Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cracked IPMI Hash not registering
#1
Current Server Version
=====================
Hashtopolis: 0.11.0

Current Client Version
=====================
s3-python-0.5.0 for Windows

Hashcat Version
=====================
v5.1.0 for windows

Task command you are using eg. "#HL# wordlist.txt -r rulefile.rule"
=====================
#HL# -a 0 rockyou.txt

A detailed description of the problem you are experiencing:
=====================
I have a single IPMI hash (mode 7300) whose password is admin.  I know because I can find it with just a quick standalong hashcat job using rockyou.txt.  But when I use hashtopolis to create a task with this same hash, using the same hashcat, and same wordlist, hashtopolis reports that it did not crack it.  I re-ran the task but with debug on the agent, and this shows that it did indeed crack it (cracks: 1) and the debug output also shows the hash and the solve.  But for some reason the hashtoplis app isn't picking up on that and thinks it has not been cracked and displays a yellow bar upon completion instead of a green bar.  I ran it twice as a sanity check.

Hash in question (IPMI mode 7300):
=====================
6f93bb047100000039ebef18efaf595be3cd287027528e111895592e772fd4ea6260b6f61ff6f240000000000000000000000000000000001400:c4eec8a114f1b651f98319c60026c51314fa77e6

Known password

=====================
admin

Debug:
======================
[2020-03-27 10:10:50,049] [INFO ] Starting client 's3-python-0.5.0'...
[2020-03-27 10:10:50,065] [INFO ] Collecting agent data...
[2020-03-27 10:10:50,190] [DEBUG] {'action': 'updateInformation', 'token': 'mFKBF8Bdoz', 'uid': '6fb91b75-a04d-42c2-ad55-13701838b78c', 'os': 1, 'devices': ['Intel® Core™ i7-6850K CPU @ 3.60GHz', 'NVIDIA GeForce GTX 1080', 'NVIDIA GeForce GTX 1080']}
[2020-03-27 10:10:50,190] [DEBUG] Starting new HTTP connection (1): 172.16.201.5:8080
[2020-03-27 10:10:50,205] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 51
[2020-03-27 10:10:50,205] [DEBUG] b'{"action":"updateInformation","response":"SUCCESS"}'
[2020-03-27 10:10:50,205] [DEBUG] {'action': 'login', 'token': 'mFKBF8Bdoz', 'clientSignature': 's3-python-0.5.0'}
[2020-03-27 10:10:50,205] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 106
[2020-03-27 10:10:50,205] [DEBUG] b'{"action":"login","response":"SUCCESS","multicastEnabled":false,"timeout":30,"server-version":"0.11.0 ()"}'
[2020-03-27 10:10:50,205] [INFO ] Login successful!
[2020-03-27 10:10:50,221] [INFO ] Hashtopolis Server version: 0.11.0 ()
[2020-03-27 10:10:50,221] [DEBUG] {'action': 'checkClientVersion', 'token': 'mFKBF8Bdoz', 'version': '0.5.0', 'type': 'python'}
[2020-03-27 10:10:50,221] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 67
[2020-03-27 10:10:50,221] [DEBUG] b'{"action":"checkClientVersion","response":"SUCCESS","version":"OK"}'
[2020-03-27 10:10:50,221] [INFO ] Client is up-to-date!
[2020-03-27 10:10:50,221] [DEBUG] Entering loop...
[2020-03-27 10:10:50,237] [DEBUG] {'action': 'getFileStatus', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:10:50,237] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 62
[2020-03-27 10:10:50,237] [DEBUG] b'{"action":"getFileStatus","response":"SUCCESS","filenames":[]}'
[2020-03-27 10:10:50,237] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:10:50,252] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 94
[2020-03-27 10:10:50,252] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":null,"reason":"No suitable task available!"}'
[2020-03-27 10:10:50,252] [INFO ] No task available!
[2020-03-27 10:10:55,258] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:10:55,258] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:10:55,258] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 94
[2020-03-27 10:10:55,258] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":null,"reason":"No suitable task available!"}'
[2020-03-27 10:10:55,258] [INFO ] No task available!
[2020-03-27 10:11:00,287] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:11:00,287] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:00,287] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 94
[2020-03-27 10:11:00,287] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":null,"reason":"No suitable task available!"}'
[2020-03-27 10:11:00,287] [INFO ] No task available!
[2020-03-27 10:11:05,308] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:11:05,308] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:05,308] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 337
[2020-03-27 10:11:05,308] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":5451,"attackcmd":"#HL# -a 0 rockyou.txt","cmdpars":" --hash-type=7300 -O","hashlistId":24,"bench":10,"statustimer":5,"files":["rockyou.txt"],"crackerId":"1","benchType":"speed","hashlistAlias":"#HL#","keyspace":"0","usePrince":false,"enforcePipe":false,"slowHash":false,"useBrain":false}'
[2020-03-27 10:11:05,308] [INFO ] Got task with id: 5451
[2020-03-27 10:11:05,323] [DEBUG] {'action': 'downloadBinary', 'token': 'mFKBF8Bdoz', 'type': 'cracker', 'binaryVersionId': '1'}
[2020-03-27 10:11:05,323] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 150
[2020-03-27 10:11:05,323] [DEBUG] b'{"action":"downloadBinary","response":"SUCCESS","url":"http:\\/\\/172.16.201.5:8080\\/src\\/hashcat-5.1.0.7z","name":"hashcat","executable":"hashcat.exe"}'
[2020-03-27 10:11:05,339] [DEBUG] {'action': 'getFile', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'file': 'rockyou.txt'}
[2020-03-27 10:11:05,339] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 149
[2020-03-27 10:11:05,339] [DEBUG] b'{"action":"getFile","filename":"rockyou.txt","extension":"txt","response":"SUCCESS","url":"getFile.php?file=5&token=mFKBF8Bdoz","filesize":186653754}'
[2020-03-27 10:11:05,339] [DEBUG] {'action': 'getHashlist', 'token': 'mFKBF8Bdoz', 'hashlistId': 24}
[2020-03-27 10:11:05,355] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 99
[2020-03-27 10:11:05,355] [DEBUG] b'{"action":"getHashlist","response":"SUCCESS","url":"getHashlist.php?hashlists=24&token=mFKBF8Bdoz"}'
[2020-03-27 10:11:05,355] [DEBUG] http://172.16.201.5:8080 "GET /src/getHashlist.php?hashlists=24&token=mFKBF8Bdoz HTTP/1.1" 200 112
[2020-03-27 10:11:05,370] [DEBUG] {'action': 'checkClientVersion', 'token': 'mFKBF8Bdoz', 'version': '0.5.0', 'type': 'python'}
[2020-03-27 10:11:05,370] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 67
[2020-03-27 10:11:05,370] [DEBUG] b'{"action":"checkClientVersion","response":"SUCCESS","version":"OK"}'
[2020-03-27 10:11:05,370] [INFO ] Client is up-to-date!
[2020-03-27 10:11:05,370] [INFO ] Got cracker binary type hashcat
[2020-03-27 10:11:05,370] [DEBUG] {'action': 'getChunk', 'token': 'mFKBF8Bdoz', 'taskId': 5451}
[2020-03-27 10:11:05,386] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 71
[2020-03-27 10:11:05,386] [DEBUG] b'{"action":"getChunk","response":"SUCCESS","status":"keyspace_required"}'
[2020-03-27 10:11:05,386] [DEBUG] CALL: hashcat64.exe --keyspace --quiet -a 0 ..\..\files\rockyou.txt  --hash-type=7300 -O
[2020-03-27 10:11:06,994] [DEBUG] {'action': 'sendKeyspace', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'keyspace': 18517028}
[2020-03-27 10:11:07,010] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 62
[2020-03-27 10:11:07,010] [DEBUG] b'{"action":"sendKeyspace","response":"SUCCESS","keyspace":"OK"}'
[2020-03-27 10:11:07,010] [INFO ] Keyspace got accepted!
[2020-03-27 10:11:07,010] [DEBUG] {'action': 'downloadBinary', 'token': 'mFKBF8Bdoz', 'type': 'cracker', 'binaryVersionId': '1'}
[2020-03-27 10:11:07,010] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 150
[2020-03-27 10:11:07,010] [DEBUG] b'{"action":"downloadBinary","response":"SUCCESS","url":"http:\\/\\/172.16.201.5:8080\\/src\\/hashcat-5.1.0.7z","name":"hashcat","executable":"hashcat.exe"}'
[2020-03-27 10:11:07,026] [DEBUG] {'action': 'getFile', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'file': 'rockyou.txt'}
[2020-03-27 10:11:07,026] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 149
[2020-03-27 10:11:07,026] [DEBUG] b'{"action":"getFile","filename":"rockyou.txt","extension":"txt","response":"SUCCESS","url":"getFile.php?file=5&token=mFKBF8Bdoz","filesize":186653754}'
[2020-03-27 10:11:07,026] [DEBUG] {'action': 'getChunk', 'token': 'mFKBF8Bdoz', 'taskId': 5451}
[2020-03-27 10:11:07,041] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 63
[2020-03-27 10:11:07,041] [DEBUG] b'{"action":"getChunk","response":"SUCCESS","status":"benchmark"}'
[2020-03-27 10:11:07,041] [INFO ] Benchmark task...
[2020-03-27 10:11:07,041] [DEBUG] CALL: hashcat64.exe --machine-readable --quiet --progress-only --restore-disable --potfile-disable --session=hashtopolis -p " " ..\..\hashlists\24 -a 0 ..\..\files\rockyou.txt  --hash-type=7300 -O -o ..\..\hashlists\24.out
[2020-03-27 10:11:15,314] [DEBUG] {'action': 'sendBenchmark', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'type': 'speed', 'result': '2786377:1058.0700589008595'}
[2020-03-27 10:11:15,314] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:15,330] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 64
[2020-03-27 10:11:15,330] [DEBUG] b'{"action":"sendBenchmark","response":"SUCCESS","benchmark":"OK"}'
[2020-03-27 10:11:15,330] [INFO ] Server accepted benchmark!
[2020-03-27 10:11:15,330] [DEBUG] {'action': 'downloadBinary', 'token': 'mFKBF8Bdoz', 'type': 'cracker', 'binaryVersionId': '1'}
[2020-03-27 10:11:15,330] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 150
[2020-03-27 10:11:15,330] [DEBUG] b'{"action":"downloadBinary","response":"SUCCESS","url":"http:\\/\\/172.16.201.5:8080\\/src\\/hashcat-5.1.0.7z","name":"hashcat","executable":"hashcat.exe"}'
[2020-03-27 10:11:15,330] [DEBUG] {'action': 'getFile', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'file': 'rockyou.txt'}
[2020-03-27 10:11:15,346] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 149
[2020-03-27 10:11:15,346] [DEBUG] b'{"action":"getFile","filename":"rockyou.txt","extension":"txt","response":"SUCCESS","url":"getFile.php?file=5&token=mFKBF8Bdoz","filesize":186653754}'
[2020-03-27 10:11:15,346] [DEBUG] {'action': 'getChunk', 'token': 'mFKBF8Bdoz', 'taskId': 5451}
[2020-03-27 10:11:15,361] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 99
[2020-03-27 10:11:15,361] [DEBUG] b'{"action":"getChunk","response":"SUCCESS","status":"OK","chunkId":15438,"skip":0,"length":18517028}'
[2020-03-27 10:11:15,361] [INFO ] Start chunk...
[2020-03-27 10:11:15,361] [DEBUG] CALL: hashcat64.exe --machine-readable --quiet --status --restore-disable --session=hashtopolis --status-timer 5 --outfile-check-timer=5 --outfile-check-dir=..\..\hashlist_24 -o ..\..\hashlists\24.out --outfile-format=15 -p " " -s 0 -l 18517028 --potfile-disable --remove --remove-timer=5 ..\..\hashlists\24 -a 0 ..\..\files\rockyou.txt  --hash-type=7300 -O
[2020-03-27 10:11:15,361] [DEBUG] started cracking
[2020-03-27 10:11:20,387] [INFO ] Sending keepalive progress to avoid timeout...
[2020-03-27 10:11:20,387] [DEBUG] {'action': 'sendProgress', 'token': 'mFKBF8Bdoz', 'chunkId': 15438, 'keyspaceProgress': 0, 'relativeProgress': 0, 'speed': 0, 'state': 2, 'cracks': []}
[2020-03-27 10:11:20,387] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:20,449] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 80
[2020-03-27 10:11:20,449] [DEBUG] b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":0,"zaps":[]}'
[2020-03-27 10:11:22,521] [DEBUG] STATUS 6 SPEED 38065531 1000 34291403 1000 EXEC_RUNTIME 2.393088 2.459680 CURKU 0 PROGRESS 5243513 18517028 RECHASH 1 1 RECSALT 1 1 TEMP 24 27 REJECTED 633 UTIL 25 41
[2020-03-27 10:11:27,548] [DEBUG] Sending 1 cracks...
[2020-03-27 10:11:27,548] [DEBUG] {'action': 'sendProgress', 'token': 'mFKBF8Bdoz', 'chunkId': 15438, 'keyspaceProgress': 0, 'relativeProgress': 2831, 'speed': 72356934, 'state': 5, 'cracks': [['6f93bb047100000039ebef18efaf595be3cd287027528e111895592e772fd4ea6260b6f61ff6f240000000000000000000000000000000001400:c4eec8a114f1b651f98319c60026c51314fa77e6', 'admin', '61646d696e', '6120892']], 'gpuTemp': [24, 27], 'gpuUtil': [25, 41]}
[2020-03-27 10:11:27,548] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:27,595] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 80
[2020-03-27 10:11:27,595] [DEBUG] b'{"action":"sendProgress","response":"SUCCESS","cracked":0,"skipped":1,"zaps":[]}'
[2020-03-27 10:11:27,595] [INFO ] Progress: 28.31% Speed:  72.36MH/s Cracks: 1 Accepted: 0 Skips: 1 Zaps: 0
[2020-03-27 10:11:28,616] [INFO ] finished chunk
[2020-03-27 10:11:28,616] [DEBUG] {'action': 'checkClientVersion', 'token': 'mFKBF8Bdoz', 'version': '0.5.0', 'type': 'python'}
[2020-03-27 10:11:28,616] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 67
[2020-03-27 10:11:28,616] [DEBUG] b'{"action":"checkClientVersion","response":"SUCCESS","version":"OK"}'
[2020-03-27 10:11:28,616] [INFO ] Client is up-to-date!
[2020-03-27 10:11:28,631] [DEBUG] {'action': 'downloadBinary', 'token': 'mFKBF8Bdoz', 'type': 'cracker', 'binaryVersionId': '1'}
[2020-03-27 10:11:28,631] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 150
[2020-03-27 10:11:28,631] [DEBUG] b'{"action":"downloadBinary","response":"SUCCESS","url":"http:\\/\\/172.16.201.5:8080\\/src\\/hashcat-5.1.0.7z","name":"hashcat","executable":"hashcat.exe"}'
[2020-03-27 10:11:28,631] [DEBUG] {'action': 'getFile', 'token': 'mFKBF8Bdoz', 'taskId': 5451, 'file': 'rockyou.txt'}
[2020-03-27 10:11:28,647] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 88
[2020-03-27 10:11:28,647] [DEBUG] b'{"action":"getFile","response":"ERROR","message":"Client is not assigned to this task!"}'
[2020-03-27 10:11:28,647] [ERROR] Getting of file failed: {'action': 'getFile', 'response': 'ERROR', 'message': 'Client is not assigned to this task!'}
[2020-03-27 10:11:33,652] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:11:33,887] [DEBUG] Resetting dropped connection: 172.16.201.5
[2020-03-27 10:11:33,902] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 94
[2020-03-27 10:11:33,902] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":null,"reason":"No suitable task available!"}'
[2020-03-27 10:11:33,902] [INFO ] No task available!
[2020-03-27 10:11:38,913] [DEBUG] {'action': 'getTask', 'token': 'mFKBF8Bdoz'}
[2020-03-27 10:11:38,913] [DEBUG] http://172.16.201.5:8080 "POST /src/api/server.php HTTP/1.1" 200 94
[2020-03-27 10:11:38,913] [DEBUG] b'{"action":"getTask","response":"SUCCESS","taskId":null,"reason":"No suitable task available!"}'
[2020-03-27 10:11:38,928] [INFO ] No task available!
[2020-03-27 10:11:40,655] [INFO ] Exiting...

(03-27-2020, 06:03 PM)pgsabol Wrote: Side note.  It seems to work fine when cracking other hashes.  A test with NTLM shows that hashtopolis reported the same number cracked as the one I ran manually from command line.
Reply
#2
First of all, thank you for the detailed report! We don't see them to often.

Can you double check that the checkbox "Salted hashes, separator" is active when you create the hashlist?
If that's the case, could you upgrade to the latest version (server: 0.12.0, agent: 0.6.0) and test it again?
Currently I'm not able to try and reproduce it myself but if it's still not working with the latest version I'll see if I get some time during the weekend to look into it.
Reply
#3
Confirmed that "Salted hashes, separator" is checked. Upgrading will be a little more difficult as the COVID thing has us all mandatory working from home and we have limited access to our cluster (it has no direct Internet connectivity). Before we dispatch someone to go back into the office to apply updates, do you, or someone in your circles, have the ability to run the single IPMI hash listed above against rockyou (or smaller wordlist that has 'admin' in it) on a hashtopolis system on 0.12.0 with python agent 0.6.0 on Windows?
Reply
#4
I will run a test with an example IPMI hash and see if I see the same behaviour with the newest version as well.
Reply
#5
Ok, so I checked if I can reproduce this behaviour. Indeed, it does not work due to a bug in hashcat which prints the hash differently than how it was read in.
I opened a pull request to fix this issue here: https://github.com/hashcat/hashcat/pull/2351

Nevertheless, this most likely means that you will need to update your Hashtopolis instance to run the fixed beta version then. This is due to the changes which hashcat made since it's 5.1.0 release (which are quite numerous).
Alternatively, if upgrading is a too big challenge in the current situation and you feel safe enough that you can re-build hashcat for your needs, you can apply the same change from the pull request on the source code of the 5.1.0 release. This would need the change on line 20'455 of https://github.com/hashcat/hashcat/blob/...nterface.c and then rebuilding it on windows in your case.
Reply
#6
(03-31-2020, 03:45 PM)s3in!c Wrote: Ok, so I checked if I can reproduce this behaviour. Indeed, it does not work due to a bug in hashcat which prints the hash differently than how it was read in.
I opened a pull request to fix this issue here: https://github.com/hashcat/hashcat/pull/2351

Nevertheless, this most likely means that you will need to update your Hashtopolis instance to run the fixed beta version then. This is due to the changes which hashcat made since it's 5.1.0 release (which are quite numerous).
Alternatively, if upgrading is a too big challenge in the current situation and you feel safe enough that you can re-build hashcat for your needs, you can apply the same change from the pull request on the source code of the 5.1.0 release. This would need the change on line 20'455 of https://github.com/hashcat/hashcat/blob/...nterface.c and then rebuilding it on windows in your case.
I appreciate the validation, and the details behind what was going on.  We will upgrade hashtopolis and the agent once we get back in the office after this pandemic has subsided.  I can live with this problem for the time being, knowing that IPMI tasks should be run locally for the time being.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)