From 1d447ecff627585b2375500193823c56096a4f66 Mon Sep 17 00:00:00 2001
From: jerrydark <jerrydark@github.com>
Date: Thu, 16 Sep 2021 16:40:10 -0400
Subject: [PATCH] autocrack fix

---
 core/autocrack.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/core/autocrack.py b/core/autocrack.py
index 2f59fa7..8935e83 100644
--- a/core/autocrack.py
+++ b/core/autocrack.py
@@ -13,6 +13,7 @@
 import select
 import json
 import core.utils
+import re
 
 from multiprocessing import Process
 from settings import settings
@@ -22,6 +23,10 @@
 ASLEAP_CMD = 'asleap -C %s -R %s -W %s | grep -v asleap | grep password'
 EAP_USERS_ENTRY =  '"%s"\tTTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2\t"%s"\t[2]'
 
+challenge_pattern = re.compile("^([0-9A-Fa-f]{2}[:]){7}([0-9A-Fa-f]{2})$")
+response_pattern = re.compile("^([0-9A-Fa-f]{2}[:]){23}([0-9A-Fa-f]{2})$")
+
+
 def crack_locally(username, challenge, response, wordlist):
 
     cmd = ASLEAP_CMD % (challenge, response, wordlist)
@@ -74,13 +79,13 @@ def run_autocrack(wordlist):
 
                 if remote_rig:
                     pass
-                else:
-
+                elif re.match(challenge_pattern, challenge) and re.match(response_pattern, response):
                     crack_locally(username,
                             challenge,
                             response,
                             wordlist)
-
+                else:
+                    print('[autocrack] invalid input: {}'.format(data))
 
 class Autocrack(object):