >+.SH SYNOPSIS >+.B unique >+\fIoutput-file\fP >+.SH DESCRIPTION >+This manual page documents briefly the >+.B unique >+command, which is part of the john package. >+This manual page was written for the Debian GNU/Linux distribution >+because the original program does not have a manual page. >+\fBjohn\fP, better known as John the Ripper, is a tool to find weak >+passwords of users in a server. >+.br The \fBunique\fP tool finds and removes duplicate entries from a >+wordlist (read from stdin), without changing the order. This is important >+to increase the performance of john when using the wordlist method. >+.SH SEE ALSO >+.BR john (1), >+.BR mailer (1), >+.BR unafs (1), >+.BR unshadow (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jordi Mallach <jordi@debian.org>, >+for the Debian GNU/Linux system (but may be used by others). >+.br >+John the Ripper and mailer were written by Solar Designer >+<solar@openwall.com>. The complete list of contributors can be found in >+the CREDITS file in the documentation directory. >diff -urN john-1.6.orig/debian/unshadow.1 john-1.6/debian/unshadow.1 >--- john-1.6.orig/debian/unshadow.1 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/debian/unshadow.1 2004-05-19 07:56:49.000000000 +0930 >@@ -0,0 +1,43 @@ >+.\" Hey, EMACS: -*- nroff -*- >+.\" >+.\" unshadow.1 is copyright 1999-2001 by >+.\" Jordi Mallach <jordi@debian.org> >+.\" This is free documentation, see the latest version of the GNU General >+.\" Public License for copying conditions. There is NO warranty. >+.TH UNSHADOW 1 "May 19, 2001" john >+.\" Please adjust this date whenever revising the manpage. >+.SH NAME >+unshadow \- combines passwd and shadow files >+.SH SYNOPSIS >+.B unshadow >+\fIpassword-file shadow-file\fP >+.SH DESCRIPTION >+This manual page documents briefly the >+.B unshadow >+command, which is part of the john package. >+This manual page was written for the Debian GNU/Linux distribution >+because the original program does not have a manual page. >+\fBjohn\fP, better known as John the Ripper, is a tool to find weak >+passwords of users in a server. >+.br The \fBunshadow\fP tool combines the passwd and shadow files so John can >+use them. You might need this since if you only used your shadow file, the >+GECOS information wouldn't be used by the "single crack" mode, and also you >+wouldn't be able to use the '-shells' option. On a normal system you'll need >+to run unshadow as root to be able to read the shadow file. >+.SH SEE ALSO >+.BR john (1), >+.BR mailer (1), >+.BR unafs (1), >+.BR unique (1), >+.BR john.ini (5) >+.PP >+The programs are documented fully by John's documentation, >+which should be available in \fI/usr/share/doc/john\fP or other >+location, depending on your system. >+.SH AUTHOR >+This manual page was written by Jordi Mallach <jordi@debian.org>, >+for the Debian GNU/Linux system (but may be used by others). >+.br >+John the Ripper and mailer were written by Solar Designer >+<solar@openwall.com>. The complete list of contributors can be found in >+the CREDITS file in the documentation directory. >diff -urN john-1.6.orig/doc/COPYING john-1.6/doc/COPYING >--- john-1.6.orig/doc/COPYING 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/doc/COPYING 2004-05-19 08:16:06.000000000 +0930 >@@ -0,0 +1,342 @@ >+ GNU GENERAL PUBLIC LICENSE >+ Version 2, June 1991 >+ >+ Copyright (C) 1989, 1991 Free Software Foundation, Inc. >+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA >+ Everyone is permitted to copy and distribute verbatim copies >+ of this license document, but changing it is not allowed. >+ >+ Preamble >+ >+ The licenses for most software are designed to take away your >+freedom to share and change it. By contrast, the GNU General Public >+License is intended to guarantee your freedom to share and change free >+software--to make sure the software is free for all its users. This >+General Public License applies to most of the Free Software >+Foundation's software and to any other program whose authors commit to >+using it. (Some other Free Software Foundation software is covered by >+the GNU Library General Public License instead.) You can apply it to >+your programs, too. >+ >+ When we speak of free software, we are referring to freedom, not >+price. Our General Public Licenses are designed to make sure that you >+have the freedom to distribute copies of free software (and charge for >+this service if you wish), that you receive source code or can get it >+if you want it, that you can change the software or use pieces of it >+in new free programs; and that you know you can do these things. >+ >+ To protect your rights, we need to make restrictions that forbid >+anyone to deny you these rights or to ask you to surrender the rights. >+These restrictions translate to certain responsibilities for you if you >+distribute copies of the software, or if you modify it. >+ >+ For example, if you distribute copies of such a program, whether >+gratis or for a fee, you must give the recipients all the rights that >+you have. You must make sure that they, too, receive or can get the >+source code. And you must show them these terms so they know their >+rights. >+ >+ We protect your rights with two steps: (1) copyright the software, and >+(2) offer you this license which gives you legal permission to copy, >+distribute and/or modify the software. >+ >+ Also, for each author's protection and ours, we want to make certain >+that everyone understands that there is no warranty for this free >+software. If the software is modified by someone else and passed on, we >+want its recipients to know that what they have is not the original, so >+that any problems introduced by others will not reflect on the original >+authors' reputations. >+ >+ Finally, any free program is threatened constantly by software >+patents. We wish to avoid the danger that redistributors of a free >+program will individually obtain patent licenses, in effect making the >+program proprietary. To prevent this, we have made it clear that any >+patent must be licensed for everyone's free use or not licensed at all. >+ >+ The precise terms and conditions for copying, distribution and >+modification follow. >+ >+ GNU GENERAL PUBLIC LICENSE >+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION >+ >+ 0. This License applies to any program or other work which contains >+a notice placed by the copyright holder saying it may be distributed >+under the terms of this General Public License. The "Program", below, >+refers to any such program or work, and a "work based on the Program" >+means either the Program or any derivative work under copyright law: >+that is to say, a work containing the Program or a portion of it, >+either verbatim or with modifications and/or translated into another >+language. (Hereinafter, translation is included without limitation in >+the term "modification".) Each licensee is addressed as "you". >+ >+Activities other than copying, distribution and modification are not >+covered by this License; they are outside its scope. The act of >+running the Program is not restricted, and the output from the Program >+is covered only if its contents constitute a work based on the >+Program (independent of having been made by running the Program). >+Whether that is true depends on what the Program does. >+ >+ 1. You may copy and distribute verbatim copies of the Program's >+source code as you receive it, in any medium, provided that you >+conspicuously and appropriately publish on each copy an appropriate >+copyright notice and disclaimer of warranty; keep intact all the >+notices that refer to this License and to the absence of any warranty; >+and give any other recipients of the Program a copy of this License >+along with the Program. >+ >+You may charge a fee for the physical act of transferring a copy, and >+you may at your option offer warranty protection in exchange for a fee. >+ >+ 2. You may modify your copy or copies of the Program or any portion >+of it, thus forming a work based on the Program, and copy and >+distribute such modifications or work under the terms of Section 1 >+above, provided that you also meet all of these conditions: >+ >+ a) You must cause the modified files to carry prominent notices >+ stating that you changed the files and the date of any change. >+ >+ b) You must cause any work that you distribute or publish, that in >+ whole or in part contains or is derived from the Program or any >+ part thereof, to be licensed as a whole at no charge to all third >+ parties under the terms of this License. >+ >+ c) If the modified program normally reads commands interactively >+ when run, you must cause it, when started running for such >+ interactive use in the most ordinary way, to print or display an >+ announcement including an appropriate copyright notice and a >+ notice that there is no warranty (or else, saying that you provide >+ a warranty) and that users may redistribute the program under >+ these conditions, and telling the user how to view a copy of this >+ License. (Exception: if the Program itself is interactive but >+ does not normally print such an announcement, your work based on >+ the Program is not required to print an announcement.) >+ >+These requirements apply to the modified work as a whole. If >+identifiable sections of that work are not derived from the Program, >+and can be reasonably considered independent and separate works in >+themselves, then this License, and its terms, do not apply to those >+sections when you distribute them as separate works. But when you >+distribute the same sections as part of a whole which is a work based >+on the Program, the distribution of the whole must be on the terms of >+this License, whose permissions for other licensees extend to the >+entire whole, and thus to each and every part regardless of who wrote it. >+ >+Thus, it is not the intent of this section to claim rights or contest >+your rights to work written entirely by you; rather, the intent is to >+exercise the right to control the distribution of derivative or >+collective works based on the Program. >+ >+In addition, mere aggregation of another work not based on the Program >+with the Program (or with a work based on the Program) on a volume of >+a storage or distribution medium does not bring the other work under >+the scope of this License. >+ >+ 3. You may copy and distribute the Program (or a work based on it, >+under Section 2) in object code or executable form under the terms of >+Sections 1 and 2 above provided that you also do one of the following: >+ >+ a) Accompany it with the complete corresponding machine-readable >+ source code, which must be distributed under the terms of Sections >+ 1 and 2 above on a medium customarily used for software interchange; or, >+ >+ b) Accompany it with a written offer, valid for at least three >+ years, to give any third party, for a charge no more than your >+ cost of physically performing source distribution, a complete >+ machine-readable copy of the corresponding source code, to be >+ distributed under the terms of Sections 1 and 2 above on a medium >+ customarily used for software interchange; or, >+ >+ c) Accompany it with the information you received as to the offer >+ to distribute corresponding source code. (This alternative is >+ allowed only for noncommercial distribution and only if you >+ received the program in object code or executable form with such >+ an offer, in accord with Subsection b above.) >+ >+The source code for a work means the preferred form of the work for >+making modifications to it. For an executable work, complete source >+code means all the source code for all modules it contains, plus any >+associated interface definition files, plus the scripts used to >+control compilation and installation of the executable. However, as a >+special exception, the source code distributed need not include >+anything that is normally distributed (in either source or binary >+form) with the major components (compiler, kernel, and so on) of the >+operating system on which the executable runs, unless that component >+itself accompanies the executable. >+ >+If distribution of executable or object code is made by offering >+access to copy from a designated place, then offering equivalent >+access to copy the source code from the same place counts as >+distribution of the source code, even though third parties are not >+compelled to copy the source along with the object code. >+ >+ 4. You may not copy, modify, sublicense, or distribute the Program >+except as expressly provided under this License. Any attempt >+otherwise to copy, modify, sublicense or distribute the Program is >+void, and will automatically terminate your rights under this License. >+However, parties who have received copies, or rights, from you under >+this License will not have their licenses terminated so long as such >+parties remain in full compliance. >+ >+ 5. You are not required to accept this License, since you have not >+signed it. However, nothing else grants you permission to modify or >+distribute the Program or its derivative works. These actions are >+prohibited by law if you do not accept this License. Therefore, by >+modifying or distributing the Program (or any work based on the >+Program), you indicate your acceptance of this License to do so, and >+all its terms and conditions for copying, distributing or modifying >+the Program or works based on it. >+ >+ 6. Each time you redistribute the Program (or any work based on the >+Program), the recipient automatically receives a license from the >+original licensor to copy, distribute or modify the Program subject to >+these terms and conditions. You may not impose any further >+restrictions on the recipients' exercise of the rights granted herein. >+You are not responsible for enforcing compliance by third parties to >+this License. >+ >+ 7. If, as a consequence of a court judgment or allegation of patent >+infringement or for any other reason (not limited to patent issues), >+conditions are imposed on you (whether by court order, agreement or >+otherwise) that contradict the conditions of this License, they do not >+excuse you from the conditions of this License. If you cannot >+distribute so as to satisfy simultaneously your obligations under this >+License and any other pertinent obligations, then as a consequence you >+may not distribute the Program at all. For example, if a patent >+license would not permit royalty-free redistribution of the Program by >+all those who receive copies directly or indirectly through you, then >+the only way you could satisfy both it and this License would be to >+refrain entirely from distribution of the Program. >+ >+If any portion of this section is held invalid or unenforceable under >+any particular circumstance, the balance of the section is intended to >+apply and the section as a whole is intended to apply in other >+circumstances. >+ >+It is not the purpose of this section to induce you to infringe any >+patents or other property right claims or to contest validity of any >+such claims; this section has the sole purpose of protecting the >+integrity of the free software distribution system, which is >+implemented by public license practices. Many people have made >+generous contributions to the wide range of software distributed >+through that system in reliance on consistent application of that >+system; it is up to the author/donor to decide if he or she is willing >+to distribute software through any other system and a licensee cannot >+impose that choice. >+ >+This section is intended to make thoroughly clear what is believed to >+be a consequence of the rest of this License. >+ >+ 8. If the distribution and/or use of the Program is restricted in >+certain countries either by patents or by copyrighted interfaces, the >+original copyright holder who places the Program under this License >+may add an explicit geographical distribution limitation excluding >+those countries, so that distribution is permitted only in or among >+countries not thus excluded. In such case, this License incorporates >+the limitation as if written in the body of this License. >+ >+ 9. The Free Software Foundation may publish revised and/or new versions >+of the General Public License from time to time. Such new versions will >+be similar in spirit to the present version, but may differ in detail to >+address new problems or concerns. >+ >+Each version is given a distinguishing version number. If the Program >+specifies a version number of this License which applies to it and "any >+later version", you have the option of following the terms and conditions >+either of that version or of any later version published by the Free >+Software Foundation. If the Program does not specify a version number of >+this License, you may choose any version ever published by the Free Software >+Foundation. >+ >+ 10. If you wish to incorporate parts of the Program into other free >+programs whose distribution conditions are different, write to the author >+to ask for permission. For software which is copyrighted by the Free >+Software Foundation, write to the Free Software Foundation; we sometimes >+make exceptions for this. Our decision will be guided by the two goals >+of preserving the free status of all derivatives of our free software and >+of promoting the sharing and reuse of software generally. >+ >+ NO WARRANTY >+ >+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY >+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN >+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES >+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED >+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF >+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS >+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE >+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, >+REPAIR OR CORRECTION. >+ >+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING >+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR >+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, >+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING >+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED >+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY >+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER >+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE >+POSSIBILITY OF SUCH DAMAGES. >+ >+ END OF TERMS AND CONDITIONS >+ >+ How to Apply These Terms to Your New Programs >+ >+ If you develop a new program, and you want it to be of the greatest >+possible use to the public, the best way to achieve this is to make it >+free software which everyone can redistribute and change under these terms. >+ >+ To do so, attach the following notices to the program. It is safest >+to attach them to the start of each source file to most effectively >+convey the exclusion of warranty; and each file should have at least >+the "copyright" line and a pointer to where the full notice is found. >+ >+ <one line to give the program's name and a brief idea of what it does.> >+ Copyright (C) <year> <name of author> >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA >+ >+ >+Also add information on how to contact you by electronic and paper mail. >+ >+If the program is interactive, make it output a short notice like this >+when it starts in an interactive mode: >+ >+ Gnomovision version 69, Copyright (C) year name of author >+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. >+ This is free software, and you are welcome to redistribute it >+ under certain conditions; type `show c' for details. >+ >+The hypothetical commands `show w' and `show c' should show the appropriate >+parts of the General Public License. Of course, the commands you use may >+be called something other than `show w' and `show c'; they could even be >+mouse-clicks or menu items--whatever suits your program. >+ >+You should also get your employer (if you work as a programmer) or your >+school, if any, to sign a "copyright disclaimer" for the program, if >+necessary. Here is a sample; alter the names: >+ >+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program >+ `Gnomovision' (which makes passes at compilers) written by James Hacker. >+ >+ <signature of Ty Coon>, 1 April 1989 >+ Ty Coon, President of Vice >+ >+This General Public License does not permit incorporating your program into >+proprietary programs. If your program is a subroutine library, you may >+consider it more useful to permit linking proprietary applications with the >+library. If this is what you want to do, use the GNU Library General >+Public License instead of this License. >+ >+ >diff -urN john-1.6.orig/doc/NTLM-FAQ john-1.6/doc/NTLM-FAQ >--- john-1.6.orig/doc/NTLM-FAQ 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/doc/NTLM-FAQ 2004-05-19 07:59:24.000000000 +0930 >@@ -0,0 +1,33 @@ >+ >+Q: What's this? >+A: It's a patch to Solar Designer's "john the ripper" password cracker. >+ >+Q: What's it good for, then? >+A: It enables john to crack Windows NT/2000 MD4 (case-sensitive) password hashes. >+ >+Q: Who made this? >+A: This patch was thrown together on a boring Sunday by Olle Segerdahl. >+ It uses Andrew Tridgell's NTLM and MD4 code stolen from samba-2.0.7 . >+ >+Q: How do I install it? >+A: I assume you are able to install john from a source distribution, >+ if you are not, PLEASE read john's documentation. Put the files enclosed >+ in this archive in the "src" subdirectory, run 'patch < john-ntlm.diff' >+ and then 'make (your-system-type-here)' .... >+ >+Q: How do I use john to crack NT password hashes? >+A: Use pwdump2 or L0phtcrack to dump the password hashes into a file, >+ then run 'john pwfile -format:NT' to start cracking! >+ >+Q: Didn't it used to be '-format:NTLM' ? >+A: Yes, but this has changed so as not to confuse people who have trouble >+ understanding the difference between LM (DES) and NT (md4) hashes. >+ >+Q: I get all kinds of compile errors! >+A: This patch was made against john-1.6.31-dev, lots of stuff might have broken >+ source compatibility since then... Use something closer to john-1.6.31-dev. >+ >+Q: I have a question not covered by this FAQ! >+A: Make sure you have read all there is to read about john, then >+ mail me at olle@nxs.se with "JOHN-NTLM" in the subject. >+ >diff -urN john-1.6.orig/run/john.ini john-1.6/run/john.ini >--- john-1.6.orig/run/john.ini 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/run/john.ini 2004-05-19 07:56:49.000000000 +0930 >@@ -5,7 +5,7 @@ > > [Options] > # Wordlist file name, to be used in batch mode >-Wordfile = ~/password.lst >+Wordfile = /usr/share/john/password.lst > # Use idle cycles only > Idle = N > # Crash recovery file saving delay in seconds >@@ -314,25 +314,25 @@ > > # Incremental modes > [Incremental:All] >-File = ~/all.chr >+File = /usr/share/john/all.chr > MinLen = 0 > MaxLen = 8 > CharCount = 95 > > [Incremental:Alpha] >-File = ~/alpha.chr >+File = /usr/share/john/alpha.chr > MinLen = 1 > MaxLen = 8 > CharCount = 26 > > [Incremental:Digits] >-File = ~/digits.chr >+File = /usr/share/john/digits.chr > MinLen = 1 > MaxLen = 8 > CharCount = 10 > > [Incremental:LanMan] >-File = ~/lanman.chr >+File = /usr/share/john/lanman.chr > MinLen = 0 > MaxLen = 7 > CharCount = 69 >diff -urN john-1.6.orig/src/BFEgg_fmt.c john-1.6/src/BFEgg_fmt.c >--- john-1.6.orig/src/BFEgg_fmt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/BFEgg_fmt.c 2004-05-20 08:56:13.768720784 +0930 >@@ -0,0 +1,119 @@ >+/* >+ * This file is part of Eggdrop blowfish patch for John The Ripper. >+ * Copyright (c) 2002 by Sun-Zero <sun-zero@freemail.hu> >+ * This is a free software distributable under terms of the GNU GPL. >+ * See the file COPYING for details. >+ */ >+ >+#include <string.h> >+ >+#include "misc.h" >+#include "formats.h" >+#include "common.h" >+#include "blowfish.c" >+ >+#define FORMAT_LABEL "bfegg" >+#define FORMAT_NAME "Eggdrop" >+#define ALG_NAME "blowfish" >+ >+#define BENCHMARK_COMMENT "" >+#define BENCHMARK_LENGTH -1 >+ >+#define PLAINTEXT_LENGTH 31 >+#define CIPHERTEXT_LENGTH 33 >+ >+#define BINARY_SIZE 13 >+#define SALT_SIZE 0 >+ >+#define MIN_KEYS_PER_CRYPT 1 >+#define MAX_KEYS_PER_CRYPT 1 >+ >+static struct fmt_tests tests[] = { >+ {"+Yug.E/gQk2S0", "ajto123"}, >+ {"+hG/XQ18czl5.", "ablak123"}, >+ {"+IaISR0x4ZY/.", "szek123"}, >+ {"+9VMVs/L1st7/", "konyha"}, >+ {"+EEHgy/MBLDd0", "walkman"}, >+ {"+vPBrs07OTXE/", "tesztuser"}, >+ {NULL} >+}; >+ >+static char crypt_key[BINARY_SIZE]; >+static char saved_key[PLAINTEXT_LENGTH + 1]; >+ >+static int valid(char *ciphertext) { >+ if (strncmp(ciphertext, "+", 1) != 0) return 0; >+ if (strlen(ciphertext) != 13) return 0; >+ >+ return 1; >+} >+ >+void init() { >+ blowfish_first_init(); >+} >+ >+ >+static void set_key(char *key, int index) { >+ strnzcpy(saved_key, key, PLAINTEXT_LENGTH+1); >+} >+ >+static char *get_key(int index) { >+ return saved_key; >+} >+ >+static int cmp_all(void *binary, int index) { >+ return !memcmp(binary, crypt_key, BINARY_SIZE); >+} >+ >+static int cmp_exact(char *source, int index) { >+ return 1; >+} >+ >+static void set_salt(void *salt) { } >+ >+static void crypt_all(int count) { >+ blowfish_encrypt_pass(saved_key, crypt_key); >+} >+ >+struct fmt_main fmt_BFEgg = { >+ { >+ FORMAT_LABEL, >+ FORMAT_NAME, >+ ALG_NAME, >+ BENCHMARK_COMMENT, >+ BENCHMARK_LENGTH, >+ PLAINTEXT_LENGTH, >+ BINARY_SIZE, >+ SALT_SIZE, >+ MIN_KEYS_PER_CRYPT, >+ MAX_KEYS_PER_CRYPT, >+ FMT_CASE | FMT_8_BIT, >+ tests >+ }, { >+ init, >+ valid, >+ fmt_default_split, >+ fmt_default_binary, >+ fmt_default_salt, >+ { >+ fmt_default_binary_hash, >+ fmt_default_binary_hash, >+ fmt_default_binary_hash, >+ }, >+ fmt_default_salt_hash, >+ set_salt, >+ set_key, >+ get_key, >+ // fmt_default_clear_keys, >+ crypt_all, >+ { >+ fmt_default_get_hash, >+ fmt_default_get_hash, >+ fmt_default_get_hash, >+ }, >+ cmp_all, >+ cmp_all, >+ cmp_exact >+ } >+}; >+ >diff -urN john-1.6.orig/src/KRB4_fmt.c john-1.6/src/KRB4_fmt.c >--- john-1.6.orig/src/KRB4_fmt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/KRB4_fmt.c 2004-05-20 08:52:33.881148776 +0930 >@@ -0,0 +1,288 @@ >+/* >+ KRB4_fmt.c >+ >+ AFS/krb4 TGT dictionary attack module for Solar Designer's John the Ripper. >+ >+ tgtsnarf files should only contain entries for one cell/realm. >+ >+ Copyright (c) 1999 Dug Song <dugsong@monkey.org> >+ All rights reserved, all wrongs reversed. >+ >+ Redistribution and use in source and binary forms, with or without >+ modification, are permitted provided that the following conditions >+ are met: >+ >+ 1. Redistributions of source code must retain the above copyright >+ notice, this list of conditions and the following disclaimer. >+ 2. Redistributions in binary form must reproduce the above copyright >+ notice, this list of conditions and the following disclaimer in the >+ documentation and/or other materials provided with the distribution. >+ 3. The name of author may not be used to endorse or promote products >+ derived from this software without specific prior written permission. >+ >+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, >+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY >+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL >+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; >+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, >+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR >+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF >+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+*/ >+ >+#include <string.h> >+#include <ctype.h> >+#define OPENSSL_ENABLE_OLD_DES_SUPPORT >+#include <des.h> >+ >+#include "arch.h" >+#include "DES_std.h" >+#include "KRB4_std.h" >+#include "misc.h" >+#include "common.h" >+#include "formats.h" >+ >+#define TGT_LENGTH 16 /* 2 des_cblock's */ >+ >+#define FORMAT_LABEL "krb4" >+#define FORMAT_NAME "Kerberos v4 TGT" >+#define ALGORITHM_NAME DES_STD_ALGORITHM_NAME >+#define BENCHMARK_COMMENT "" >+#define BENCHMARK_LENGTH -1 >+#define PLAINTEXT_LENGTH 32 >+#define BINARY_SIZE 0 >+#define SALT_SIZE TGT_LENGTH + REALM_SZ >+#define MIN_KEYS_PER_CRYPT 1 >+#define MAX_KEYS_PER_CRYPT 1 >+ >+static struct fmt_tests krb4_tests[] = { >+ {"$af$UMICH.EDU$bb46613c503ad92e649d99d038efddb2", "w00w00"}, >+ {"$af$UMICH.EDU$95cd4367d4828d117b745ed63b9229be", "asdfjkl;"}, >+ {"$af$UMICH.EDU$000084efbde96969fd54d1a2ec8c287d", "hello!"}, >+ {"$af$UMICH.EDU$e9660a21b280875a7ecfc68aa771e34a", "a12345"}, >+ {"$af$UMICH.EDU$566f2b8629b9be36680866b0e613f239", "a1b2c3"}, >+ {"$af$UMICH.EDU$bebcedf43f7f2aa78cf9c0639e494c92", "abcdefg12345678"}, >+ {"$af$ENGIN.UMICH.EDU$9ef1034301e1f1fcf1516cb65aa1cc79", "asdfjkl;"}, >+ {"$af$ENGIN.UMICH.EDU$02ad23a6364df67a4db473de053cacbb", "a1b2c3"}, >+ {"$af$ENGIN.UMICH.EDU$14d0a59a2f9e746f1a3bf02ec4fb447e", "abc123!"}, >+ {"$af$ENGIN.UMICH.EDU$44feffd06e68e30bc8890e253760858d", "12345"}, >+ {NULL} >+}; >+ >+static const unsigned char odd_parity[256]={ >+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, >+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, >+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, >+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, >+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, >+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, >+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, >+ 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, >+ 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, >+ 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, >+ 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, >+ 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, >+ 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, >+ 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, >+ 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, >+ 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254 >+}; >+ >+static struct salt_st { >+ u_char tgt[TGT_LENGTH]; >+ char realm[REALM_SZ]; >+} *saved_salt; >+ >+static struct key_st { >+ des_cblock key; >+ des_key_schedule sched; >+ char string[PLAINTEXT_LENGTH]; >+} saved_key; >+ >+ >+static int >+krb4_valid(char *ciphertext) >+{ >+ char *p, *tgt; >+ >+ if (strncmp(ciphertext, "$k4$", 4) != 0 && >+ strncmp(ciphertext, "$af$", 4) != 0) >+ return 0; >+ >+ tgt = strchr(ciphertext + 4, '$') + 1; >+ >+ for (p = tgt; p && *p != '\0'; p++) >+ if (!isxdigit((int)*p)) return 0; >+ >+ if (p - tgt != TGT_LENGTH * 2) >+ return 0; >+ >+ return 1; >+} >+ >+static int >+hex_decode(char *src, u_char *dst, int outsize) >+{ >+ char *p, *pe; >+ u_char *q, *qe, ch, cl; >+ >+ pe = src + strlen(src); >+ qe = dst + outsize; >+ >+ for (p = src, q = dst; p < pe && q < qe && isxdigit((int)*p); p += 2) { >+ ch = tolower(p[0]); >+ cl = tolower(p[1]); >+ >+ if ((ch >= '0') && (ch <= '9')) ch -= '0'; >+ else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; >+ else return (-1); >+ >+ if ((cl >= '0') && (cl <= '9')) cl -= '0'; >+ else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; >+ else return (-1); >+ >+ *q++ = (ch << 4) | cl; >+ } >+ return (q - dst); >+} >+ >+static void * >+krb4_salt(char *ciphertext) >+{ >+ static struct salt_st salt; >+ char *p; >+ >+ if (strncmp(ciphertext, "$af$", 4) == 0) { >+ ciphertext += 4; >+ p = strchr(ciphertext, '$'); >+ strnzcpy(salt.realm, ciphertext, (p - ciphertext) + 1); >+ ciphertext = p + 1; >+ } >+ else { >+ salt.realm[0] = '\0'; >+ ciphertext += 4; >+ } >+ if (hex_decode(ciphertext, salt.tgt, sizeof(salt.tgt)) != >+ sizeof(salt.tgt)) >+ return (NULL); >+ >+ return (&salt); >+} >+ >+static void >+krb4_set_salt(void *salt) >+{ >+ saved_salt = (struct salt_st *)salt; >+} >+ >+static void >+krb4_set_key(char *key, int index) >+{ >+ if (saved_salt->realm[0] != '\0') >+ afs_string_to_key(key, saved_salt->realm, &saved_key.key); >+ else >+ des_string_to_key(key, &saved_key.key); >+ >+ strnzcpy(saved_key.string, key, sizeof(saved_key.string)); >+} >+ >+static char * >+krb4_get_key(int index) >+{ >+ return (saved_key.string); >+} >+ >+static void >+krb4_crypt_all(int count) >+{ >+ /* XXX - NOOP */ >+} >+ >+static int >+krb4_check_parity(des_cblock *key) >+{ >+ int i; >+ >+ for (i = 0; i < DES_KEY_SZ; i++) { >+ if ((*key)[i] != odd_parity[(*key)[i]]) >+ return (0); >+ } >+ return (1); >+} >+ >+static int >+krb4_cmp_all(void *binary, int count) >+{ >+ des_cblock tmp; >+ >+ des_set_key(&saved_key.key, saved_key.sched); >+ >+ des_pcbc_encrypt((des_cblock *)saved_salt->tgt, &tmp, >+ sizeof(des_cblock), saved_key.sched, >+ &saved_key.key, DES_DECRYPT); >+ >+ return (krb4_check_parity(&tmp)); >+} >+ >+static int >+krb4_cmp_one(void *binary, int count) >+{ >+ u_char text[TGT_LENGTH]; >+ >+ des_pcbc_encrypt((des_cblock *)saved_salt->tgt, (des_cblock *)text, >+ sizeof(text), saved_key.sched, &saved_key.key, >+ DES_DECRYPT); >+ >+ return (memcmp(text + 8, "krbtgt", 6) == 0); >+} >+ >+static int >+krb4_cmp_exact(char *source, int index) >+{ >+ return (1); /* XXX - fallthrough from krb4_cmp_one() */ >+} >+ >+struct fmt_main fmt_KRB4 = { >+ { >+ FORMAT_LABEL, >+ FORMAT_NAME, >+ ALGORITHM_NAME, >+ BENCHMARK_COMMENT, >+ BENCHMARK_LENGTH, >+ PLAINTEXT_LENGTH, >+ BINARY_SIZE, >+ SALT_SIZE, >+ MIN_KEYS_PER_CRYPT, >+ MAX_KEYS_PER_CRYPT, >+ FMT_CASE | FMT_8_BIT, >+ krb4_tests >+ }, { >+ fmt_default_init, >+ krb4_valid, >+ fmt_default_split, >+ fmt_default_binary, >+ krb4_salt, >+ { >+ fmt_default_binary_hash, >+ fmt_default_binary_hash, >+ fmt_default_binary_hash >+ }, >+ fmt_default_salt_hash, >+ krb4_set_salt, >+ krb4_set_key, >+ krb4_get_key, >+ krb4_crypt_all, >+ { >+ fmt_default_get_hash, >+ fmt_default_get_hash, >+ fmt_default_get_hash >+ }, >+ krb4_cmp_all, >+ krb4_cmp_one, >+ krb4_cmp_exact >+ } >+}; >+ >+/* 5000. */ >diff -urN john-1.6.orig/src/KRB4_std.c john-1.6/src/KRB4_std.c >--- john-1.6.orig/src/KRB4_std.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/KRB4_std.c 2004-05-20 08:37:55.188730328 +0930 >@@ -0,0 +1,122 @@ >+/* >+ KRB4_std.c >+ >+ Kerberos v4 jonks, from KTH krb4. >+ >+ $OpenBSD: str2key.c,v 1.6 1998/06/22 15:22:27 beck Exp $ >+ $KTH: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $ >+*/ >+ >+/* This defines the Andrew string_to_key function. It accepts a password >+ * string as input and converts its via a one-way encryption algorithm to a DES >+ * encryption key. It is compatible with the original Andrew authentication >+ * service password database. >+ */ >+ >+#include <stdio.h> >+#include <stdlib.h> >+#include <string.h> >+#define OPENSSL_ENABLE_OLD_DES_SUPPORT >+#include <des.h> >+ >+#include "KRB4_std.h" >+ >+#ifndef des_fixup_key_parity >+#define des_fixup_key_parity des_set_odd_parity >+#endif >+ >+static void >+mklower(char *s) >+{ >+ for (; s[0] != '\0'; s++) >+ if ('A' <= *s && *s <= 'Z') >+ *s = *s - 'A' + 'a'; >+} >+ >+/* >+ * Short passwords, i.e 8 characters or less. >+ */ >+static void >+afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) >+{ >+ char password[8+1]; /* crypt is limited to 8 chars anyway */ >+ int i; >+ int passlen; >+ >+ memset(key, 0, sizeof(key)); >+ memset(password, 0, sizeof(password)); >+ >+ strncpy (password, cell, 8); >+ password[8] = '\0'; >+ passlen = strlen (str); >+ if (passlen > 8) passlen = 8; >+ >+ for (i=0; i<passlen; i++) >+ password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */ >+ >+ for (i=0; i<8; i++) >+ if (password[i] == '\0') password[i] = 'X'; >+ >+ /* crypt only considers the first 8 characters of password but for some >+ reason returns eleven characters of result (plus the two salt chars). */ >+ strncpy((char *)key, crypt(password, "p1") + 2, sizeof(des_cblock)); >+ >+ /* parity is inserted into the LSB so leftshift each byte up one bit. This >+ allows ascii characters with a zero MSB to retain as much significance >+ as possible. */ >+ { char *keybytes = (char *)key; >+ unsigned int temp; >+ >+ for (i = 0; i < 8; i++) { >+ temp = (unsigned int) keybytes[i]; >+ keybytes[i] = (unsigned char) (temp << 1); >+ } >+ } >+ des_fixup_key_parity (key); >+} >+ >+/* >+ * Long passwords, i.e 9 characters or more. >+ */ >+static void >+afs_transarc_StringToKey (char *str, char *cell, des_cblock *key) >+{ >+ des_key_schedule schedule; >+ des_cblock temp_key; >+ des_cblock ivec; >+ char password[512]; >+ int passlen; >+ >+ strncpy (password, str, sizeof(password)); >+ password[sizeof(password)-1] = '\0'; >+ if ((passlen = strlen (password)) < sizeof(password)-1) >+ strncat (password, cell, sizeof(password)-passlen); >+ if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password); >+ >+ memcpy(&ivec, "kerberos", 8); >+ memcpy(&temp_key, "kerberos", 8); >+ des_fixup_key_parity (&temp_key); >+ des_key_sched (&temp_key, schedule); >+ des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); >+ >+ memcpy(&temp_key, &ivec, 8); >+ des_fixup_key_parity (&temp_key); >+ des_key_sched (&temp_key, schedule); >+ des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); >+ >+ des_fixup_key_parity (key); >+} >+ >+void >+afs_string_to_key(char *str, char *cell, des_cblock *key) >+{ >+ char realm[REALM_SZ+1]; >+ strncpy(realm, cell, REALM_SZ); >+ realm[REALM_SZ] = 0; >+ mklower(realm); >+ >+ if (strlen(str) > 8) >+ afs_transarc_StringToKey (str, realm, key); >+ else >+ afs_cmu_StringToKey (str, realm, key); >+} >diff -urN john-1.6.orig/src/KRB4_std.h john-1.6/src/KRB4_std.h >--- john-1.6.orig/src/KRB4_std.h 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/KRB4_std.h 2004-05-19 18:31:08.000000000 +0930 >@@ -0,0 +1,16 @@ >+/* >+ * KRB4_std.h >+ * >+ * Kerberos v4 jonks, from KTH krb4. >+ * >+ * Dug Song <dugsong@monkey.org> >+ */ >+ >+#ifndef KRB4_STD_H >+#define KRB4_STD_H >+ >+#define REALM_SZ 40 >+ >+void afs_string_to_key(char *str, char *cell, des_cblock *key); >+ >+#endif /* KRB4_STD_H */ >diff -urN john-1.6.orig/src/MYSQL_fmt.c john-1.6/src/MYSQL_fmt.c >--- john-1.6.orig/src/MYSQL_fmt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/MYSQL_fmt.c 2004-05-19 07:56:18.000000000 +0930 >@@ -0,0 +1,241 @@ >+//////////////////////////////////////////////////////////////// >+// MySQL password cracker - v1.0 - 16.1.2003 >+// >+// by Andrew Hintz <http://guh.nu> drew@overt.org >+// >+// This production has been brought to you by >+// 4tphi <http://4tphi.net> and violating <http://violating.us> >+// >+// This file is an add-on to John the Ripper <http://www.openwall.com/john/> >+// >+// Part of this code is based on the MySQL brute password cracker >+// mysqlpassword.c by Chris Given >+// This program executes about 75% faster than mysqlpassword.c >+// John the ripper also performs sophisticated password guessing. >+// >+// John the Ripper will expect the MySQL password file to be >+// in the following format (without the leading // ): >+// dumb_user:5d2e19393cc5ef67 >+// another_luser:28ff8d49159ffbaf >+ >+#include <string.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include <math.h> >+ >+// johntr includes >+#include "arch.h" >+#include "misc.h" >+#include "formats.h" >+#include "common.h" >+ >+//johntr defines >+#define FORMAT_LABEL "mysql" >+#define FORMAT_NAME "mysql" >+#define ALGORITHM_NAME "mysql" >+ >+#define BENCHMARK_COMMENT "" >+#define BENCHMARK_LENGTH -1 >+ >+// Increase the PLAINTEXT_LENGTH value for longer passwords. >+// You can also set it to 8 when using MySQL systems that truncate >+// the password to only 8 characters. >+#define PLAINTEXT_LENGTH 32 >+ >+#define CIPHERTEXT_LENGTH 16 >+ >+#define BINARY_SIZE 16 >+#define SALT_SIZE 0 >+ >+#define MIN_KEYS_PER_CRYPT 1 >+#define MAX_KEYS_PER_CRYPT 1 >+ >+ >+//used for mysql scramble function >+struct rand_struct { >+ unsigned long seed1,seed2,max_value; >+ double max_value_dbl; >+}; >+ >+ >+void make_scrambled_password(char *,const char *); >+char *scramble(char *,const char *,const char *, int); >+ >+//test cases >+static struct fmt_tests mysql_tests[] = { >+ {"30f098972cc8924d", "http://guh.nu"}, >+ {"3fc56f6037218993", "Andrew Hintz"}, >+ {"697a7de87c5390b2", "drew"}, >+ {"1eb71cf460712b3e", "http://4tphi.net"}, >+ {"28ff8d49159ffbaf", "http://violating.us"}, >+ {"5d2e19393cc5ef67", "password"}, >+ {NULL} >+}; >+ >+ >+//stores the ciphertext for value currently being tested >+static char crypt_key[BINARY_SIZE+1]; >+ >+//used by set_key >+static char saved_key[PLAINTEXT_LENGTH + 1]; >+ >+static int mysql_valid(char *ciphertext) { //returns 0 for invalid ciphertexts >+ >+ int i; //used as counter in loop >+ >+ //ciphertext is 16 characters >+ if (strlen(ciphertext) != 16) return 0; >+ >+ //ciphertext is ASCII representation of hex digits >+ for (i = 0; i < 16; i++){ >+ if (!( ((48 <= ciphertext[i])&&(ciphertext[i] <= 57)) || >+ ((97 <= ciphertext[i])&&(ciphertext[i] <= 102)) )) >+ return 0; >+ } >+ >+ return 1; >+} >+ >+static void mysql_set_salt(void *salt) { } >+ >+static void mysql_set_key(char *key, int index) { >+ strnzcpy(saved_key, key, PLAINTEXT_LENGTH+1); >+} >+ >+static char *mysql_get_key(int index) { >+ return saved_key; >+} >+ >+static int mysql_cmp_all(void *binary, int index) { //also is mysql_cmp_one >+ return !memcmp(binary, crypt_key, BINARY_SIZE); >+} >+ >+static int mysql_cmp_exact(char *source, int count){ >+ return (1); // mysql_cmp_all fallthrough? >+} >+ >+static void mysql_crypt_all(int count) { >+ // get plaintext input in saved_key put it into ciphertext crypt_key >+ make_scrambled_password(crypt_key,saved_key); >+} >+ >+//////////////////////////////////////////////////////////////// >+//begin mysql code >+// This code was copied from mysqlpassword.c by Chris Given >+// He probably copied it from password.c in the MySQL source >+// The code is GPLed >+ >+void randominit(struct rand_struct *rand_st,ulong seed1, ulong seed2) { >+ rand_st->max_value= 0x3FFFFFFFL; >+ rand_st->max_value_dbl=(double) rand_st->max_value; >+ rand_st->seed1=seed1%rand_st->max_value ; >+ rand_st->seed2=seed2%rand_st->max_value; >+} >+static void old_randominit(struct rand_struct *rand_st,ulong seed1) { >+ rand_st->max_value= 0x01FFFFFFL; >+ rand_st->max_value_dbl=(double) rand_st->max_value; >+ seed1%=rand_st->max_value; >+ rand_st->seed1=seed1 ; rand_st->seed2=seed1/2; >+} >+double rnd(struct rand_struct *rand_st) { >+ rand_st->seed1=(rand_st->seed1*3+rand_st->seed2) % >+ rand_st->max_value; >+ rand_st->seed2=(rand_st->seed1+rand_st->seed2+33) % >+ rand_st->max_value; >+ return(((double) rand_st->seed1)/rand_st->max_value_dbl); >+} >+void hash_password(ulong *result, const char *password) { >+ register ulong nr=1345345333L, add=7, nr2=0x12345671L; >+ ulong tmp; >+ for (; *password ; password++) { >+ if (*password == ' ' || *password == '\t') >+ continue; >+ tmp= (ulong) (unsigned char) *password; >+ nr^= (((nr & 63)+add)*tmp)+ (nr << 8); >+ nr2+=(nr2 << 8) ^ nr; >+ add+=tmp; >+ } >+ result[0]=nr & (((ulong) 1L << 31) -1L); /* Don't use sign bit >+ (str2int) */; >+ result[1]=nr2 & (((ulong) 1L << 31) -1L); >+ return; >+} >+void make_scrambled_password(char *to,const char *password) { >+ ulong hash_res[2]; >+ hash_password(hash_res,password); >+ sprintf(to,"%08lx%08lx",hash_res[0],hash_res[1]); >+} >+static inline uint char_val(char X) { >+ return (uint) (X >= '0' && X <= '9' ? X-'0' : X >= 'A' && X <= 'Z' ? >+ X-'A'+10 : X-'a'+10); >+} >+char *scramble(char *to,const char *message,const char *password, int >+ old_ver) { >+ struct rand_struct rand_st; >+ ulong hash_pass[2],hash_message[2]; >+ if(password && password[0]) { >+ char *to_start=to; >+ hash_password(hash_pass,password); >+ hash_password(hash_message,message); >+ if (old_ver) >+ old_randominit(&rand_st,hash_pass[0] ^ >+ hash_message[0]); >+ else >+ randominit(&rand_st,hash_pass[0] ^ hash_message[0], >+ hash_pass[1] ^ hash_message[1]); >+ while (*message++) >+ *to++= (char) (floor(rnd(&rand_st)*31)+64); >+ if (!old_ver) { >+ char extra=(char) (floor(rnd(&rand_st)*31)); >+ while(to_start != to) >+ *(to_start++)^=extra; >+ } >+ } >+ *to=0; >+ return to; >+} >+ >+//end mysql code >+//////////////////////////////////////////////////////////////// >+ >+struct fmt_main fmt_MYSQL = { >+ { >+ FORMAT_LABEL, >+ FORMAT_NAME, >+ ALGORITHM_NAME, >+ BENCHMARK_COMMENT, >+ BENCHMARK_LENGTH, >+ PLAINTEXT_LENGTH, >+ BINARY_SIZE, >+ SALT_SIZE, >+ MIN_KEYS_PER_CRYPT, >+ MAX_KEYS_PER_CRYPT, >+ FMT_CASE | FMT_8_BIT, >+ mysql_tests >+ }, { >+ fmt_default_init, >+ mysql_valid, >+ fmt_default_split, >+ fmt_default_binary, >+ fmt_default_salt, >+ { >+ fmt_default_binary_hash, >+ fmt_default_binary_hash, >+ fmt_default_binary_hash >+ }, >+ fmt_default_salt_hash, >+ mysql_set_salt, >+ mysql_set_key, >+ mysql_get_key, >+ //fmt_default_clear_keys, >+ mysql_crypt_all, >+ { >+ fmt_default_get_hash, >+ fmt_default_get_hash, >+ fmt_default_get_hash >+ }, >+ mysql_cmp_all, >+ mysql_cmp_all, //should it be the same as cmp_all or same as cmp_exact? >+ mysql_cmp_exact //fallthrough >+ } >+}; >diff -urN john-1.6.orig/src/Makefile john-1.6/src/Makefile >--- john-1.6.orig/src/Makefile 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/src/Makefile 2004-05-20 09:15:44.947674520 +0930 >@@ -13,11 +13,12 @@ > SED = sed > NULL = /dev/null > CPPFLAGS = -E >-CFLAGS = -c -Wall -O2 -fomit-frame-pointer >+CFLAGS = -c -Wall -O2 -fomit-frame-pointer -I/usr/include/openssl > ASFLAGS = -c > LDFLAGS = -s > OPT_NORMAL = -funroll-loops > OPT_INLINE = -finline-functions >+LIBS = -lskey -lcrypto -lcrypt > > JOHN_VERSION = 1.6 > JOHN_ARCHIVE = john-$(JOHN_VERSION) >@@ -35,13 +36,19 @@ > MD5_fmt.o MD5_std.o \ > BF_fmt.o BF_std.o \ > AFS_fmt.o \ >- LM_fmt.o \ >+ LM_fmt.o NT_fmt.o \ >+ MYSQL_fmt.o \ >+ md4.o smbencrypt.o \ >+ SKEY_fmt.o \ >+ KRB4_fmt.o KRB4_std.o \ >+ BFEgg_fmt.o \ > batch.o bench.o charset.o common.o compiler.o config.o cracker.o \ > external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o \ > logger.o math.o memory.o misc.o options.o params.o path.o recovery.o \ > rpp.o rules.o signals.o single.o status.o tty.o wordlist.o \ > unshadow.o \ > unafs.o \ >+ undrop.o \ > unique.o > > JOHN_OBJS = \ >@@ -70,11 +77,11 @@ > bench.o best.o common.o config.o formats.o memory.o misc.o params.o \ > path.o signals.o tty.o > >-PROJ = ../run/john ../run/unshadow ../run/unafs ../run/unique >+PROJ = ../run/john ../run/unshadow ../run/unafs ../run/unique ../run/undrop ../run/tgtsnarf > PROJ_DOS = ../run/john.bin ../run/john.com \ >- ../run/unshadow.com ../run/unafs.com ../run/unique.com >+ ../run/unshadow.com ../run/unafs.com ../run/unique.com ../run/undrop.com > PROJ_WIN32 = ../run/john.exe \ >- ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe >+ ../run/unshadow.exe ../run/unafs.exe ../run/unique.exe ../run/undrop.exe > > default: > @echo "To build John the Ripper, type:" >@@ -147,7 +154,7 @@ > JOHN_OBJS="$(JOHN_OBJS) alpha.o" > > linux-sparc: >- $(MAKE) HAMMER=use-linux-sparc sparc.h >+ $(MAKE) use-linux-sparc HAMMER=use-linux-sparc NAIL=sparc.h > ln -s sparc.h arch.h > $(MAKE) use-linux-sparc NAIL="$(PROJ)" > >@@ -397,8 +404,11 @@ > bench: $(BENCH_OBJS) > $(LD) $(LDFLAGS) $(BENCH_OBJS) -o bench > >+../run/tgtsnarf: tgtsnarf.o >+ $(LD) $(LDFLAGS) tgtsnarf.o -o ../run/tgtsnarf >+ > ../run/john: $(JOHN_OBJS) >- $(LD) $(LDFLAGS) $(JOHN_OBJS) -o ../run/john >+ $(LD) $(LDFLAGS) $(JOHN_OBJS) -o ../run/john $(LIBS) > > ../run/unshadow: ../run/john > ln -s john ../run/unshadow >@@ -406,6 +416,10 @@ > ../run/unafs: ../run/john > ln -s john ../run/unafs > >+../run/undrop: ../run/john >+ $(RM) ../run/undrop >+ ln -s john ../run/undrop >+ > ../run/unique: ../run/john > ln -s john ../run/unique > >@@ -423,6 +437,9 @@ > ../run/unafs.com: john.com > copy john.com ..\run\unafs.com > >+../run/undrop.com: john.com >+ copy john.com ..\run\undrop.com >+ > ../run/unique.com: john.com > copy john.com ..\run\unique.com > >@@ -441,6 +458,10 @@ > $(CC) symlink.c -o ../run/unafs.exe > strip ../run/unafs.exe > >+../run/undrop.exe: symlink.c >+ $(CC) symlink.c -o ../run/undrop.exe >+ strip ../run/undrop.exe >+ > ../run/unique.exe: symlink.c > $(CC) symlink.c -o ../run/unique.exe > strip ../run/unique.exe >diff -urN john-1.6.orig/src/NT_fmt.c john-1.6/src/NT_fmt.c >--- john-1.6.orig/src/NT_fmt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/NT_fmt.c 2004-05-20 09:19:11.101334400 +0930 >@@ -0,0 +1,187 @@ >+/* >+ * NTLM patch for john version 0.2 >+ * >+ * (C) 2001 Olle Segerdahl <olle@nxs.se> >+ * >+ * liscense: GPL <http://www.gnu.org/> >+ * >+ * This file is based on code from John the Ripper, >+ * Copyright (c) 1996-99 by Solar Designer >+ * >+ */ >+ >+#include <string.h> >+ >+#include "arch.h" >+#include "memory.h" >+#include "common.h" >+#include "formats.h" >+ >+#ifndef uchar >+#define uchar unsigned char >+#endif >+ >+#define FORMAT_LABEL "nt" >+#define FORMAT_NAME "NT MD4" >+ >+#define BENCHMARK_COMMENT "" >+#define BENCHMARK_LENGTH -1 >+ >+#define PLAINTEXT_LENGTH 54 >+#define CIPHERTEXT_LENGTH 36 >+ >+ >+static struct fmt_tests tests[] = { >+ {"$NT$b7e4b9022cd45f275334bbdb83bb5be5", "John the Ripper"}, >+ {"$NT$8846f7eaee8fb117ad06bdd830b7586c", "password"}, >+ {"$NT$0cb6948805f797bf2a82807973b89537", "test"}, >+ {"$NT$31d6cfe0d16ae931b73c59d7e0c089c0", ""}, >+ {NULL} >+}; >+ >+#define ALGORITHM_NAME "TridgeMD4" >+ >+#define BINARY_SIZE 16 >+#define SALT_SIZE 0 >+ >+#define MIN_KEYS_PER_CRYPT 1 >+#define MAX_KEYS_PER_CRYPT 1 >+ >+uchar saved_plain[PLAINTEXT_LENGTH + 1]; >+uchar output[BINARY_SIZE + 1]; >+ >+extern void E_md4hash(uchar *passwd, uchar *p16); >+ >+ >+static int valid(char *ciphertext) >+{ >+ char *pos; >+ >+ if (strncmp(ciphertext, "$NT$", 4)!=0) return 0; >+ >+ for (pos = &ciphertext[4]; atoi16[(ARCH_INDEX)*pos] != 0x7F; pos++); >+ >+ if (!*pos && pos - ciphertext == CIPHERTEXT_LENGTH) >+ return 1; >+ else >+ return 0; >+ >+} >+ >+static void *get_binary(char *ciphertext) >+{ >+ static uchar binary[BINARY_SIZE]; >+ int i; >+ >+ ciphertext+=4; >+ for (i=0; i<BINARY_SIZE; i++) >+ { >+ binary[i] = (atoi16[(ARCH_INDEX) ciphertext[i*2]])<<4; >+ binary[i] |= (atoi16[(ARCH_INDEX) ciphertext[i*2+1]]); >+ } >+ >+ return binary; >+} >+ >+static int binary_hash_0(void *binary) >+{ >+ return ((uchar *)binary)[0] & 0x0F; >+} >+ >+static int binary_hash_1(void *binary) >+{ >+ return ((uchar *)binary)[0]; >+} >+ >+static int binary_hash_2(void *binary) >+{ >+ return (((uchar *)binary)[0] << 4) + (((uchar *)binary)[1] & 0x0F); >+} >+ >+static int get_hash_0(int index) >+{ >+ return output[0] & 0x0F; >+} >+ >+static int get_hash_1(int index) >+{ >+ return output[0]; >+} >+ >+static int get_hash_2(int index) >+{ >+ return (output[0] << 4) + (output[1] & 0x0F); >+} >+ >+static void crypt_all(int count) >+{ >+ E_md4hash(saved_plain, output); >+} >+ >+static int cmp_all(void *binary, int count) >+{ >+ return !memcmp(output, binary, BINARY_SIZE); >+ >+} >+ >+static int cmp_exact(char *source, int index) >+{ >+ return !memcmp(output, get_binary(source), BINARY_SIZE); >+} >+ >+static void set_salt(void *salt) >+{ >+} >+ >+static void set_key(char *key, int index) >+{ >+ strncpy(saved_plain, key, PLAINTEXT_LENGTH); >+ saved_plain[PLAINTEXT_LENGTH] = 0; >+} >+ >+static char *get_key(int index) >+{ >+ return saved_plain; >+} >+ >+struct fmt_main fmt_NT = { >+ { >+ FORMAT_LABEL, >+ FORMAT_NAME, >+ ALGORITHM_NAME, >+ BENCHMARK_COMMENT, >+ BENCHMARK_LENGTH, >+ PLAINTEXT_LENGTH, >+ BINARY_SIZE, >+ SALT_SIZE, >+ MIN_KEYS_PER_CRYPT, >+ MAX_KEYS_PER_CRYPT, >+ FMT_CASE | FMT_8_BIT, >+ tests >+ }, { >+ fmt_default_init, >+ valid, >+ fmt_default_split, >+ get_binary, >+ fmt_default_salt, >+ { >+ binary_hash_0, >+ binary_hash_1, >+ binary_hash_2 >+ }, >+ fmt_default_salt_hash, >+ set_salt, >+ set_key, >+ get_key, >+ // fmt_default_clear_keys, >+ crypt_all, >+ { >+ get_hash_0, >+ get_hash_1, >+ get_hash_2 >+ }, >+ cmp_all, >+ cmp_all, >+ cmp_exact >+ } >+}; >diff -urN john-1.6.orig/src/SKEY_fmt.c john-1.6/src/SKEY_fmt.c >--- john-1.6.orig/src/SKEY_fmt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/SKEY_fmt.c 2004-05-19 08:04:31.000000000 +0930 >@@ -0,0 +1,255 @@ >+/* >+ SKEY_fmt.c >+ >+ S/Key dictionary attack module for Solar Designer's John the Ripper. >+ >+ skeykeys files should be fed through sed 's/ /:/' first. >+ >+ Copyright (c) 2000 Dug Song <dugsong@monkey.org> >+ All rights reserved, all wrongs reversed. >+ >+ Redistribution and use in source and binary forms, with or without >+ modification, are permitted provided that the following conditions >+ are met: >+ >+ 1. Redistributions of source code must retain the above copyright >+ notice, this list of conditions and the following disclaimer. >+ 2. Redistributions in binary form must reproduce the above copyright >+ notice, this list of conditions and the following disclaimer in the >+ documentation and/or other materials provided with the distribution. >+ 3. The name of author may not be used to endorse or promote products >+ derived from this software without specific prior written permission. >+ >+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, >+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY >+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL >+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; >+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, >+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR >+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF >+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+*/ >+ >+#include <stdio.h> >+#include <stdlib.h> >+#include <string.h> >+#include <ctype.h> >+#include <skey.h> >+ >+#include "arch.h" >+#include "misc.h" >+#include "common.h" >+#include "formats.h" >+ >+#define FORMAT_LABEL "skey" >+#define FORMAT_NAME "S/Key" >+#define ALGORITHM_NAME "MD4/MD5/SHA1/RMD160" >+#define BENCHMARK_COMMENT "" >+#define BENCHMARK_LENGTH -1 >+#define PLAINTEXT_LENGTH 32 >+#define BINARY_SIZE 0 >+#define SALT_SIZE sizeof(struct skey_salt_st) >+#define MIN_KEYS_PER_CRYPT 1 >+#define MAX_KEYS_PER_CRYPT 1 >+ >+static struct fmt_tests skey_tests[] = { >+ {"0096 luky451004 b519dcfe18eb7aab", "w00w00 v00d00"}, >+ {"md5 0099 luky451001 93b3774544ba92a3", "swirling zagnuts"}, >+ {"sha1 0042 luky451002 d4f0b50e17b29310", "abcdefg12345678"}, >+ {"rmd160 0099 luky451006 2dbcbb728e8bb456", "squeamish ossifrage"}, >+ {NULL} >+}; >+ >+/* Saved state. */ >+static struct skey_salt_st { >+ int num; >+ char type[SKEY_MAX_HASHNAME_LEN + 1]; >+ char seed[SKEY_MAX_SEED_LEN + 1]; >+ u_char hash[SKEY_BINKEY_SIZE]; >+} saved_salt; >+static u_char saved_key[SKEY_BINKEY_SIZE]; >+static char saved_pass[PLAINTEXT_LENGTH]; >+ >+static int >+skey_valid(char *ciphertext) >+{ >+ char *p, *q, buf[24]; >+ >+ if (*ciphertext == '#') >+ return (0); >+ >+ strnzcpy(buf, ciphertext, sizeof(buf)); >+ >+ if ((p = strchr(buf, ' ')) == NULL) >+ return (0); >+ *p++ = '\0'; >+ >+ if (isalpha(*buf)) { >+ if (skey_set_algorithm(buf) == NULL || >+ (q = strchr(p, ' ')) == NULL) >+ return (0); >+ *q = '\0'; >+ } >+ else p = buf; >+ >+ for ( ; *p; p++) { >+ if (!isdigit(*p)) >+ return (0); >+ } >+ return (1); >+} >+ >+static int >+hex_decode(char *src, u_char *dst, int outsize) >+{ >+ char *p, *pe; >+ u_char *q, *qe, ch, cl; >+ >+ pe = src + strlen(src); >+ qe = dst + outsize; >+ >+ for (p = src, q = dst; p < pe && q < qe && isxdigit((int)*p); p += 2) { >+ ch = tolower(p[0]); >+ cl = tolower(p[1]); >+ >+ if ((ch >= '0') && (ch <= '9')) ch -= '0'; >+ else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; >+ else return (-1); >+ >+ if ((cl >= '0') && (cl <= '9')) cl -= '0'; >+ else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; >+ else return (-1); >+ >+ *q++ = (ch << 4) | cl; >+ } >+ return (q - dst); >+} >+ >+static void * >+skey_salt(char *ciphertext) >+{ >+ static struct skey_salt_st salt; >+ static char buf[128]; >+ char *p; >+ >+ strnzcpy(buf, ciphertext, sizeof(buf)); >+ >+ if ((p = strtok(buf, " \t")) == NULL) >+ return (NULL); >+ >+ if (isalpha(*p)) { >+ strnzcpy(salt.type, p, sizeof(salt.type)); >+ if ((p = strtok(NULL, " \t")) == NULL) >+ return (NULL); >+ } >+ else strnzcpy(salt.type, "md4", sizeof(salt.type)); >+ >+ salt.num = atoi(p); >+ >+ if ((p = strtok(NULL, " \t")) == NULL) >+ return (NULL); >+ >+ strnzcpy(salt.seed, p, sizeof(salt.seed) - 1); >+ >+ if ((p = strtok(NULL, " \t")) == NULL) >+ return (NULL); >+ >+ hex_decode(p, salt.hash, sizeof(salt.hash)); >+ >+ return (&salt); >+} >+ >+static void >+skey_set_salt(void *salt) >+{ >+ memcpy((u_char *)&saved_salt, (u_char *)salt, sizeof(saved_salt)); >+} >+ >+static void >+skey_set_key(char *key, int index) >+{ >+ strnzcpy(saved_pass, key, sizeof(saved_pass) - 1); >+ hex_decode(key, saved_key, sizeof(saved_key)); >+} >+ >+static char * >+skey_get_key(int index) >+{ >+ return (saved_pass); >+} >+ >+static void >+skey_crypt_all(int count) >+{ >+ int i; >+ >+ skey_set_algorithm(saved_salt.type); >+ >+ keycrunch(saved_key, saved_salt.seed, saved_pass); >+ >+ for (i = 0; i < saved_salt.num; i++) >+ f(saved_key); >+} >+ >+static int >+skey_cmp_all(void *binary, int count) >+{ >+ return (memcmp(saved_key, saved_salt.hash, sizeof(saved_salt.hash)) == 0); >+} >+ >+static int >+skey_cmp_one(void *binary, int count) >+{ >+ return (1); /* XXX - fallthrough from skey_cmp_all() */ >+} >+ >+static int >+skey_cmp_exact(char *source, int count) >+{ >+ return (1); /* XXX - fallthrough from skey_cmp_one() */ >+} >+ >+struct fmt_main fmt_SKEY = { >+ { >+ FORMAT_LABEL, >+ FORMAT_NAME, >+ ALGORITHM_NAME, >+ BENCHMARK_COMMENT, >+ BENCHMARK_LENGTH, >+ PLAINTEXT_LENGTH, >+ BINARY_SIZE, >+ SALT_SIZE, >+ MIN_KEYS_PER_CRYPT, >+ MAX_KEYS_PER_CRYPT, >+ FMT_CASE | FMT_8_BIT, >+ skey_tests >+ }, { >+ fmt_default_init, >+ skey_valid, >+ fmt_default_split, >+ fmt_default_binary, >+ skey_salt, >+ { >+ fmt_default_binary_hash, >+ fmt_default_binary_hash, >+ fmt_default_binary_hash >+ }, >+ fmt_default_salt_hash, >+ skey_set_salt, >+ skey_set_key, >+ skey_get_key, >+ skey_crypt_all, >+ { >+ fmt_default_get_hash, >+ fmt_default_get_hash, >+ fmt_default_get_hash >+ }, >+ skey_cmp_all, >+ skey_cmp_one, >+ skey_cmp_exact >+ } >+}; >+ >+/* 5000. */ >diff -urN john-1.6.orig/src/bf_tab.h john-1.6/src/bf_tab.h >--- john-1.6.orig/src/bf_tab.h 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/bf_tab.h 2004-05-19 08:16:06.000000000 +0930 >@@ -0,0 +1,277 @@ >+/* bf_tab.h: Blowfish P-box and S-box tables */ >+#ifndef _H_TAB_BF >+#define _H_TAB_BF >+ >+static UWORD_32bits initbf_P[bf_N + 2] = >+{ >+ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, >+ 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, >+ 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, >+ 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, >+ 0x9216d5d9, 0x8979fb1b, >+}; >+static UWORD_32bits initbf_S[4][256] = >+{ >+ { >+ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, >+ 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, >+ 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, >+ 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, >+ 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, >+ 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, >+ 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, >+ 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, >+ 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, >+ 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, >+ 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, >+ 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, >+ 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, >+ 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, >+ 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, >+ 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, >+ 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, >+ 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, >+ 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, >+ 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, >+ 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, >+ 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, >+ 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, >+ 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, >+ 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, >+ 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, >+ 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, >+ 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, >+ 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, >+ 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, >+ 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, >+ 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, >+ 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, >+ 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, >+ 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, >+ 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, >+ 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, >+ 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, >+ 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, >+ 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, >+ 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, >+ 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, >+ 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, >+ 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, >+ 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, >+ 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, >+ 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, >+ 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, >+ 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, >+ 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, >+ 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, >+ 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, >+ 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, >+ 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, >+ 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, >+ 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, >+ 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, >+ 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, >+ 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, >+ 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, >+ 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, >+ 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, >+ 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, >+ 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, >+ { >+ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, >+ 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, >+ 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, >+ 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, >+ 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, >+ 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, >+ 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, >+ 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, >+ 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, >+ 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, >+ 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, >+ 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, >+ 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, >+ 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, >+ 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, >+ 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, >+ 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, >+ 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, >+ 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, >+ 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, >+ 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, >+ 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, >+ 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, >+ 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, >+ 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, >+ 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, >+ 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, >+ 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, >+ 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, >+ 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, >+ 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, >+ 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, >+ 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, >+ 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, >+ 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, >+ 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, >+ 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, >+ 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, >+ 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, >+ 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, >+ 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, >+ 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, >+ 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, >+ 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, >+ 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, >+ 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, >+ 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, >+ 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, >+ 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, >+ 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, >+ 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, >+ 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, >+ 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, >+ 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, >+ 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, >+ 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, >+ 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, >+ 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, >+ 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, >+ 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, >+ 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, >+ 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, >+ 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, >+ 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, >+ { >+ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, >+ 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, >+ 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, >+ 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, >+ 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, >+ 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, >+ 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, >+ 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, >+ 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, >+ 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, >+ 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, >+ 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, >+ 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, >+ 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, >+ 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, >+ 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, >+ 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, >+ 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, >+ 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, >+ 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, >+ 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, >+ 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, >+ 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, >+ 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, >+ 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, >+ 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, >+ 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, >+ 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, >+ 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, >+ 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, >+ 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, >+ 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, >+ 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, >+ 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, >+ 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, >+ 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, >+ 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, >+ 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, >+ 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, >+ 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, >+ 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, >+ 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, >+ 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, >+ 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, >+ 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, >+ 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, >+ 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, >+ 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, >+ 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, >+ 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, >+ 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, >+ 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, >+ 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, >+ 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, >+ 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, >+ 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, >+ 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, >+ 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, >+ 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, >+ 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, >+ 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, >+ 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, >+ 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, >+ 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, >+ { >+ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, >+ 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, >+ 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, >+ 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, >+ 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, >+ 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, >+ 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, >+ 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, >+ 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, >+ 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, >+ 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, >+ 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, >+ 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, >+ 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, >+ 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, >+ 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, >+ 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, >+ 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, >+ 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, >+ 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, >+ 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, >+ 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, >+ 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, >+ 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, >+ 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, >+ 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, >+ 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, >+ 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, >+ 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, >+ 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, >+ 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, >+ 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, >+ 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, >+ 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, >+ 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, >+ 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, >+ 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, >+ 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, >+ 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, >+ 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, >+ 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, >+ 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, >+ 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, >+ 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, >+ 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, >+ 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, >+ 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, >+ 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, >+ 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, >+ 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, >+ 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, >+ 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, >+ 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, >+ 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, >+ 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, >+ 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, >+ 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, >+ 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, >+ 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, >+ 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, >+ 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, >+ 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, >+ 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, >+ 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} >+}; >+ >+#endif >diff -urN john-1.6.orig/src/blowfish.c john-1.6/src/blowfish.c >--- john-1.6.orig/src/blowfish.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/blowfish.c 2004-05-20 08:51:37.579707896 +0930 >@@ -0,0 +1,186 @@ >+/* >+ * blowfish.c - part of blowfish.mod >+ * handles: encryption and decryption of passwords >+ */ >+/* >+ * The first half of this is very lightly edited from public domain >+ * sourcecode. For simplicity, this entire module will remain public >+ * domain. >+ */ >+/* >+ * This is ripped from eggdrop 1.3.28's source files (blowfish.mod) >+ * Modified by Sun-Zero <sun-zero@freemail.hu> >+ * 2002-04-16 >+*/ >+ >+#include <stdlib.h> >+ >+#include "blowfish.h" >+#include "bf_tab.h" /* P-box P-array, S-box */ >+ >+/* #define S(x,i) (bf_S[i][x.w.byte##i]) */ >+#define S0(x) (bf_S[0][x.w.byte0]) >+#define S1(x) (bf_S[1][x.w.byte1]) >+#define S2(x) (bf_S[2][x.w.byte2]) >+#define S3(x) (bf_S[3][x.w.byte3]) >+#define bf_F(x) (((S0(x) + S1(x)) ^ S2(x)) + S3(x)) >+#define ROUND(a,b,n) (a.word ^= bf_F(b) ^ bf_P[n]) >+ >+#include <time.h> >+ >+/* keep a set of rotating P & S boxes */ >+static struct box_t { >+ UWORD_32bits *P; >+ UWORD_32bits **S; >+ char key[81]; >+ char keybytes; >+} box; >+ >+//static UWORD_32bits bf_P[bf_N+2]; >+//static UWORD_32bits bf_S[4][256]; >+static UWORD_32bits *bf_P; >+static UWORD_32bits **bf_S; >+ >+ >+void blowfish_first_init(void) { >+ box.P = NULL; >+ box.S = NULL; >+ box.key[0] = 0; >+} >+ >+static void blowfish_encipher(UWORD_32bits * xl, UWORD_32bits * xr) >+{ >+ union aword Xl; >+ union aword Xr; >+ >+ Xl.word = *xl; >+ Xr.word = *xr; >+ >+ Xl.word ^= bf_P[0]; >+ ROUND(Xr, Xl, 1); >+ ROUND(Xl, Xr, 2); >+ ROUND(Xr, Xl, 3); >+ ROUND(Xl, Xr, 4); >+ ROUND(Xr, Xl, 5); >+ ROUND(Xl, Xr, 6); >+ ROUND(Xr, Xl, 7); >+ ROUND(Xl, Xr, 8); >+ ROUND(Xr, Xl, 9); >+ ROUND(Xl, Xr, 10); >+ ROUND(Xr, Xl, 11); >+ ROUND(Xl, Xr, 12); >+ ROUND(Xr, Xl, 13); >+ ROUND(Xl, Xr, 14); >+ ROUND(Xr, Xl, 15); >+ ROUND(Xl, Xr, 16); >+ Xr.word ^= bf_P[17]; >+ >+ *xr = Xl.word; >+ *xl = Xr.word; >+} >+ >+static void blowfish_init(UBYTE_08bits * key, short keybytes) >+{ >+ int i, j; >+ UWORD_32bits data; >+ UWORD_32bits datal; >+ UWORD_32bits datar; >+ union aword temp; >+ >+ /* is buffer already allocated for this? */ >+ if (box.P != NULL) { >+ if ((box.keybytes == keybytes) && >+ (!strncmp((char *) (box.key), (char *) key, keybytes))) { >+ /* match! */ >+ bf_P = box.P; >+ bf_S = box.S; >+ return; >+ } >+ free(box.P); >+ for (i = 0; i < 4; i++) >+ free(box.S[i]); >+ free(box.S); >+ } >+ /* initialize new buffer */ >+ /* uh... this is over 4k */ >+ box.P = (UWORD_32bits *) malloc((bf_N + 2) * sizeof(UWORD_32bits)); >+ box.S = (UWORD_32bits **) malloc(4 * sizeof(UWORD_32bits *)); >+ for (i = 0; i < 4; i++) >+ box.S[i] = (UWORD_32bits *) malloc(256 * sizeof(UWORD_32bits)); >+ bf_P = box.P; >+ bf_S = box.S; >+ box.keybytes = keybytes; >+ strncpy(box.key, key, keybytes); >+ /* robey: reset blowfish boxes to initial state */ >+ /* (i guess normally it just keeps scrambling them, but here it's >+ * important to get the same encrypted result each time) */ >+ for (i = 0; i < bf_N + 2; i++) >+ bf_P[i] = initbf_P[i]; >+ for (i = 0; i < 4; i++) >+ for (j = 0; j < 256; j++) >+ bf_S[i][j] = initbf_S[i][j]; >+ >+ j = 0; >+ for (i = 0; i < bf_N + 2; ++i) { >+ temp.word = 0; >+ temp.w.byte0 = key[j]; >+ temp.w.byte1 = key[(j + 1) % keybytes]; >+ temp.w.byte2 = key[(j + 2) % keybytes]; >+ temp.w.byte3 = key[(j + 3) % keybytes]; >+ data = temp.word; >+ bf_P[i] = bf_P[i] ^ data; >+ j = (j + 4) % keybytes; >+ } >+ datal = 0x00000000; >+ datar = 0x00000000; >+ for (i = 0; i < bf_N + 2; i += 2) { >+ blowfish_encipher(&datal, &datar); >+ bf_P[i] = datal; >+ bf_P[i + 1] = datar; >+ } >+ for (i = 0; i < 4; ++i) { >+ for (j = 0; j < 256; j += 2) { >+ blowfish_encipher(&datal, &datar); >+ bf_S[i][j] = datal; >+ bf_S[i][j + 1] = datar; >+ } >+ } >+} >+ >+/* stuff below this line was written by robey for eggdrop use */ >+ >+/* of course, if you change either of these, then your userfile will >+ * no longer be able to be shared. :) */ >+#define SALT1 0xdeadd061 >+#define SALT2 0x23f6b095 >+ >+/* convert 64-bit encrypted password to text for userfile */ >+static char *base64 = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; >+ >+static void blowfish_encrypt_pass(char *text, char *new) >+{ >+ UWORD_32bits left, right; >+ int n; >+ char *p; >+ >+ blowfish_init(text, strlen(text)); >+ left = SALT1; >+ right = SALT2; >+ blowfish_encipher(&left, &right); >+ p = new; >+ *p++ = '+'; /* + means encrypted pass */ >+ n = 32; >+ while (n > 0) { >+ *p++ = base64[right & 0x3f]; >+ right = (right >> 6); >+ n -= 6; >+ } >+ n = 32; >+ while (n > 0) { >+ *p++ = base64[left & 0x3f]; >+ left = (left >> 6); >+ n -= 6; >+ } >+ *p = 0; >+} >+ >diff -urN john-1.6.orig/src/blowfish.h john-1.6/src/blowfish.h >--- john-1.6.orig/src/blowfish.h 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/blowfish.h 2004-05-19 08:16:06.000000000 +0930 >@@ -0,0 +1,55 @@ >+/* modified 19jul1996 by robey -- uses autoconf values now */ >+#ifndef _H_BLOWFISH >+#define _H_BLOWFISH >+ >+#include "arch.h" >+ >+#define bf_N 16 >+#define noErr 0 >+#define DATAERROR -1 >+ >+#define UBYTE_08bits unsigned char >+#define UWORD_16bits unsigned short >+ >+#define SIZEOF_INT 4 >+ >+#if SIZEOF_INT==4 >+#define UWORD_32bits unsigned int >+#else >+#if SIZEOF_LONG==4 >+#define UWORD_32bits unsigned long >+#endif >+#endif >+ >+/* choose a byte order for your hardware */ >+ >+#if !ARCH_LITTLE_ENDIAN >+/* ABCD - big endian - motorola */ >+union aword { >+ UWORD_32bits word; >+ UBYTE_08bits byte[4]; >+ struct { >+ unsigned int byte0:8; >+ unsigned int byte1:8; >+ unsigned int byte2:8; >+ unsigned int byte3:8; >+ } w; >+}; >+#endif /* !ARCH_LITTLE_ENDIAN */ >+ >+#if ARCH_LITTLE_ENDIAN >+/* DCBA - little endian - intel */ >+union aword { >+ UWORD_32bits word; >+ UBYTE_08bits byte[4]; >+ struct { >+ unsigned int byte3:8; >+ unsigned int byte2:8; >+ unsigned int byte1:8; >+ unsigned int byte0:8; >+ } w; >+}; >+ >+#endif /* ARCH_LITTLE_ENDIAN */ >+ >+#endif >diff -urN john-1.6.orig/src/byteorder.h john-1.6/src/byteorder.h >--- john-1.6.orig/src/byteorder.h 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/byteorder.h 2004-05-19 07:58:58.000000000 +0930 >@@ -0,0 +1,274 @@ >+/* >+ Unix SMB/Netbios implementation. >+ Version 1.9. >+ SMB Byte handling >+ Copyright (C) Andrew Tridgell 1992-1998 >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. >+*/ >+ >+#ifndef _BYTEORDER_H >+#define _BYTEORDER_H >+ >+/* >+ This file implements macros for machine independent short and >+ int manipulation >+ >+Here is a description of this file that I emailed to the samba list once: >+ >+> I am confused about the way that byteorder.h works in Samba. I have >+> looked at it, and I would have thought that you might make a distinction >+> between LE and BE machines, but you only seem to distinguish between 386 >+> and all other architectures. >+> >+> Can you give me a clue? >+ >+sure. >+ >+The distinction between 386 and other architectures is only there as >+an optimisation. You can take it out completely and it will make no >+difference. The routines (macros) in byteorder.h are totally byteorder >+independent. The 386 optimsation just takes advantage of the fact that >+the x86 processors don't care about alignment, so we don't have to >+align ints on int boundaries etc. If there are other processors out >+there that aren't alignment sensitive then you could also define >+CAREFUL_ALIGNMENT=0 on those processors as well. >+ >+Ok, now to the macros themselves. I'll take a simple example, say we >+want to extract a 2 byte integer from a SMB packet and put it into a >+type called uint16 that is in the local machines byte order, and you >+want to do it with only the assumption that uint16 is _at_least_ 16 >+bits long (this last condition is very important for architectures >+that don't have any int types that are 2 bytes long) >+ >+You do this: >+ >+#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) >+#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) >+#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) >+ >+then to extract a uint16 value at offset 25 in a buffer you do this: >+ >+char *buffer = foo_bar(); >+uint16 xx = SVAL(buffer,25); >+ >+We are using the byteoder independence of the ANSI C bitshifts to do >+the work. A good optimising compiler should turn this into efficient >+code, especially if it happens to have the right byteorder :-) >+ >+I know these macros can be made a bit tidier by removing some of the >+casts, but you need to look at byteorder.h as a whole to see the >+reasoning behind them. byteorder.h defines the following macros: >+ >+SVAL(buf,pos) - extract a 2 byte SMB value >+IVAL(buf,pos) - extract a 4 byte SMB value >+SVALS(buf,pos) signed version of SVAL() >+IVALS(buf,pos) signed version of IVAL() >+ >+SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer >+SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer >+SSVALS(buf,pos,val) - signed version of SSVAL() >+SIVALS(buf,pos,val) - signed version of SIVAL() >+ >+RSVAL(buf,pos) - like SVAL() but for NMB byte ordering >+RSVALS(buf,pos) - like SVALS() but for NMB byte ordering >+RIVAL(buf,pos) - like IVAL() but for NMB byte ordering >+RIVALS(buf,pos) - like IVALS() but for NMB byte ordering >+RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering >+RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering >+RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering >+ >+it also defines lots of intermediate macros, just ignore those :-) >+ >+*/ >+ >+/* some switch macros that do both store and read to and from SMB buffers */ >+ >+#define RW_PCVAL(read,inbuf,outbuf,len) \ >+ { if (read) { PCVAL (inbuf,0,outbuf,len); } \ >+ else { PSCVAL(inbuf,0,outbuf,len); } } >+ >+#define RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ >+ { if (read) { if (big_endian) { RPIVAL(inbuf,0,outbuf,len); } else { PIVAL(inbuf,0,outbuf,len); } } \ >+ else { if (big_endian) { RPSIVAL(inbuf,0,outbuf,len); } else { PSIVAL(inbuf,0,outbuf,len); } } } >+ >+#define RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ >+ { if (read) { if (big_endian) { RPSVAL(inbuf,0,outbuf,len); } else { PSVAL(inbuf,0,outbuf,len); } } \ >+ else { if (big_endian) { RPSSVAL(inbuf,0,outbuf,len); } else { PSSVAL(inbuf,0,outbuf,len); } } } >+ >+#define RW_CVAL(read, inbuf, outbuf, offset) \ >+ { if (read) { (outbuf) = CVAL (inbuf,offset); } \ >+ else { SCVAL(inbuf,offset,outbuf); } } >+ >+#define RW_IVAL(read, big_endian, inbuf, outbuf, offset) \ >+ { if (read) { (outbuf) = ((big_endian) ? RIVAL(inbuf,offset) : IVAL (inbuf,offset)); } \ >+ else { if (big_endian) { RSIVAL(inbuf,offset,outbuf); } else { SIVAL(inbuf,offset,outbuf); } } } >+ >+#define RW_SVAL(read, big_endian, inbuf, outbuf, offset) \ >+ { if (read) { (outbuf) = ((big_endian) ? RSVAL(inbuf,offset) : SVAL (inbuf,offset)); } \ >+ else { if (big_endian) { RSSVAL(inbuf,offset,outbuf); } else { SSVAL(inbuf,offset,outbuf); } } } >+ >+#undef CAREFUL_ALIGNMENT >+ >+/* we know that the 386 can handle misalignment and has the "right" >+ byteorder */ >+#ifdef __i386__ >+#define CAREFUL_ALIGNMENT 0 >+#endif >+ >+#ifndef CAREFUL_ALIGNMENT >+#define CAREFUL_ALIGNMENT 1 >+#endif >+ >+#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) >+#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) >+#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) >+ >+ >+#if CAREFUL_ALIGNMENT >+ >+#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) >+#define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) >+#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) >+#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) >+#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) >+#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) >+#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) >+#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) >+#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) >+#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) >+ >+#else /* CAREFUL_ALIGNMENT */ >+ >+/* this handles things for architectures like the 386 that can handle >+ alignment errors */ >+/* >+ WARNING: This section is dependent on the length of int16 and int32 >+ being correct >+*/ >+ >+/* get single value from an SMB buffer */ >+#define SVAL(buf,pos) (*(const uint16 *)((const char *)(buf) + (pos))) >+#define IVAL(buf,pos) (*(const uint32 *)((const char *)(buf) + (pos))) >+#define SVALS(buf,pos) (*(const int16 *)((const char *)(buf) + (pos))) >+#define IVALS(buf,pos) (*(const int32 *)((const char *)(buf) + (pos))) >+ >+/* store single value in an SMB buffer */ >+#define SVALMOD(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) >+#define IVALMOD(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) >+#define SVALSMOD(buf,pos) (*(int16 *)((char *)(buf) + (pos))) >+#define IVALSMOD(buf,pos) (*(int32 *)((char *)(buf) + (pos))) >+ >+#define SSVAL(buf,pos,val) SVALMOD(buf,pos)=((uint16)(val)) >+#define SIVAL(buf,pos,val) IVALMOD(buf,pos)=((uint32)(val)) >+#define SSVALS(buf,pos,val) SVALSMOD(buf,pos)=((int16)(val)) >+#define SIVALS(buf,pos,val) IVALSMOD(buf,pos)=((int32)(val)) >+ >+#endif /* CAREFUL_ALIGNMENT */ >+ >+/* macros for reading / writing arrays */ >+ >+#define SMBMACRO(macro,buf,pos,val,len,size) \ >+{ uint32 l; for (l = 0; l < (uint32)(len); l++) (val)[l] = macro((buf), (pos) + (size)*l); } >+ >+#define SSMBMACRO(macro,buf,pos,val,len,size) \ >+{ uint32 l; for (l = 0; l < (uint32)(len); l++) macro((buf), (pos) + (size)*l, (val)[l]); } >+ >+/* reads multiple data from an SMB buffer */ >+#define PCVAL(buf,pos,val,len) SMBMACRO(CVAL,buf,pos,val,len,1) >+#define PSVAL(buf,pos,val,len) SMBMACRO(SVAL,buf,pos,val,len,2) >+#define PIVAL(buf,pos,val,len) SMBMACRO(IVAL,buf,pos,val,len,4) >+#define PCVALS(buf,pos,val,len) SMBMACRO(CVALS,buf,pos,val,len,1) >+#define PSVALS(buf,pos,val,len) SMBMACRO(SVALS,buf,pos,val,len,2) >+#define PIVALS(buf,pos,val,len) SMBMACRO(IVALS,buf,pos,val,len,4) >+ >+/* stores multiple data in an SMB buffer */ >+#define PSCVAL(buf,pos,val,len) SSMBMACRO(SCVAL,buf,pos,val,len,1) >+#define PSSVAL(buf,pos,val,len) SSMBMACRO(SSVAL,buf,pos,val,len,2) >+#define PSIVAL(buf,pos,val,len) SSMBMACRO(SIVAL,buf,pos,val,len,4) >+#define PSCVALS(buf,pos,val,len) SSMBMACRO(SCVALS,buf,pos,val,len,1) >+#define PSSVALS(buf,pos,val,len) SSMBMACRO(SSVALS,buf,pos,val,len,2) >+#define PSIVALS(buf,pos,val,len) SSMBMACRO(SIVALS,buf,pos,val,len,4) >+ >+ >+/* now the reverse routines - these are used in nmb packets (mostly) */ >+#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) >+#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) >+ >+#define RSVAL(buf,pos) SREV(SVAL(buf,pos)) >+#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) >+#define RIVAL(buf,pos) IREV(IVAL(buf,pos)) >+#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) >+#define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) >+#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) >+#define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) >+#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) >+ >+/* reads multiple data from an SMB buffer (big-endian) */ >+#define RPSVAL(buf,pos,val,len) SMBMACRO(RSVAL,buf,pos,val,len,2) >+#define RPIVAL(buf,pos,val,len) SMBMACRO(RIVAL,buf,pos,val,len,4) >+#define RPSVALS(buf,pos,val,len) SMBMACRO(RSVALS,buf,pos,val,len,2) >+#define RPIVALS(buf,pos,val,len) SMBMACRO(RIVALS,buf,pos,val,len,4) >+ >+/* stores multiple data in an SMB buffer (big-endian) */ >+#define RPSSVAL(buf,pos,val,len) SSMBMACRO(RSSVAL,buf,pos,val,len,2) >+#define RPSIVAL(buf,pos,val,len) SSMBMACRO(RSIVAL,buf,pos,val,len,4) >+#define RPSSVALS(buf,pos,val,len) SSMBMACRO(RSSVALS,buf,pos,val,len,2) >+#define RPSIVALS(buf,pos,val,len) SSMBMACRO(RSIVALS,buf,pos,val,len,4) >+ >+#define DBG_RW_PCVAL(charmode,string,depth,base,read,inbuf,outbuf,len) \ >+ { RW_PCVAL(read,inbuf,outbuf,len) \ >+ DEBUG(5,("%s%04x %s: ", \ >+ tab_depth(depth), base,string)); \ >+ if (charmode) print_asc(5, (unsigned char*)(outbuf), (len)); else \ >+ { uint32 idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%02x ", (outbuf)[idx])); } } \ >+ DEBUG(5,("\n")); } >+ >+#define DBG_RW_PSVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ >+ { RW_PSVAL(read,big_endian,inbuf,outbuf,len) \ >+ DEBUG(5,("%s%04x %s: ", \ >+ tab_depth(depth), base,string)); \ >+ if (charmode) print_asc(5, (unsigned char*)(outbuf), 2*(len)); else \ >+ { uint32 idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%04x ", (outbuf)[idx])); } } \ >+ DEBUG(5,("\n")); } >+ >+#define DBG_RW_PIVAL(charmode,string,depth,base,read,big_endian,inbuf,outbuf,len) \ >+ { RW_PIVAL(read,big_endian,inbuf,outbuf,len) \ >+ DEBUG(5,("%s%04x %s: ", \ >+ tab_depth(depth), base,string)); \ >+ if (charmode) print_asc(5, (unsigned char*)(outbuf), 4*(len)); else \ >+ { uint32 idx; for (idx = 0; idx < len; idx++) { DEBUG(5,("%08x ", (outbuf)[idx])); } } \ >+ DEBUG(5,("\n")); } >+ >+#define DBG_RW_CVAL(string,depth,base,read,inbuf,outbuf) \ >+ { RW_CVAL(read,inbuf,outbuf,0) \ >+ DEBUG(5,("%s%04x %s: %02x\n", \ >+ tab_depth(depth), base, string, outbuf)); } >+ >+#define DBG_RW_SVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ >+ { RW_SVAL(read,big_endian,inbuf,outbuf,0) \ >+ DEBUG(5,("%s%04x %s: %04x\n", \ >+ tab_depth(depth), base, string, outbuf)); } >+ >+#define DBG_RW_IVAL(string,depth,base,read,big_endian,inbuf,outbuf) \ >+ { RW_IVAL(read,big_endian,inbuf,outbuf,0) \ >+ DEBUG(5,("%s%04x %s: %08x\n", \ >+ tab_depth(depth), base, string, outbuf)); } >+ >+/* Alignment macros. */ >+#define ALIGN4(p,base) ((p) + ((4 - (PTR_DIFF((p), (base)) & 3)) & 3)) >+#define ALIGN2(p,base) ((p) + ((2 - (PTR_DIFF((p), (base)) & 1)) & 1)) >+ >+#endif /* _BYTEORDER_H */ >diff -urN john-1.6.orig/src/john.c john-1.6/src/john.c >--- john-1.6.orig/src/john.c 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/src/john.c 2004-05-20 09:13:08.326484560 +0930 >@@ -37,10 +37,12 @@ > #endif > > extern struct fmt_main fmt_DES, fmt_BSDI, fmt_MD5, fmt_BF; >-extern struct fmt_main fmt_AFS, fmt_LM; >+extern struct fmt_main fmt_AFS, fmt_LM, fmt_NT; >+extern struct fmt_main fmt_MYSQL, fmt_SKEY, fmt_KRB4, fmt_BFEgg; > > extern int unshadow(int argc, char **argv); > extern int unafs(int argc, char **argv); >+extern int undrop(int argc, char **argv); > extern int unique(int argc, char **argv); > > static struct db_main database; >@@ -58,12 +60,17 @@ > { > if (options.format) strlwr(options.format); > >+ john_register_one(&fmt_BFEgg); > john_register_one(&fmt_DES); > john_register_one(&fmt_BSDI); > john_register_one(&fmt_MD5); > john_register_one(&fmt_BF); > john_register_one(&fmt_AFS); > john_register_one(&fmt_LM); >+ john_register_one(&fmt_NT); >+ john_register_one(&fmt_MYSQL); >+ john_register_one(&fmt_SKEY); >+ john_register_one(&fmt_KRB4); > > if (!fmt_list) { > fprintf(stderr, "Unknown ciphertext format name requested\n"); >@@ -276,6 +283,9 @@ > if (!strcmp(name, "unique")) > return unique(argc, argv); > >+ if (!strcmp(name, "undrop")) >+ return undrop(argc, argv); >+ > fprintf(stderr, "Sorry, I can't find myself\n"); > return 1; > } >diff -urN john-1.6.orig/src/loader.c john-1.6/src/loader.c >--- john-1.6.orig/src/loader.c 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/src/loader.c 2004-05-19 08:00:14.000000000 +0930 >@@ -18,6 +18,7 @@ > #include "signals.h" > #include "formats.h" > #include "loader.h" >+#include "options.h" > > /* > * Flags for read_file(). >@@ -183,7 +184,7 @@ > static int ldr_split_line(char **login, char **ciphertext, > char **gecos, char **home, > char *source, struct fmt_main **format, >- struct db_options *options, char *line) >+ struct db_options *db_options, char *line) > { > char *uid = NULL, *gid = NULL, *shell = NULL; > char *tmp; >@@ -206,10 +207,27 @@ > if (!strncmp(*ciphertext, "NO PASSWORD", 11)) > *ciphertext = ""; > >+ /* NT loader hack starts here ! */ >+ >+ if (options.format && (strncmp(options.format, "nt", 2)==0)) { >+ >+ tmp = ldr_get_field(&line); >+ *ciphertext = tmp; >+ >+ if (!strncmp(*ciphertext, "NO PASSWORD", 11)) >+ *ciphertext = ""; >+ else { >+ *ciphertext -= 4; >+ strncpy(*ciphertext,"$NT$",4); >+ } >+ } >+ >+ /* NT loader hack ends here ! */ >+ > if (source) sprintf(source, "%s:%s", uid, line); > } > >- if (options->flags & DB_WORDS || options->shells->head) { >+ if (db_options->flags & DB_WORDS || db_options->shells->head) { > gid = ldr_get_field(&line); > do { > *gecos = ldr_get_field(&line); >@@ -218,13 +236,13 @@ > } while (!**gecos && > !strcmp(*home, "0") && !strcmp(shell, "0")); > } else >- if (options->groups->head) { >+ if (db_options->groups->head) { > gid = ldr_get_field(&line); > } > >- if (ldr_check_list(options->users, *login, uid)) return 0; >- if (ldr_check_list(options->groups, gid, gid)) return 0; >- if (ldr_check_shells(options->shells, shell)) return 0; >+ if (ldr_check_list(db_options->users, *login, uid)) return 0; >+ if (ldr_check_list(db_options->groups, gid, gid)) return 0; >+ if (ldr_check_shells(db_options->shells, shell)) return 0; > > if (*format) return (*format)->methods.valid(*ciphertext); > >diff -urN john-1.6.orig/src/md4.c john-1.6/src/md4.c >--- john-1.6.orig/src/md4.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/md4.c 2004-05-19 07:58:58.000000000 +0930 >@@ -0,0 +1,187 @@ >+/* >+ Unix SMB/Netbios implementation. >+ Version 1.9. >+ a implementation of MD4 designed for use in the SMB authentication protocol >+ Copyright (C) Andrew Tridgell 1997-1998. >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. >+*/ >+ >+#include <sys/types.h> >+ >+ >+#ifndef uchar >+#define uchar unsigned char >+#endif >+ >+#if !defined(uint16) && !defined(HAVE_UINT16_FROM_RPC_RPC_H) >+#if (SIZEOF_SHORT == 4) >+#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; >+#else /* SIZEOF_SHORT != 4 */ >+#define uint16 unsigned short >+#endif /* SIZEOF_SHORT != 4 */ >+#endif >+ >+#ifndef uint32 >+#define uint32 unsigned int >+#endif >+ >+/* NOTE: This code makes no attempt to be fast! >+ >+ It assumes that a int is at least 32 bits long >+*/ >+ >+static uint32 A, B, C, D; >+ >+static uint32 F(uint32 X, uint32 Y, uint32 Z) >+{ >+ return (X&Y) | ((~X)&Z); >+} >+ >+static uint32 G(uint32 X, uint32 Y, uint32 Z) >+{ >+ return (X&Y) | (X&Z) | (Y&Z); >+} >+ >+static uint32 H(uint32 X, uint32 Y, uint32 Z) >+{ >+ return X^Y^Z; >+} >+ >+static uint32 lshift(uint32 x, int s) >+{ >+ x &= 0xFFFFFFFF; >+ return ((x<<s)&0xFFFFFFFF) | (x>>(32-s)); >+} >+ >+#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s) >+#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s) >+#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s) >+ >+/* this applies md4 to 64 byte chunks */ >+static void mdfour64(uint32 *M) >+{ >+ int j; >+ uint32 AA, BB, CC, DD; >+ uint32 X[16]; >+ >+ for (j=0;j<16;j++) >+ X[j] = M[j]; >+ >+ AA = A; BB = B; CC = C; DD = D; >+ >+ ROUND1(A,B,C,D, 0, 3); ROUND1(D,A,B,C, 1, 7); >+ ROUND1(C,D,A,B, 2, 11); ROUND1(B,C,D,A, 3, 19); >+ ROUND1(A,B,C,D, 4, 3); ROUND1(D,A,B,C, 5, 7); >+ ROUND1(C,D,A,B, 6, 11); ROUND1(B,C,D,A, 7, 19); >+ ROUND1(A,B,C,D, 8, 3); ROUND1(D,A,B,C, 9, 7); >+ ROUND1(C,D,A,B, 10, 11); ROUND1(B,C,D,A, 11, 19); >+ ROUND1(A,B,C,D, 12, 3); ROUND1(D,A,B,C, 13, 7); >+ ROUND1(C,D,A,B, 14, 11); ROUND1(B,C,D,A, 15, 19); >+ >+ ROUND2(A,B,C,D, 0, 3); ROUND2(D,A,B,C, 4, 5); >+ ROUND2(C,D,A,B, 8, 9); ROUND2(B,C,D,A, 12, 13); >+ ROUND2(A,B,C,D, 1, 3); ROUND2(D,A,B,C, 5, 5); >+ ROUND2(C,D,A,B, 9, 9); ROUND2(B,C,D,A, 13, 13); >+ ROUND2(A,B,C,D, 2, 3); ROUND2(D,A,B,C, 6, 5); >+ ROUND2(C,D,A,B, 10, 9); ROUND2(B,C,D,A, 14, 13); >+ ROUND2(A,B,C,D, 3, 3); ROUND2(D,A,B,C, 7, 5); >+ ROUND2(C,D,A,B, 11, 9); ROUND2(B,C,D,A, 15, 13); >+ >+ ROUND3(A,B,C,D, 0, 3); ROUND3(D,A,B,C, 8, 9); >+ ROUND3(C,D,A,B, 4, 11); ROUND3(B,C,D,A, 12, 15); >+ ROUND3(A,B,C,D, 2, 3); ROUND3(D,A,B,C, 10, 9); >+ ROUND3(C,D,A,B, 6, 11); ROUND3(B,C,D,A, 14, 15); >+ ROUND3(A,B,C,D, 1, 3); ROUND3(D,A,B,C, 9, 9); >+ ROUND3(C,D,A,B, 5, 11); ROUND3(B,C,D,A, 13, 15); >+ ROUND3(A,B,C,D, 3, 3); ROUND3(D,A,B,C, 11, 9); >+ ROUND3(C,D,A,B, 7, 11); ROUND3(B,C,D,A, 15, 15); >+ >+ A += AA; B += BB; C += CC; D += DD; >+ >+ A &= 0xFFFFFFFF; B &= 0xFFFFFFFF; >+ C &= 0xFFFFFFFF; D &= 0xFFFFFFFF; >+ >+ for (j=0;j<16;j++) >+ X[j] = 0; >+} >+ >+static void copy64(uint32 *M, unsigned char *in) >+{ >+ int i; >+ >+ for (i=0;i<16;i++) >+ M[i] = (in[i*4+3]<<24) | (in[i*4+2]<<16) | >+ (in[i*4+1]<<8) | (in[i*4+0]<<0); >+} >+ >+static void copy4(unsigned char *out,uint32 x) >+{ >+ out[0] = x&0xFF; >+ out[1] = (x>>8)&0xFF; >+ out[2] = (x>>16)&0xFF; >+ out[3] = (x>>24)&0xFF; >+} >+ >+/* produce a md4 message digest from data of length n bytes */ >+void mdfour(unsigned char *out, unsigned char *in, int n) >+{ >+ unsigned char buf[128]; >+ uint32 M[16]; >+ uint32 b = n * 8; >+ int i; >+ >+ A = 0x67452301; >+ B = 0xefcdab89; >+ C = 0x98badcfe; >+ D = 0x10325476; >+ >+ while (n > 64) { >+ copy64(M, in); >+ mdfour64(M); >+ in += 64; >+ n -= 64; >+ } >+ >+ for (i=0;i<128;i++) >+ buf[i] = 0; >+ memcpy(buf, in, n); >+ buf[n] = 0x80; >+ >+ if (n <= 55) { >+ copy4(buf+56, b); >+ copy64(M, buf); >+ mdfour64(M); >+ } else { >+ copy4(buf+120, b); >+ copy64(M, buf); >+ mdfour64(M); >+ copy64(M, buf+64); >+ mdfour64(M); >+ } >+ >+ for (i=0;i<128;i++) >+ buf[i] = 0; >+ copy64(M, buf); >+ >+ copy4(out, A); >+ copy4(out+4, B); >+ copy4(out+8, C); >+ copy4(out+12, D); >+ >+ A = B = C = D = 0; >+} >+ >+ >diff -urN john-1.6.orig/src/options.c john-1.6/src/options.c >--- john-1.6.orig/src/options.c 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/src/options.c 2004-05-19 08:01:44.000000000 +0930 >@@ -58,7 +58,7 @@ > {"salts", FLG_SALTS, FLG_SALTS, FLG_PASSWD, OPT_REQ_PARAM, > "%d", &options.loader.min_pps}, > {"format", FLG_FORMAT, FLG_FORMAT, >- FLG_CRACKING_SUP, >+ 0, > FLG_MAKECHARS_CHK | FLG_STDOUT | OPT_REQ_PARAM, > OPT_FMT_STR_ALLOC, &options.format}, > {"savemem", FLG_SAVEMEM, FLG_SAVEMEM, 0, OPT_REQ_PARAM, >@@ -88,7 +88,7 @@ > "-shells:[-]SHELL[,..] load users with this (these) shell(s) only\n" \ > "-salts:[-]COUNT load salts with at least COUNT passwords only\n" \ > "-format:NAME force ciphertext format NAME " \ >- "(DES/BSDI/MD5/BF/AFS/LM)\n" \ >+ "(DES/BSDI/MD5/BF/AFS/LM/NT/MYSQL)\n" \ > "-savemem:LEVEL enable memory saving, at LEVEL 1..3\n" > > void opt_init(int argc, char **argv) >diff -urN john-1.6.orig/src/params.h john-1.6/src/params.h >--- john-1.6.orig/src/params.h 1998-12-03 09:59:50.000000000 +0930 >+++ john-1.6/src/params.h 2004-05-19 07:56:49.000000000 +0930 >@@ -53,9 +53,9 @@ > * File names. > */ > #define LOG_NAME "~/john.pot" >-#define CFG_NAME "~/john.ini" >+#define CFG_NAME "/etc/john.ini" > #define RECOVERY_NAME "~/restore" >-#define WORDLIST_NAME "~/password.lst" >+#define WORDLIST_NAME "/usr/share/john/password.lst" > > /* > * Configuration file section names. >diff -urN john-1.6.orig/src/smbencrypt.c john-1.6/src/smbencrypt.c >--- john-1.6.orig/src/smbencrypt.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/smbencrypt.c 2004-05-19 07:58:58.000000000 +0930 >@@ -0,0 +1,105 @@ >+/* >+ Unix SMB/Netbios implementation. >+ Version 1.9. >+ SMB parameters and setup >+ Copyright (C) Andrew Tridgell 1992-1998 >+ Modified by Jeremy Allison 1995. >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 2 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program; if not, write to the Free Software >+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. >+*/ >+ >+ >+#include <sys/types.h> >+ >+ >+#ifndef uchar >+#define uchar unsigned char >+#endif >+ >+#if !defined(uint16) && !defined(HAVE_UINT16_FROM_RPC_RPC_H) >+#if (SIZEOF_SHORT == 4) >+#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; >+#else /* SIZEOF_SHORT != 4 */ >+#define uint16 unsigned short >+#endif /* SIZEOF_SHORT != 4 */ >+#endif >+ >+#if !defined(int16) && !defined(HAVE_INT16_FROM_RPC_RPC_H) >+#if (SIZEOF_SHORT == 4) >+#define int16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; >+#else /* SIZEOF_SHORT != 4 */ >+#define int16 short >+#endif /* SIZEOF_SHORT != 4 */ >+#endif >+ >+#include "byteorder.h" >+ >+extern void mdfour(unsigned char *out, unsigned char *in, int n); >+ >+ >+/* Routines for Windows NT MD4 Hash functions. */ >+static int _my_wcslen(int16 *str) >+{ >+ int len = 0; >+ while(*str++ != 0) >+ len++; >+ return len; >+} >+ >+/* >+ * Convert a string into an NT UNICODE string. >+ * Note that regardless of processor type >+ * this must be in intel (little-endian) >+ * format. >+ */ >+ >+static int _my_mbstowcs(int16 *dst, uchar *src, int len) >+{ >+ int i; >+ int16 val; >+ >+ for(i = 0; i < len; i++) { >+ val = *src; >+ SSVAL(dst,0,val); >+ dst++; >+ src++; >+ if(val == 0) >+ break; >+ } >+ return i; >+} >+ >+/* >+ * Creates the MD4 Hash of the users password in NT UNICODE. >+ */ >+ >+void E_md4hash(uchar *passwd, uchar *p16) >+{ >+ int len; >+ int16 wpwd[129]; >+ >+ /* Password cannot be longer than 128 characters */ >+ len = strlen((char *)passwd); >+ if(len > 128) >+ len = 128; >+ /* Password must be converted to NT unicode */ >+ _my_mbstowcs(wpwd, passwd, len); >+ wpwd[len] = 0; /* Ensure string is null terminated */ >+ /* Calculate length in bytes */ >+ len = _my_wcslen(wpwd) * sizeof(int16); >+ >+ mdfour(p16, (unsigned char *)wpwd, len); >+} >+ >diff -urN john-1.6.orig/src/tgtsnarf.c john-1.6/src/tgtsnarf.c >--- john-1.6.orig/src/tgtsnarf.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/tgtsnarf.c 2004-05-19 08:08:10.000000000 +0930 >@@ -0,0 +1,279 @@ >+/* >+ tgtsnarf >+ >+ Collect AFS/Kerberos TGTs for later offline dictionary attack. >+ >+ Copyright (c) 1999 Dug Song <dugsong@monkey.org> >+ All rights reserved, all wrongs reversed. >+ >+ Redistribution and use in source and binary forms, with or without >+ modification, are permitted provided that the following conditions >+ are met: >+ >+ 1. Redistributions of source code must retain the above copyright >+ notice, this list of conditions and the following disclaimer. >+ 2. Redistributions in binary form must reproduce the above copyright >+ notice, this list of conditions and the following disclaimer in the >+ documentation and/or other materials provided with the distribution. >+ 3. The name of author may not be used to endorse or promote products >+ derived from this software without specific prior written permission. >+ >+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, >+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY >+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL >+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; >+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, >+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR >+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF >+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+*/ >+ >+#include <sys/types.h> >+#include <sys/time.h> >+#include <sys/socket.h> >+#include <netinet/in.h> >+#include <arpa/inet.h> >+#include <netdb.h> >+#include <stdio.h> >+#include <stdlib.h> >+#include <unistd.h> >+#include <string.h> >+#include <ctype.h> >+ >+#define VERSION "1.2" >+#define TGT_LENGTH 16 >+ >+#ifndef MIN >+#define MIN(a,b) (((a)<(b))?(a):(b)) >+#endif >+ >+typedef struct ktext_st { >+ u_int length; >+ u_char dat[1250]; >+} KTEXT_ST; >+ >+int AFS = 0; >+ >+void >+usage(void) >+{ >+ fprintf(stderr, "Usage: tgtsnarf [-A] realm host [users...]\n"); >+ exit(1); >+} >+ >+u_long >+resolve_host(char *host) >+{ >+ u_long addr; >+ struct hostent *hp; >+ >+ if ((addr = inet_addr(host)) == -1) { >+ if ((hp = gethostbyname(host)) == NULL) >+ return (-1); >+ memcpy((char *)&addr, hp->h_addr, sizeof(addr)); >+ } >+ return (addr); >+} >+ >+int >+krb_put_int(u_long from, void *to, int size) >+{ >+ int i; >+ u_char *p = (u_char *)to; >+ >+ for (i = size - 1; i >= 0; i--) { >+ p[i] = from & 0xff; >+ from >>= 8; >+ } >+ return (size); >+} >+ >+int >+krb_put_string(char *from, void *to) >+{ >+ strcpy((char *)to, from); >+ return (strlen(from) + 1); >+} >+ >+int >+make_req(u_char *dst, char *user, char *realm) >+{ >+ char *pname, *pinst; >+ struct timeval tv; >+ u_char *p; >+ >+ if ((pname = strdup(user)) == NULL) >+ return (-1); >+ >+ if ((pinst = strchr(pname, '.')) != NULL) >+ *pinst++ = '\0'; >+ else pinst = pname + strlen(pname); >+ >+ gettimeofday(&tv, NULL); >+ >+ p = dst; >+ p += krb_put_int(4, p, 1); /* protocol version */ >+ p += krb_put_int((1 << 1), p, 1); /* msg type (KDC_REQUEST) */ >+ p += krb_put_string(pname, p); /* principal name */ >+ p += krb_put_string(pinst, p); /* principal instance */ >+ p += krb_put_string(realm, p); /* realm */ >+ p += krb_put_int(tv.tv_sec, p, 4); /* time */ >+ p += krb_put_int(120, p, 1); /* lifetime (120) */ >+ p += krb_put_string("krbtgt", p); /* service name (krbtgt)*/ >+ p += krb_put_string(realm, p); /* service instance (realm) */ >+ >+ free(pname); >+ >+ return (p - dst); >+} >+ >+int >+find_tkt(KTEXT_ST *ktext, u_char *dst, int size) >+{ >+ u_char *p; >+ int type, len; >+ >+ p = ktext->dat; >+ p += 1; /* version */ >+ type = *p++; >+ type &= ~1; /* msg type */ >+ >+ if (type != (2 << 1)) /* KDC_REPLY */ >+ return (-1); >+ >+ p += strlen((char*)p) + 1; /* name */ >+ p += strlen((char*)p) + 1; /* instance */ >+ p += strlen((char*)p) + 1; /* realm */ >+ p += 4; /* time */ >+ p += 1; /* # tickets */ >+ p += 4; /* exp date */ >+ p += 1; /* master kvno */ >+ p += 2; /* length */ >+ >+ len = MIN(ktext->length - (p - ktext->dat), size); >+ memcpy(dst, p, len); >+ >+ return (len); >+} >+ >+int >+fetch_tgt(char *host, char *user, char *realm, u_char *dst, int size) >+{ >+ struct sockaddr_in from, to; >+ KTEXT_ST ktext; >+ int sock, alen; >+ >+ /* Fill in dest addr. */ >+ memset(&to, 0, sizeof(to)); >+ if ((to.sin_addr.s_addr = resolve_host(host)) == -1) { >+ fprintf(stderr, "bad host: %s\n", host); >+ return (-1); >+ } >+ to.sin_family = AF_INET; >+ to.sin_port = htons(750); >+ >+ /* Fill in our TGT request. */ >+ ktext.length = make_req(ktext.dat, user, realm); >+ >+ /* Send it to KDC. */ >+ if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { >+ perror("socket"); >+ return (-1); >+ } >+ alen = sizeof(to); >+ if (sendto(sock, ktext.dat, ktext.length, 0, (struct sockaddr *)&to, alen) >+ < 0) { >+ perror("send"); >+ close(sock); >+ return (-1); >+ } >+ /* Read reply. */ >+ if ((ktext.length = recvfrom(sock, ktext.dat, sizeof(ktext.dat), 0, >+ (struct sockaddr *)&from, &alen)) <= 0) { >+ perror("recv"); >+ close(sock); >+ return (-1); >+ } >+ close(sock); >+ >+ /* Extract TGT. */ >+ return (find_tkt(&ktext, dst, size)); >+} >+ >+void >+print_tgt(char *host, char *user, char *realm) >+{ >+ u_char tgt[TGT_LENGTH]; >+ int i, len; >+ >+ if ((len = fetch_tgt(host, user, realm, tgt, sizeof(tgt))) == -1) { >+ fprintf(stderr, "==> couldn't get tgt for %s@%s\n", user, realm); >+ } >+ else { >+ printf("%s:$%s$%s$", user, AFS ? "af" : "k4", realm); >+ >+ for (i = 0; i < len; i++) >+ printf("%.2x", tgt[i]); >+ >+ printf("\n"); >+ } >+} >+ >+char * >+upcase(char *string) >+{ >+ char *p; >+ >+ for (p = string; *p != '\0'; p++) >+ *p = toupper(*p); >+ >+ return (string); >+} >+ >+int >+main(int argc, char *argv[]) >+{ >+ char c, *p, *host, *realm, user[128]; >+ int i; >+ >+ host = realm = NULL; >+ >+ while ((c = getopt(argc, argv, "h?AV")) != EOF) { >+ switch (c) { >+ case 'A': >+ AFS = 1; >+ break; >+ case 'V': >+ fprintf(stderr, "Version: %s\n", VERSION); >+ usage(); >+ break; >+ default: >+ usage(); >+ } >+ } >+ argc -= optind; >+ argv += optind; >+ >+ if (argc < 2) >+ usage(); >+ >+ realm = upcase(argv[0]); >+ host = argv[1]; >+ >+ if (argc == 2) { >+ while (fgets(user, sizeof(user), stdin) != NULL) { >+ if ((p = strrchr(user, '\n')) != NULL) >+ *p = '\0'; >+ print_tgt(host, user, realm); >+ } >+ } >+ else { >+ for (i = 2; i < argc; i++) >+ print_tgt(host, argv[i], realm); >+ } >+ exit(0); >+} >+ >+/* 5000 */ >diff -urN john-1.6.orig/src/undrop.c john-1.6/src/undrop.c >--- john-1.6.orig/src/undrop.c 1970-01-01 09:30:00.000000000 +0930 >+++ john-1.6/src/undrop.c 2004-05-19 08:16:06.000000000 +0930 >@@ -0,0 +1,110 @@ >+/* >+ * Eggdrop userfile converter >+ * Copyright (c) 2002 by Sun-Zero <sun-zero@freemail.hu> >+ * This is a free software distributable under terms of the GNU GPL. >+ * See the file COPYING for details. >+ * >+ * 2002-04-06 >+*/ >+ >+#include <stdio.h> >+#include <string.h> >+#include <unistd.h> >+ >+ >+#define USERFILE_HEADER "#4v:" >+#define USERNAME_LENGTH 11 >+#define PASSWORD_LENGTH 13 >+#define MAX_FLAGS_LENGTH 32 >+#define BUFSIZE 512 >+ >+int readline( FILE *fd, char *rbuf ) { >+ char c; >+ int p = 0, rval; >+ >+ do >+ { >+ rval = fread(&c, 1, 1, fd); >+ rbuf[p++] = c; >+ }while( c != EOF && c != '\n' && p + 1 < BUFSIZE && rval == 1 && >+ !feof(fd) && !ferror(fd) >+ ); >+ >+ rbuf[p] = '\0'; >+ if( rval != 1 ) >+ { >+ p--; >+ rbuf[p] = '\0'; >+ return( rval ); >+ } >+ >+ return( p ); >+} >+ >+ >+int undrop(int argc, char *argv[]) { >+ >+ FILE *userfile; >+ char username[USERNAME_LENGTH]; >+ char password[PASSWORD_LENGTH]; >+ char flags[MAX_FLAGS_LENGTH]; >+ char t_username[512]; >+ char t_flags[512]; >+ char t_line[BUFSIZE]; >+ int t_lines; >+ >+ char temp_char; >+ if (argc != 2) { >+ userfile = stdin; >+ printf("# userfile reading from stdin\n"); >+ } else { >+ userfile = fopen(argv[1], "r"); >+ if (userfile == NULL) { >+ fprintf(stderr, "opening userfile\n"); >+ userfile = stdin; >+ } >+ } >+ >+ >+ memset(&t_line, 0, sizeof(t_line)); >+ t_lines = readline(userfile, t_line); >+ if (strncmp(t_line, USERFILE_HEADER, strlen(USERFILE_HEADER)) != 0) { >+ fprintf(stderr, "usefile format is wrong\n"); >+ return -1; >+ } else { >+ printf("# userfile format OK\n\n"); >+ } >+ >+ while (t_lines != 0) { >+ memset(&t_username, 0, sizeof(t_username)); >+ memset(&t_flags, 0, sizeof(t_flags)); >+ memset(&t_line, 0, sizeof(t_line)); >+ >+ t_lines = readline(userfile, t_line); >+ >+ temp_char = sscanf(t_line, "%10s - %24s\n", t_username, t_flags); >+ >+ if (temp_char == 2) { >+ if (strncmp(t_username, "! ", 2) != 0 && >+ strncmp(t_username, "--", 2) != 0 && >+ strncmp(t_username, "&&", 2) != 0 && >+ strncmp(t_username, "::", 2) != 0 && >+ strncmp(t_username, "$$", 2) != 0 >+ ) { >+ strncpy(username, t_username, USERNAME_LENGTH); >+ strncpy(flags, t_flags, MAX_FLAGS_LENGTH); >+ } >+ } >+ if (strncmp(t_line, "--PASS +", 8) == 0) { >+ sscanf(t_line, "--PASS %s", password); >+ printf("%s:%s:::%s:\n", username, password, flags); >+ >+ memset(&username, 0, sizeof(username)); >+ memset(&flags, 0, sizeof(flags)); >+ memset(&password, 0, sizeof(password)); >+ } >+ fflush(stdout); >+ } >+ fclose(userfile); >+ return 0; >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=31726">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 51442
:
31694
|
31695
|
31697
|
31698
| 31726
