Hashtopolis Forum

Full Version: Multicast does not work via WireGuard on Linux
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi guys!
  • 0.12.0 commit 2be8530 branch master
  • Python agent v0.6.1
  • Hashcat v6.2.3
  • #HL# -a 0 -O -w 4  iam_11.txt
My agent and the server communicate inside the network via WireGuard.
10.9.0.1 - server
10.9.0.11 - Linux agent
10.9.0.10 - Win agent

I enable multicast on server and Linux agent.

Agent:
[Image: 1629411090659.png]

Server:
[Image: 1629411449834.png]

Win agent starts downloading the file immediately. Linux-waiting for something (below is the debug):

Code:
http://hashcat.sitename.com:80 "POST /api/server.php HTTP/1.1" 200 None
b'{"action":"downloadBinary","response":"SUCCESS","url":"https:\\/\\/hashcat.net\\/files\\/hashcat-6.2.3.7z","name":"hashcat","executable":"hashcat.bin"}'
{'action': 'getFile', 'token': 'n5XEFSwLld', 'taskId': 31, 'file': 'iam_11.txt'}
http://hashcat.sitename.com:80 "POST /api/server.php HTTP/1.1" 200 None
b'{"action":"getFile","filename":"iam_11.txt","extension":"txt","response":"SUCCESS","url":"getFile.php?file=9&token=n5XEFSwLld","filesize":1128963450}'
Multicast is enabled, need to wait until it was delivered!

How do I understand what the problem is?
The multicast feature is something which needs a well tuned setup, as mentioned in the description.
Just enabling multicast on both the server and the agent is not enough, every network device (e.g. switch, router) needs to be able to do multicast and handle it in a certain speed so you can benefit from it (e.g. if you just have one slow device with 100Mbit for example, it will slow down the whole operation).

I don't really understand how your setup is and where WireGuard comes into place, but I guess your problem lays somewhere there.
I've never used multicast with WireGuard myself so not an expert but maybe my thoughts on it help.
First thing I'd check if the multicast address is in the allowed IPs of your WireGuard config.
Then I'd use tcpdump/wireshark on the WireGuard interfaces (both agent and server) to see what packets go through.

Another question you have to ask yourself if multicast is even going to benefit you at all?
The whole point of multicast is so the server only has to send the data once and everyone who's listening can pick it up.
Now from my understanding of how WireGuard works, you loose that benefit because your agents have different WireGuard keys and thus the server has to encrypt the data with two different keys resulting in two different packets. So unless I'm completely mistaken (wouldn't be the first time) using multicast in this scenario isn't the right choice.
(08-21-2021, 09:22 AM)hops Wrote: [ -> ]I've never used multicast with WireGuard myself so not an expert but maybe my thoughts on it help.
First thing I'd check if the multicast address is in the allowed IPs of your WireGuard config.
Then I'd use tcpdump/wireshark on the WireGuard interfaces (both agent and server) to see what packets go through.

Another question you have to ask yourself if multicast is even going to benefit you at all?
The whole point of multicast is so the server only has to send the data once and everyone who's listening can pick it up.
Now from my understanding of how WireGuard works, you loose that benefit because your agents have different WireGuard keys and thus the server has to encrypt the data with two different keys resulting in two different packets. So unless I'm completely mistaken (wouldn't be the first time) using multicast in this scenario isn't the right choice.


Thanks for the help. That's right, I have different keys on each agent. It turns out that windows uses something else, and not a multicast to get a file from a task? As I understood from the description, multicast is needed for sending files. If there is some other way to send the file to the agent (automated) , then I would be grateful for a tip. If you use rsync, it copies all the files. It is not clear how to automate sending a file to the agent and then delete the file from the agent.
The default for downloading files the agent needs to run the attack is HTTP (that's most likely what your Windows agent is already using) and works out of the box. So, no multicast is certainly not a requirement and only really wanted in a large cluster setup where getting the files from the server is becoming a bottleneck.
(08-21-2021, 09:57 AM)hops Wrote: [ -> ]The default for downloading files the agent needs to run the attack is HTTP (that's most likely what your Windows agent is already using) and works out of the box. So, no multicast is certainly not a requirement and only really wanted in a large cluster setup where getting the files from the server is becoming a bottleneck.

How to enable receiving file via http on linux agent?
You don't have to do anything, the default configuration just works. Since you have enabled the multicast feature I guess you have to disable it.
Disabling it on the agent should be enough but you might as well disable it on the server.
(08-21-2021, 10:22 AM)hops Wrote: [ -> ]You don't have to do anything, the default configuration just works. Since you have enabled the multicast feature I guess you have to disable it.
Disabling it on the agent should be enough but you might as well disable it on the server.


You are working now. I erased all the settings and restarted the nginx server.


I would like to see a feature with the deletion of the file from the agent after the task is completed. This is useful when heavy password lists are used and there is little space on the agent. Now you have to manually delete it, then create a new task.

For example, you can do this:

[Image: 1629542889505.png]
I can see how this feature could be useful. Please open an issue on the GitHub repository https://github.com/hashtopolis/server/issues so we can better track it.
(08-21-2021, 12:13 PM)hops Wrote: [ -> ]I can see how this feature could be useful. Please open an issue on the GitHub repository https://github.com/hashtopolis/server/issues so we can better track it.

Ok