Closed harrim4n closed 6 years ago
Hi, thanks for the interest. I obviously don't spend as much time on this project as I should. I do have updates to push that might help you, but I just need to do some testing.
A couple of comments though. First, is there any reason why you're acquiring a lock? I think it might be unnecessary unless there's other code you're integrating with, and the threading might be messing things up. Have you tried running it straight without any locks etc? libhashcat spins up it's own threads in the background and the pyhashcat module runs libhashcat in a background thread when you call hashcat_session_execute()
Second, I would recommend waiting on an EVENT_CRACKER_HASH_CRACKED or EVENT_CRACKER_FINISHED event prior to accessing the outfile. I think there might be a race condition where you're trying to access a file that has nothing in it. You can see here https://github.com/Rich5/pyhashcat/blob/master/pyhashcat/test.py#L59 that I start an infinite loop to wait for hashcat to finish prior to processing files. I need to workout the best way to print results on the fly, but just haven't had the time. Plus the hashcat code base changes a lot so I need to update pyhashcat to reflect that. Especially considering how many more events have been added https://github.com/hashcat/hashcat/blob/1184ae1cddb3a1e801649b3f3ebda0b006c8de61/include/types.h#L97
I hope that gives you some ideas. Sorry I haven't fully developed this more. Feel free to post any other question you have.
No worries, this is a private FOSS project after all ;). I use the lock to prevent having to actively wait in a loop until HC finishes. I acquire it at the start of run_hashcat and only release it after/during the callback for EVENT_CRACKER_HASH_CRACKED is called. I don't actually use any threading, so there shouldn't be any race conditions. Also, the worst that could happen (I think) is that the file is empty/locked by hashcat.
Also, if I use a loop (like in test.py) I have to use either the
if hc.status_get_status_string() == "Cracked": check or set a global variable that is then changed in the callback (a lock, basically).
Here is a modified version using a loop, I still get the error.
Using default hash (140295857923136, 'EVENT_CRACKER_FINISHED') (140295857923136, 'EVENT_CRACKER_FINISHED') (140295857923136, 'EVENT_CRACKER_FINISHED') Traceback (most recent call last): File "./benchmark_test.py", line 70, in
for line in f.readlines(): (140295857923136, 'EVENT_CRACKER_HASH_CRACKED') SystemError: Python/getargs.c:1461: bad argument to internal function
If I add a sleep(30) (and the import) after the run_hashcat() call, I get
$ ./benchmark_test.py Using default hash (140411668427840, 'EVENT_CRACKER_FINISHED') (140411668427840, 'EVENT_CRACKER_FINISHED') (140411668427840, 'EVENT_CRACKER_FINISHED') Traceback (most recent call last): File "./benchmark_test.py", line 68, in
sleep(30) SystemError: Python/getargs.c:1461: bad argument to internal function
Oh I see what you're doing now. The getargs.c error is weird. Are you sure you're default Python version is 2.X? Try running benchmark with python2 benchmark.py
and see what happens? My guess is maybe your system is defaulting to Python 3. Just a guess though.
No, my default version is infact python3. But the shebang is set to python2, so that shouldn't be a problem. But just to make sure I ran it with python2 explictly:
$ python2 benchmark.py Using default hash (140719201428856, 'EVENT_CRACKER_FINISHED') (140719201428856, 'EVENT_CRACKER_FINISHED') (140719201428856, 'EVENT_CRACKER_FINISHED') (140719201428856, 'EVENT_CRACKER_HASH_CRACKED') Traceback (most recent call last): File "benchmark.py", line 76, in
for line in f.readlines(): SystemError: Python/getargs.c:1461: bad argument to internal function
I tried testing it on another machine (VMs don't work, obviously), but I only have an old ATI card laying around, which hashcat didn't like. I'll try to find another machine I can run this on, I'll report back if I can get it to work.
Thanks! I'll push some changes up in the next few days that might help some.
Ok. I finally got around to pushing the updates. I was getting the same getargs error you were, and honestly I'm not sure what prompted it. Maybe changes to hashcat. There's a lot of messing with memory involved in this project so the bugs are hard to track down sometimes. I made some changes and added a benchmark.py script that might be helpful. The only reason I could come up with for the getarg error in the test.py is that it was trying to access a file, outfile.txt, that didn't exist. I'm sure there are more bugs.
Thanks for the update. Finally had some time to try it out today. Unfortunately, the problem is still present. Actually, even just appending a sleep(5) to the new bruteforce.py triggers the error for me.
$ python2 benchmark.py
---- pyhashcat Benchmark ----
[!] Hashcat object init with id: 140306888521288 [!] cb_id finished: 1001 [!] cb_id benchmark_status: 1002 [!] Starting Benchmark Mode [+] Running hashcat [.] Workload profile 3 HashType: MD5 Speed.Dev.# 0 .....: 11189.5 M H/s ( 47.7448414118 ms) HashType: SHA1 Speed.Dev.# 0 .....: 4479.7 M H/s ( 59.8192169412 ms) HashType: SHA-256 Speed.Dev.# 0 .....: 1701.1 M H/s ( 78.7652517647 ms) HashType: SHA-512 Speed.Dev.# 0 .....: 535.0 M H/s ( 63.3532367059 ms) HashType: WPA/WPA2 Speed.Dev.# 0 .....: 226.0 k H/s ( 72.1499906667 ms) HashType: NTLM Speed.Dev.# 0 .....: 23741.7 M H/s ( 22.6031454118 ms) HashType: LM Speed.Dev.# 0 .....: 10779.7 M H/s ( 95.4923087059 ms) HashType: NetNTLMv1 / NetNTLMv1+ESS Speed.Dev.# 0 .....: 12394.4 M H/s ( 44.3462174118 ms) HashType: NetNTLMv2 Speed.Dev.# 0 .....: 957.8 M H/s ( 69.6072301176 ms) HashType: descrypt, DES (Unix), Traditional DES Speed.Dev.# 0 .....: 530.6 M H/s ( 64.1816301176 ms) HashType: md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) Speed.Dev.# 0 .....: 5846.9 k H/s ( 43.7721449412 ms) HashType: bcrypt $2*$, Blowfish (Unix) Speed.Dev.# 0 .....: 8485 H/s ( 29.3610656 ms) HashType: sha512crypt $6$, SHA512 (Unix) Speed.Dev.# 0 .....: 86457 H/s ( 75.3165697778 ms) HashType: Kerberos 5 AS-REQ Pre-Auth etype 23 Speed.Dev.# 0 .....: 158.2 M H/s ( 49.8254512941 ms) HashType: Kerberos 5 TGS-REP etype 23 Speed.Dev.# 0 .....: 158.2 M H/s ( 50.9783905882 ms) HashType: DPAPI masterkey file v1 Speed.Dev.# 0 .....: 38291 H/s ( 72.6945092063 ms) HashType: DPAPI masterkey file v2 Speed.Dev.# 0 .....: 25448 H/s ( 80.4814805714 ms) HashType: macOS v10.8+ (PBKDF2-SHA512) Speed.Dev.# 0 .....: 6274 H/s ( 75.7877298286 ms) HashType: 7-Zip Speed.Dev.# 0 .....: 4267 H/s ( 15.20779975 ms) HashType: RAR3-hp Speed.Dev.# 0 .....: 22150 H/s ( 23.546253 ms) HashType: RAR5 Speed.Dev.# 0 .....: 19072 H/s ( 53.5414644301 ms) HashType: TrueCrypt PBKDF2-HMAC-RIPEMD160 + XTS 512 bit Speed.Dev.# 0 .....: 157.5 k H/s ( 49.8733255385 ms) HashType: KeePass 1 (AES/Twofish) and KeePass 2 (AES) Speed.Dev.# 0 .....: 78157 H/s ( 141.118264 ms) HashType: LastPass + LastPass sniffed Speed.Dev.# 0 .....: 1227.7 k H/s ( 52.1833167059 ms) HashType: Bitcoin/Litecoin wallet.dat Speed.Dev.# 0 .....: 2404 H/s ( 69.3004714667 ms) Traceback (most recent call last): File "benchmark.py", line 49, in
sleep(5) SystemError: Python/getargs.c:1461: bad argument to internal function
Yep. I can reproduce by adding sleep(5). I think I'll have to compile a debug version of hashcat, python, and run it through a debugger. It's a weird CPython error I think. I found a few other places where people posted similar errors, but no good solutions. I might also try porting to Python 3 also to see if that the issue continues. In short, I have no idea what's causing it at the moment.
Actually, I might have figured it out. Please pull the latest and test again when you get a chance. Make sure to remove the build directory (pyhashcat/pyhashcat/build), re-compile, and re-install just to make sure the changes take, and let me know if you still get the "bad argument" error.
Yes, this did indeed fix the getargs error, thanks. The segfault I mentioned in the first message still persists if the script ends immediatly after the EVENT_CRACKER_HASH_CRACKED, but that can easily be worked around (sleep(1) or similar).
Great. Thanks for testing. The segfault I think is because python is exiting prior to libhashcat completing a session so there's some memory access issues. So the work around was just sleeping for a bit to allow for that. There are some cleanup functions that need to be called as shown in the main.c file in the main hashcat repo. That's something I'll work on next. You can also try waiting to exit on the outer loop finish event and see if that works.
Closing unless you have any objections.
(Possible dup of #23, but I decided to open a new bug report because of other discussions in that one). I get really weird errors when trying to use this module. My best guess is that some value that shouldn't be modified is overwritten in the interpreter.
benchmark.py can be found here: https://pastebin.com/raw/4nDqm9de The odd thing is, whenever I modify the file (change the printing of the results, switch the Lock to a sleep(30), etc.), the error "happens" somewhere else.
Also, sometimes I get a segfault after the error, which might be related.