Fix the case when john cracks only half of LM

Author: egypt

lib/msf/core/auxiliary/jtr.rb

@@ -41,6 +41,12 @@ def initialize(info = {})
 
   end
 
+  # @param pwd [String] Password recovered from cracking an LM hash
+  # @param hash [String] NTLM hash for this password
+  # @return [String] `pwd` converted to the correct case to match the
+  #   given NTLM hash
+  # @return [nil] if no case matches the NT hash. This can happen when
+  #   `pwd` came from a john run that only cracked half of the LM hash
   def john_lm_upper_to_ntlm(pwd, hash)
     pwd  = pwd.upcase
     hash = hash.upcase

modules/auxiliary/analyze/jtr_crack_fast.rb

@@ -98,6 +98,12 @@ def run
             end
           end
           password = john_lm_upper_to_ntlm(password, nt_hash)
+          # password can be nil if the hash is broken (i.e., the NT and
+          # LM sides don't actually match) or if john was only able to
+          # crack one half of the LM hash. In the latter case, we'll
+          # have a line like:
+          #  username:???????WORD:...:...:::
+          next if password.nil?
         end
 
         print_good "#{username}:#{password}:#{core_id}"