ctxis / crackerjack Goto Github PK
View Code? Open in Web Editor NEWCrackerJack / Hashcat Web Interface / Context Information Security
Home Page: https://www.contextis.com/en/resources/tools/crackerjack
License: MIT License
CrackerJack / Hashcat Web Interface / Context Information Security
Home Page: https://www.contextis.com/en/resources/tools/crackerjack
License: MIT License
Hi,
I've run into two problems while configuring LDAP authentication.
I'm unable to get SSL to work even though I know my active directory supports it. No errors are generated in syslog, just fails with a 500 error.
If I specify the domain CORRECTLY I get a 500 error and the following error in syslog...
Oct 14 17:18:11 atlas gunicorn[790]: [2021-10-14 17:18:11,515] ERROR in app: Exception on /auth/login [POST]
Oct 14 17:18:11 atlas gunicorn[790]: Traceback (most recent call last):
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
Oct 14 17:18:11 atlas gunicorn[790]: response = self.full_dispatch_request()
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
Oct 14 17:18:11 atlas gunicorn[790]: rv = self.handle_user_exception(e)
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
Oct 14 17:18:11 atlas gunicorn[790]: reraise(exc_type, exc_value, tb)
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
Oct 14 17:18:11 atlas gunicorn[790]: raise value
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
Oct 14 17:18:11 atlas gunicorn[790]: rv = self.dispatch_request()
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/venv/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
Oct 14 17:18:11 atlas gunicorn[790]: return self.view_functions[rule.endpoint](**req.view_args)
Oct 14 17:18:11 atlas gunicorn[790]: File "/opt/crackerjack/app/controllers/auth.py", line 68, in login_process
Oct 14 17:18:11 atlas gunicorn[790]: user = users.get_ldap_user(ldap_user['username'])
Oct 14 17:18:11 atlas gunicorn[790]: TypeError: 'bool' object is not subscriptable
However, if I set domain intentionally INCORRECTLY then LDAP authentication works. Very strange!
Cheers
Steve
LDAP authentication is great. In our use case, it would be useful to have a filter based on the AD groups the user is member of. Only member of the "Crackerjack" security group in AD should be able to log in.
In the same way, another group could be used to configure if the user shall be admin or not in Crackerjack.
Very minor thing - one of our consultants noted that the footer hadn't updated the version correctly.
app/version.py still says:
__version__ = '1.2.0'
When it should really be 1.2.1!
Hi.
This message showing in the web GUI after clean installation.
Hashcat and crackerjack installed on virtual machine running Ubuntu 20.04
Other information.
GPU Nvidia Tesla T4.
Drivers tested NVIDIA-Linux-x86_64-515.48.07, NVIDIA-Linux-x86_64-460.73.01
Current driver NVIDIA-Linux-x86_64-460.73.01
hashcat -I returns
root@hashcat1:/home/user# hashcat -I
hashcat (v5.1.0) starting...OpenCL Info:
Platform ID #1
Vendor : NVIDIA Corporation
Name : NVIDIA CUDA
Version : OpenCL 1.2 CUDA 11.2.162Device ID #1
Type : GPU
Vendor ID : 32
Vendor : NVIDIA Corporation
Name : Tesla T4
Version : OpenCL 1.2 CUDA
Processor(s) : 40
Clock : 1590
Memory : 3777/15109 MB allocatable
OpenCL Version : OpenCL C 1.2
Driver Version : 460.73.01Platform ID #2
Vendor : The pocl project
Name : Portable Computing Language
Version : OpenCL 1.2 pocl 1.4, None+Asserts, LLVM 9.0.1, RELOC, SLEEF, DISTRO, POCL_DEBUGDevice ID #2
Type : CPU
Vendor ID : 128
Vendor : GenuineIntel
Name : pthread-Intel(R) Xeon(R) Gold 6238R CPU @ 2.20GHz
Version : OpenCL 1.2 pocl HSTR: pthread-x86_64-pc-linux-gnu-cascadelake
Processor(s) : 4
Clock : 2194
Memory : 8192/30065 MB allocatable
OpenCL Version : OpenCL C 1.2 pocl
Driver Version : 1.4
What could it be?
In lib/base/ldap.py it's meant to set the LDAP mode to either SIMPLE or NTLM. It fails to set it to simple as there's a wee typo in line 269:
auth_type = ldap3.SIMPLE if self.auth_type == self.AUTH_METHOD_SIMPLE else ldap3.NTLM
It should be self._auth_type. i.e.:
auth_type = ldap3.SIMPLE if self._auth_type == self.AUTH_METHOD_SIMPLE else ldap3.NTLM
We're having a problem where it keeps on running hashcat -I in the background; which leads to them erroring that hashcat is already running and the device profiles being unset which causes them not to be used on a run.
I'm not certain why hashcat is trying to enumerate the device profiles all the time, IMO it should only really try this when it first started crackerjack. If it can't enumerate the device profiles it should follow what's in the database.
Example image off the hashcat -I sessions (I enabled debug out for them)
Hello,
First off, love your tool; it offers a perfect mix of simplicity, security, and job control for hashcat over a web interface! I would like to make a suggestion: can you add a dropdown section within running sessions that displays the current hashcat output? The hashcat output provides % and time estimates that are very helpful in addition to the current increment count (for bruteforce). Hashcat also refreshed this screen if you press any key other than those mentioned on the screen.
Either way, still a great tool. Thank you for taking your time to create this project and make it open source!
UPDATE:
Apparently the session timed out...when I restored the screen it showed an integer overflow error...maybe I messed up the masked? All i wanted was a simple bruteforce mode attack so i manually (in the screen session) entered the -a -i --increment-min 10 --increment-max 10 -w 4 and the online session refreshed (which was cool!).
Hello.
When trying to create a new user on the web interface (non admin, active), I have this error below. :
werkzeug.routing.BuildError: Could not build url for endpoint 'admin.user_edit' with values ['user_id']. Did you mean 'config.user_edit' instead?
Traceback (most recent call last)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 2464, in __call__
return self.wsgi_app(environ, start_response)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 2450, in wsgi_app
response = self.handle_exception(e)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 1867, in handle_exception
reraise(exc_type, exc_value, tb)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask_login/utils.py", line 272, in decorated_view
return func(*args, **kwargs)
File "/opt/crackerjack/app/lib/base/decorators.py", line 13, in wrapped_view
return f(**kwargs)
File "/opt/crackerjack/app/controllers/config/system/users.py", line 48, in user_save
return redirect(url_for('admin.user_edit', user_id=user_id))
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/helpers.py", line 370, in url_for
return appctx.app.handle_url_build_error(error, endpoint, values)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/app.py", line 2216, in handle_url_build_error
reraise(exc_type, exc_value, tb)
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/opt/crackerjack/venv/lib/python3.9/site-packages/flask/helpers.py", line 357, in url_for
rv = url_adapter.build(
File "/opt/crackerjack/venv/lib/python3.9/site-packages/werkzeug/routing.py", line 2179, in build
raise BuildError(endpoint, values, method, self)
werkzeug.routing.BuildError: Could not build url for endpoint 'admin.user_edit' with values ['user_id']. Did you mean 'config.user_edit' instead?
The debugger caught an exception in your WSGI application. You can now look at the traceback which led to the error.
To switch between the interactive traceback and the plaintext one, you can click on the "Traceback" headline. From the text traceback you can also create a paste of it. For code execution mouse-over the frame you want to debug and click on the console icon on the right side.
You can execute arbitrary Python code in the stack frames and there are some extra helpers available for introspection:
dump() shows all variables in the frame
dump(obj) dumps all that's known about the object
Thanks for your help.
Hi,
For some reason the status in the dashboard doesn't change to 'Finished' when a large wordlist like hashkiller-dict (https://hashkiller.io/download) is used. This is also the case when a ruleset is used which has invalid rules, like OneRuleToRuleThemAll (https://raw.githubusercontent.com/NotSoSecure/password_cracking_rules/master/OneRuleToRuleThemAll.rule). I've tried looking into why it isn't working but I couldn't find it unfortunately.
For some reason if subprocess.run() uses just the name of the executable it will ignore the path return "not found" when run as part of crackerjack (I can't replicate this from interactive Python3). This is used in several places with "which", "ps", "screen" etc. This problem can be fixed by expanding the command to use a full path.
The user it runs as has a shell of /sbin/nologin.
On a separate note: you really should shell out to do these sort of things, e.g. psutil should be used instead of shelling out to ps.
I've compiled hashcat 6.2.6-632 from source
$ hashcat -I
hashcat (v6.2.6-632-gb700428bf) starting in backend information mode
Successfully initialized the NVIDIA main driver CUDA runtime library.
Failed to initialize NVIDIA RTC library.
* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
CUDA SDK Toolkit required for proper device support and utilization.
For more information, see: https://hashcat.net/faq/wrongdriver
Falling back to OpenCL runtime.
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: NVIDIA Corporation
Name....: NVIDIA CUDA
Version.: OpenCL 3.0 CUDA 12.0.151
Backend Device ID #1
Type...........: GPU
Vendor.ID......: 32
Vendor.........: NVIDIA Corporation
Name...........: NVIDIA GeForce RTX 3060
Version........: OpenCL 3.0 CUDA
Processor(s)...: 28
Clock..........: 1852
Memory.Total...: 12041 MB (limited to 3010 MB allocatable in one block)
Memory.Free....: 9088 MB
Local.Memory...: 48 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 525.116.04
PCI.Addr.BDF...: 06:00.0
Running on Caddy reverse-proxy to the default port
This is not a big issue, just some nice improvement.
When a very big dictionary is used (like rockyou2021), a long time can be spent building cache (around 15 min in my case). During this period, Crackerjack only displays "Please Wait..." with no progress bar. This could be confusing as to why it does not start cracking.
Technically it could be added as under the hood, hashcat reports the progress in building cache.
Hello I followed the youtube video, at the time of the recording on the link http://127.0.0.1:5000/install/ , I receive the following error Could not create user - make sure the database file is writable . Can you help me ? Thank you very luch
I just noticed that when you create a session and you have to choose the wordlist, if the user clicks on the "Create wordlist from already cracked passwords" button, crackjacker does not take in consideration the pwd_cracked.dict or hashes.cracked file from the previous session. Instead, it creates an empty "pwd_wordlist.dict" file. Once the new session is launched, we get an error, which is normal because the wordlist is empty.
A straight install on a clean Ubuntu box lead to the above error when trying to set up an admin user. Looks like it's to do with Flask's CSRF protection having WTF_CSRF_SSL_STRICT applied by default (which is mostly superfluous in the wonderful world of CORS).
Adding the below line to app/init.py fixed it:
app.config['WTF_CSRF_SSL_STRICT'] = False
Currently the GUI allows users to manually select and create a mask for brute-force attacks on hashes. It would be nice if the user has the option to select Hashcat mask files instead.
It appears the version of jquery bundled with crackerjack is quite old (2019) and has an exploitable vulnerability in it.
Installed version : 3.4.1
Fixed version : 3.5.0Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
Thanks
Steve
Hello,
I tried to install crackerjack on Ubuntu 22.04.2 LTS but this fails with the exception below while running flask db init
.
Installation is performed in a venv with pip (procedure as in documentation). pip requirements install goes fine.
Traceback (most recent call last):
File "/opt/crackerjack/venv/bin/flask", line 8, in <module>
sys.exit(main())
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask/cli.py", line 967, in main
cli.main(args=sys.argv[1:], prog_name="python -m flask" if as_module else None)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask/cli.py", line 586, in main
return super(FlaskGroup, self).main(*args, **kwargs)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/click/core.py", line 1254, in invoke
cmd_name, cmd, args = self.resolve_command(ctx, args)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/click/core.py", line 1297, in resolve_command
cmd = self.get_command(ctx, cmd_name)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask/cli.py", line 542, in get_command
rv = info.load_app().cli.get_command(ctx, name)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask/cli.py", line 392, in load_app
app = locate_app(self, import_name, None, raise_if_not_found=False)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask/cli.py", line 240, in locate_app
__import__(module_name)
File "/opt/crackerjack/wsgi.py", line 1, in <module>
from app import create_app
File "/opt/crackerjack/app/__init__.py", line 12, in <module>
db = SQLAlchemy()
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask_sqlalchemy/__init__.py", line 758, in __init__
_include_sqlalchemy(self, query_class)
File "/opt/crackerjack/venv/lib/python3.10/site-packages/flask_sqlalchemy/__init__.py", line 112, in _include_sqlalchemy
for key in module.__all__:
AttributeError: module 'sqlalchemy' has no attribute '__all__'. Did you mean: '__file__'?
I tried to pin some old versions of Flask-SQLAlchemy
in requirements.txt but without success.
I'm currently running Manjiro
I've double checked and I can confirm that hashcat is installed and accessible from the user account.
$ hashcat -I
hashcat (v6.2.6) starting in backend information mode
hipInit(): 101
CUDA Info:
==========
CUDA.Version.: 11.8
Backend Device ID #1 (Alias: #2)
Name...........: NVIDIA GeForce RTX 3060
Processor(s)...: 28
Clock..........: 1837
Memory.Total...: 12051 MB
Memory.Free....: 9207 MB
Local.Memory...: 99 KB
PCI.Addr.BDFe..: 0000:01:00.0
OpenCL Info:
============
OpenCL Platform ID #1
Vendor..: Advanced Micro Devices, Inc.
Name....: AMD Accelerated Parallel Processing
Version.: OpenCL 2.1 AMD-APP.dbg (3486.0)
OpenCL Platform ID #2
Vendor..: NVIDIA Corporation
Name....: NVIDIA CUDA
Version.: OpenCL 3.0 CUDA 11.8.87
Backend Device ID #2 (Alias: #1)
Type...........: GPU
Vendor.ID......: 32
Vendor.........: NVIDIA Corporation
Name...........: NVIDIA GeForce RTX 3060
Version........: OpenCL 3.0 CUDA
Processor(s)...: 28
Clock..........: 1837
Memory.Total...: 12051 MB (limited to 3012 MB allocatable in one block)
Memory.Free....: 9152 MB
Local.Memory...: 48 KB
OpenCL.Version.: OpenCL C 1.2
Driver.Version.: 520.56.06
PCI.Addr.BDF...: 01:00.0
Troubleshooting guide recommends:
crackerjack
service is running using:
sudo systemctl status crackerjack
orps -aux | grep crackerjack
(you should see 4 workers).The service is running, but if you look at the journal there's errors.
$ journalctl -u crackerjack.service
Dec 01 22:34:21 SS-Server systemd[1]: Started CrackerJack Gunicorn.
Dec 01 22:34:21 SS-Server systemd[59360]: crackerjack.service: Failed to determine user credentials: No such process
Dec 01 22:34:21 SS-Server systemd[59360]: crackerjack.service: Failed at step USER spawning /home/spk/crackerjack/venv/bin/gunicorn: No such process
Dec 01 22:34:21 SS-Server systemd[1]: crackerjack.service: Main process exited, code=exited, status=217/USER
Dec 01 22:34:21 SS-Server systemd[1]: crackerjack.service: Failed with result 'exit-code'.
Dec 01 22:35:27 SS-Server systemd[1]: Started CrackerJack Gunicorn.
Dec 01 22:35:27 SS-Server gunicorn[59472]: [2022-12-01 22:35:27 -0600] [59472] [INFO] Starting gunicorn 20.1.0
Dec 01 22:35:27 SS-Server gunicorn[59472]: [2022-12-01 22:35:27 -0600] [59472] [INFO] Listening at: http://0.0.0.0:5000 (59472)
Dec 01 22:35:27 SS-Server gunicorn[59472]: [2022-12-01 22:35:27 -0600] [59472] [INFO] Using worker: sync
Dec 01 22:35:27 SS-Server gunicorn[59474]: [2022-12-01 22:35:27 -0600] [59474] [INFO] Booting worker with pid: 59474
Dec 01 22:35:27 SS-Server gunicorn[59475]: [2022-12-01 22:35:27 -0600] [59475] [INFO] Booting worker with pid: 59475
Dec 01 22:35:27 SS-Server gunicorn[59476]: [2022-12-01 22:35:27 -0600] [59476] [INFO] Booting worker with pid: 59476
Dec 01 22:36:14 SS-Server gunicorn[59474]: [2022-12-01 22:36:14,549] ERROR in app: Exception on /auth/login [POST]
Dec 01 22:36:14 SS-Server gunicorn[59474]: Traceback (most recent call last):
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 2447, in wsgi_app
Dec 01 22:36:14 SS-Server gunicorn[59474]: response = self.full_dispatch_request()
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1952, in full_dispatch_request
Dec 01 22:36:14 SS-Server gunicorn[59474]: rv = self.handle_user_exception(e)
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1821, in handle_user_exception
Dec 01 22:36:14 SS-Server gunicorn[59474]: reraise(exc_type, exc_value, tb)
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/_compat.py", line 39, in reraise
Dec 01 22:36:14 SS-Server gunicorn[59474]: raise value
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1950, in full_dispatch_request
Dec 01 22:36:14 SS-Server gunicorn[59474]: rv = self.dispatch_request()
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1936, in dispatch_request
Dec 01 22:36:14 SS-Server gunicorn[59474]: return self.view_functions[rule.endpoint](**req.view_args)
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/app/controllers/auth.py", line 90, in login_process
Dec 01 22:36:14 SS-Server gunicorn[59474]: system.run_updates()
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/app/lib/base/system.py", line 14, in run_updates
Dec 01 22:36:14 SS-Server gunicorn[59474]: self.update_git_hash_version()
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/app/lib/base/system.py", line 42, in update_git_hash_version
Dec 01 22:36:14 SS-Server gunicorn[59474]: git_binary = self.shell.execute(['which', 'git'], user_id=0)
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/home/spk/crackerjack/app/lib/base/shell.py", line 21, in execute
Dec 01 22:36:14 SS-Server gunicorn[59474]: output = subprocess.run(command, stdout=subprocess.PIPE).stdout.decode().strip()
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/usr/lib/python3.10/subprocess.py", line 503, in run
Dec 01 22:36:14 SS-Server gunicorn[59474]: with Popen(*popenargs, **kwargs) as process:
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/usr/lib/python3.10/subprocess.py", line 971, in __init__
Dec 01 22:36:14 SS-Server gunicorn[59474]: self._execute_child(args, executable, preexec_fn, close_fds,
Dec 01 22:36:14 SS-Server gunicorn[59474]: File "/usr/lib/python3.10/subprocess.py", line 1847, in _execute_child
Dec 01 22:36:14 SS-Server gunicorn[59474]: raise child_exception_type(errno_num, err_msg, err_filename)
Dec 01 22:36:14 SS-Server gunicorn[59474]: FileNotFoundError: [Errno 2] No such file or directory: 'which'
Dec 01 22:37:51 SS-Server gunicorn[59476]: [2022-12-01 22:37:51,282] ERROR in app: Exception on / [GET]
Dec 01 22:37:51 SS-Server gunicorn[59476]: Traceback (most recent call last):
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 2447, in wsgi_app
Dec 01 22:37:51 SS-Server gunicorn[59476]: response = self.full_dispatch_request()
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1952, in full_dispatch_request
Dec 01 22:37:51 SS-Server gunicorn[59476]: rv = self.handle_user_exception(e)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1821, in handle_user_exception
Dec 01 22:37:51 SS-Server gunicorn[59476]: reraise(exc_type, exc_value, tb)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/_compat.py", line 39, in reraise
Dec 01 22:37:51 SS-Server gunicorn[59476]: raise value
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1950, in full_dispatch_request
Dec 01 22:37:51 SS-Server gunicorn[59476]: rv = self.dispatch_request()
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/venv/lib/python3.10/site-packages/flask/app.py", line 1936, in dispatch_request
Dec 01 22:37:51 SS-Server gunicorn[59476]: return self.view_functions[rule.endpoint](**req.view_args)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/app/controllers/home.py", line 26, in index
Dec 01 22:37:51 SS-Server gunicorn[59476]: errors = healthcheck.run(provider)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/app/lib/base/healthcheck.py", line 19, in run
Dec 01 22:37:51 SS-Server gunicorn[59476]: self.check_screen_software(shell, errors)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/app/lib/base/healthcheck.py", line 65, in check_screen_software
Dec 01 22:37:51 SS-Server gunicorn[59476]: screen_binary = shell.execute(['which', 'screen'], user_id=0, log_to_db=False)
Dec 01 22:37:51 SS-Server gunicorn[59476]: File "/home/spk/crackerjack/app/lib/base/shell.py", line 21, in execute
$ ps -aux | grep crackerjack
spk 45448 0.0 0.1 33392 26668 ? Ss 15:14 0:00 /home/spk/crackerjack/venv/bin/python /home/spk/crackerjack/venv/bin/gunicorn --workers 3 --bind 0.0.0.0:5000 -m 007 wsgi:app
spk 45449 0.0 0.4 90640 67168 ? S 15:14 0:00 /home/spk/crackerjack/venv/bin/python /home/spk/crackerjack/venv/bin/gunicorn --workers 3 --bind 0.0.0.0:5000 -m 007 wsgi:app
spk 45450 0.0 0.4 96292 72976 ? S 15:14 0:02 /home/spk/crackerjack/venv/bin/python /home/spk/crackerjack/venv/bin/gunicorn --workers 3 --bind 0.0.0.0:5000 -m 007 wsgi:app
spk 45451 0.0 0.4 93468 70452 ? S 15:14 0:00 /home/spk/crackerjack/venv/bin/python /home/spk/crackerjack/venv/bin/gunicorn --workers 3 --bind 0.0.0.0:5000 -m 007 wsgi:app
spk 48901 0.0 0.0 6564 2388 pts/1 S+ 16:32 0:00 grep --colour=auto crackerjack
screen -ls doesn't show any tasks that I didn't make myself.
$ screen -ls
No Sockets found in /run/screens/S-spk.
I have no clue what I was thinking when I made it the way it is now.
Re-factor the whole thing to make it....make sense.
Sometimes although you have cracked hashes, due to an issue in parsing the results the UI will show "0/XXX" and won't let you download the file, unless you go manually into the Files
section and download the potfile manually.
If for some reason the above happens, check if the potfile is empty. If not, allow to download cracked hashes.
We needed some of the newer hashtypes, so I ended up updating hashcat, which needed some changes to crackerjack. The latest hashcat v6.2.6-851-g6716447df uses a reduced --help
, but adds -hh
to dump all hashtypes. It also changed the capitialisation of "Hash Modes"; so I had to make the following changes to app/lib/hashcat/manager.py::
in function get_supported_hashes:
output = self.shell.execute([self.hashcat_binary, '-hh'], user_id=0, log_to_db=False)
in function __parse_supported_hashes:
if line == '- [ Hash Modes ] -':
Tried to add a user with a £ sign in the password, it was rejected as not being complex enough.
This is because you're using string.punctuation which only has 7-bit US ASCII punctuation characters in it.
$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
$ hashcat -V
v5.1.0
$ hashcat -h | grep "Full-Disk Encryption (FDE)" | head -n 15
62XY | TrueCrypt | Full-Disk Encryption (FDE)
X | 1 = PBKDF2-HMAC-RIPEMD160 | Full-Disk Encryption (FDE)
X | 2 = PBKDF2-HMAC-SHA512 | Full-Disk Encryption (FDE)
X | 3 = PBKDF2-HMAC-Whirlpool | Full-Disk Encryption (FDE)
X | 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode | Full-Disk Encryption (FDE)
Y | 1 = XTS 512 bit pure AES | Full-Disk Encryption (FDE)
Y | 1 = XTS 512 bit pure Serpent | Full-Disk Encryption (FDE)
Y | 1 = XTS 512 bit pure Twofish | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit pure AES | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit pure Serpent | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit pure Twofish | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit cascaded AES-Twofish | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit cascaded Serpent-AES | Full-Disk Encryption (FDE)
Y | 2 = XTS 1024 bit cascaded Twofish-Serpent | Full-Disk Encryption (FDE)
Y | 3 = XTS 1536 bit all | Full-Disk Encryption (FDE)
There are some algorithms in the Hash modes
section which has an identification character instead of a number. This cause a fail in the python file ./app/lib/hashcat/manager.py
line 90 aproximately because it is trying to parse a character as int. I have added a try
except
to bypass this problem however it is not as clean as i think.
def __get_hashtype_description(self, hash_type, supported_hashes=None):
description = ''
if supported_hashes is None:
supported_hashes = self.get_supported_hashes()
if not isinstance(hash_type, int):
hash_type = int(hash_type)
for type, hashes in supported_hashes.items():
for code, name in hashes.items():
try: # Added by me
if int(code) == hash_type: # Here it fails when parsing 62XY
description = name
break
except: # Added by me
pass
if len(description) > 0:
break
return description
I dont know if this is considered a bug, because hashcat 6 is out and i think it does no contain characters as codes.
Hashcat tends to be quite greedy on GPU RAM. It would be nice if we could parallelise some of our cracks by allow only certain GPUs to be selected, so we can have, say urgent and heavy jobs on the 3080s and less urgent on the 2080s.
This can be defined using the -d/-D flag to hashcat (where the ids can be found from hashcat -I). Ideally I'd like to have profiles that I can set up as the administrator and let the users choose.
A quick workaround may by to allow custom flags to be applied to the hashcat command option, though this would need careful checking to prevent command injection.
The ps
command runs (and is logged) so often that the database ends up gigabytes in size.
Skip logging for this command.
I'm getting a 500 error whenever I go to the home page; but there's nowt in any of the nginx error or access logs. If I run crackerjack manually through flask it all works perfectly. It would be nice to have a log I can look at to debug this.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.