Closed abidmaria closed 1 year ago
I can't reproduce the segmentation fault, too, but I have an idea. It may related to the combination zsh & sudo. Which version of sudo and zsh do you use?
Hello , thank you for your feedback , below is the output :
Sudo version : └─$ sudo -V Sudo version 1.9.11p3 Sudoers policy plugin version 1.9.11p3 Sudoers file grammar version 48 Sudoers I/O plugin version 1.9.11p3 Sudoers audit plugin version 1.9.11p3
zsh version :
└─$ zsh --version zsh 5.9 (x86_64-debian-linux-gnu)
Thanks. Maybe your problem is related to this one: https://github.com/nmap/nmap/issues/2482 because hcxdumptool/hcxtools using OpenSSL 3, too. But I'm not sure.
Started another test. This time hcxdumptool is compiled with debug options (Makefile: -ggdb -fsanitize=address):
CC ?= gcc
CFLAGS ?= -O3 -Wall -Wextra
CFLAGS ?= -ggdb -fsanitize=address
CFLAGS += -std=gnu99
still no segmentation fault.
Please do a fresh git clone: $ git clone https://github.com/ZerBea/hcxdumptool Than replace the Makefile with the attached one (need to be decompressed): Makefile.zip than run $ make followed by when finished run hcxdumptool: $ sudo ./hcxdumptool -i wlan0 -o output.pcapng --enable_status=15 If it crashed, please comment the crash report.
Thank you, for the first command i got this error :
└─$ git clone https://github.com/ZerBea/hcxdumptool
fatal: destination path 'hcxdumptool' already exists and is not an empty directory.
can i proceed with Makefile replacement ?
Ok, there is already a git clone on your system so you can proceed with the replacement.
Just rename the old Makefile to Makefile.old That will make it easier to go back.
Thank you for your feedback , below is the output :
──(dimitri㉿kali)-[~/hcxdumptool]
└─$ make
make: Nothing to be done for 'all'.
┌──(dimitri㉿kali)-[~/hcxdumptool] └─$
since i got the above error , so i put make clean
└─$ make clean rm -f .deps/hcxdumptool.d rm -f hcxdumptool rm -f .deps/hcxpioff.d rm -f hcxpioff rm -rf .deps rm -f .o ~
then make
─$ make
mkdir -p .deps
cc -O3 -Wall -Wextra -std=gnu99 -MMD -MF .deps/hcxdumptool.d -o hcxdumptool hcxdumptool.c -lssl -lcrypto -DVERSION_TAG=\"6.2.7-22-gc65aac5\" -DVERSION_YEAR=\"2022\"
cc -O3 -Wall -Wextra -std=gnu99 -MMD -MF .deps/hcxpioff.d -o hcxpioff hcxpioff.c -DVERSION_TAG=\"6.2.7-22-gc65aac5\" -DVERSION_YEAR=\"2022\"
same issue :
┌──(dimitri㉿kali)-[~/hcxdumptool] └─$ sudo ./hcxdumptool -i wlan0 -o output.pcapng --enable_status=15 initialization of hcxdumptool 6.2.7-22-gc65aac5 (depending on the capabilities of the device, this may take some time)... interface is already in monitor mode, skipping ioctl(SIOCSIWMODE) and ioctl(SIOCSIFFLAGS) system calls
start capturing (stop with ctrl+c) NMEA 0183 PROTOCOL........: N/A PHYSICAL INTERFACE........: phy0 INTERFACE NAME............: wlan0 INTERFACE PROTOCOL........: IEEE 802.11b INTERFACE TX POWER........: 0 dBm (lowest value reported by the device) INTERFACE HARDWARE MAC....: 1c61b41fb584 (not used for the attack) INTERFACE VIRTUAL MAC.....: 463aaf7b7d52 (not used for the attack) DRIVER....................: rtl88XXau (this driver is not recommended - expect driver errors) DRIVER VERSION............: 6.0.0-kali3-amd64 DRIVER FIRMWARE VERSION...: openSSL version...........: 1.0 ERRORMAX..................: 100 errors BPF code blocks...........: 0 FILTERLIST ACCESS POINT...: 0 entries FILTERLIST CLIENT.........: 0 entries FILTERMODE................: unused WEAK CANDIDATE............: 12345678 ESSID list................: 0 entries ACCESS POINT (ROGUE)......: 0084ed18cae4 (BROADCAST WILDCARD used for the attack) ACCESS POINT (ROGUE)......: 0084ed18cae5 (BROADCAST OPEN used for the attack) ACCESS POINT (ROGUE)......: 0084ed18cae6 (used for the attack and incremented on every new client) CLIENT (ROGUE)............: dc7014bcde2f EAPOLTIMEOUT..............: 20000 usec EAPOLEAPTIMEOUT...........: 2500000 usec REPLAYCOUNT...............: 65187 ANONCE....................: bdaac08097017e052d2948d0f2611d87e03fa6afbb9e110008db09a72b53c8a4 SNONCE....................: 2163f48efcdfdf46659ddfd6fdd6bfdbb1a13fbeb13a233e2950ad7b09c85a29
TIME FREQ/CH MAC_DEST MAC_SOURCE ESSID [FRAME TYPE] 14:02:46 2412/1 ffffffffffff 0ac895297449 wifi_1 [BEACON] ... ... ...
zsh: segmentation fault sudo ./hcxdumptool -i wlan0 -o output.pcapng --enable_status=15
Ok,thanks. There is no debug information from hcxdumptool so it could be either the zsh or sudo that caused the segmentation fault. Please move to su and start hcxdumtool again $ su $ ./hcxdumptool -i wlan0 -o output.pcapng --enable_status=15
Thank for your feedback and support : below is the output :
┌──(dimitri㉿kali)-[~] └─$ su Password: su: Authentication failure
i don't know the password's root ..so i have executed the command sudo su
┌──(dimitri㉿kali)-[~] └─$ sudo su
then : ┌──(root㉿kali)-[/home/dimitri] └─# ./hcxdumptool -i wlan0 -o output.pcapng --enable_status=15 zsh: permission denied: ./hcxdumptool
┌──(root㉿kali)-[/home/dimitri] └─#
Thanks
Ok, please try this: $ sudo ls Do you get a segmentation fault when trying to list the content of the directory?
Now I'm sure your issue is related to sudo/su (not to hcxdumptool or zsh) like this issue, mentioned here: https://bbs.archlinux.org/viewtopic.php?id=257278 That caused the segmentation fault due to insufficient permissions.
Thank you , below is the output , i didn't get segmentation list when trying to list the content
┌──(dimitri㉿kali)-[~] └─$ sudo ls [sudo] password for dimitri: Desktop Documents Downloads hcxdumptool Music Pictures Public Templates test Videos
┌──(dimitri㉿kali)-[~] └─$
Ok, but ls is a short command. Maybe it take awhile until the segmentation fault occurs.
Can you provide a dmesg log? $ sudo dmesg > /tmp/dmesg.txt
BTW: Running a MediaTek or a Ralink chipset will not solve the segmentation error. There is something broken in KALI rights management.
Hi, mine also have the same problem, run for 2-5 minute and segmentation fault
┌──(root㉿kali)-[/home/kali] └─# sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=15 initialization of hcxdumptool 6.2.7-17-g87fcd83 (depending on the capabilities of the device, this may take some time)... interface is already in monitor mode, skipping ioctl(SIOCSIWMODE) and ioctl(SIOCSIFFLAGS) system calls
start capturing (stop with ctrl+c) NMEA 0183 PROTOCOL........: N/A PHYSICAL INTERFACE........: phy0 INTERFACE NAME............: wlan0 INTERFACE PROTOCOL........: IEEE 802.11 INTERFACE TX POWER........: 20 dBm (lowest value reported by the device) INTERFACE HARDWARE MAC....: 00c0ca9897d7 (not used for the attack) INTERFACE VIRTUAL MAC.....: 00c0ca9897d7 (not used for the attack) DRIVER....................: ath9k_htc (this driver is not recommended - expect driver errors) DRIVER VERSION............: 6.0.0-kali3-amd64 DRIVER FIRMWARE VERSION...: 1.4 openSSL version...........: 1.0 ERRORMAX..................: 100 errors BPF code blocks...........: 0 FILTERLIST ACCESS POINT...: 0 entries FILTERLIST CLIENT.........: 0 entries FILTERMODE................: unused WEAK CANDIDATE............: 12345678 ESSID list................: 0 entries ACCESS POINT (ROGUE)......: 20d160093b17 (BROADCAST WILDCARD used for the attack) ACCESS POINT (ROGUE)......: 20d160093b18 (BROADCAST OPEN used for the attack) ACCESS POINT (ROGUE)......: 20d160093b19 (used for the attack and incremented on every new client) CLIENT (ROGUE)............: b4e1ebf93309 EAPOLTIMEOUT..............: 20000 usec EAPOLEAPTIMEOUT...........: 2500000 usec REPLAYCOUNT...............: 64663 ANONCE....................: 29f2cc327ab0545f03fd81dd340f0a4591e59052be4c9f01e42eec8a70d3622e SNONCE....................: 4833d8f426411dedb90c6da3e43349b238dd190b0313aba27e670c21997b9873
TIME FREQ/CH MAC_DEST MAC_SOURCE ESSID [FRAME TYPE] 12:52:54 2412/1 ffffffffffff a0a3f0992060 shafiq@eyra@unifi [BEACON] 12:52:54 2412/1 ffffffffffff d44f67d66c64 annac [BEACON] 12:52:54 2412/1 ffffffffffff ceb1825579c4 Nathan House_2.4 [BEACON] ... ... ... 12:54:06 2432/5 72209e44f974 98dac408bb93 liang ah peng-TIME2.4GHz [AUTHENTICATION] 12:54:06 2432/5 72209e44f974 98dac408bb93 liang ah peng-TIME2.4GHz [ASSOCIATION] zsh: segmentation fault sudo hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon
sudo dmesg > /tmp/dmesg.txt
Hello , thank you for feedback , below is the dmesg log
` [ 0.000000] Linux version 6.0.0-kali3-amd64 (devel@kali.org) (gcc-12 (Debian 12.2.0-3) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC Debian 6.0.7-1kali1 (2022-11-07) [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.0.0-kali3-amd64 root=UUID=569fc278-60cb-4708-83d2-2a9575bd56f1 ro quiet splash [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[ 0.000000] signal: max sigframe size: 1776
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
[ 0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000023ebfffff] usable
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] SMBIOS 2.5 present.
[ 0.000000] DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 0.000000] Hypervisor detected: KVM
[ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
[ 0.000003] kvm-clock: using sched offset of 12700398123 cycles
[ 0.000006] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.000011] tsc: Detected 2304.000 MHz processor
[ 0.003369] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[ 0.003377] e820: remove [mem 0x000a0000-0x000fffff] usable
[ 0.003385] last_pfn = 0x23ec00 max_arch_pfn = 0x400000000
[ 0.003400] Disabled
[ 0.003402] x86/PAT: MTRRs disabled, skipping PAT initialization too.
[ 0.003405] CPU MTRRs all blank - virtualized system.
[ 0.003409] x86/PAT: Configuration [0-7]: WB WT UC- UC WB WT UC- UC
[ 0.003416] last_pfn = 0xdfff0 max_arch_pfn = 0x400000000
[ 0.003479] found SMP MP-table at [mem 0x0009fff0-0x0009ffff]
[ 0.004544] RAMDISK: [mem 0x2faa1000-0x33d47fff]
[ 0.004552] ACPI: Early table checksum verification disabled
[ 0.004556] ACPI: RSDP 0x00000000000E0000 000024 (v02 VBOX )
[ 0.004563] ACPI: XSDT 0x00000000DFFF0030 00003C (v01 VBOX VBOXXSDT 00000001 ASL 00000061)
[ 0.004571] ACPI: FACP 0x00000000DFFF00F0 0000F4 (v04 VBOX VBOXFACP 00000001 ASL 00000061)
[ 0.004579] ACPI: DSDT 0x00000000DFFF0610 002353 (v02 VBOX VBOXBIOS 00000002 INTL 20100528)
[ 0.004585] ACPI: FACS 0x00000000DFFF0200 000040
[ 0.004590] ACPI: FACS 0x00000000DFFF0200 000040
[ 0.004595] ACPI: APIC 0x00000000DFFF0240 000054 (v02 VBOX VBOXAPIC 00000001 ASL 00000061)
[ 0.004601] ACPI: SSDT 0x00000000DFFF02A0 00036C (v01 VBOX VBOXCPUT 00000002 INTL 20100528)
[ 0.004606] ACPI: Reserving FACP table memory at [mem 0xdfff00f0-0xdfff01e3]
[ 0.004608] ACPI: Reserving DSDT table memory at [mem 0xdfff0610-0xdfff2962]
[ 0.004610] ACPI: Reserving FACS table memory at [mem 0xdfff0200-0xdfff023f]
[ 0.004611] ACPI: Reserving FACS table memory at [mem 0xdfff0200-0xdfff023f]
[ 0.004613] ACPI: Reserving APIC table memory at [mem 0xdfff0240-0xdfff0293]
[ 0.004614] ACPI: Reserving SSDT table memory at [mem 0xdfff02a0-0xdfff060b]
[ 0.004902] No NUMA configuration found
[ 0.004904] Faking a node at [mem 0x0000000000000000-0x000000023ebfffff]
[ 0.004916] NODE_DATA(0) allocated [mem 0x23ebd1000-0x23ebfbfff]
[ 0.005441] Zone ranges:
[ 0.005442] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.005446] DMA32 [mem 0x0000000001000000-0x00000000ffffffff]
[ 0.005449] Normal [mem 0x0000000100000000-0x000000023ebfffff]
[ 0.005451] Device empty
[ 0.005453] Movable zone start for each node
[ 0.005457] Early memory node ranges
[ 0.005458] node 0: [mem 0x0000000000001000-0x000000000009efff]
[ 0.005460] node 0: [mem 0x0000000000100000-0x00000000dffeffff]
[ 0.005463] node 0: [mem 0x0000000100000000-0x000000023ebfffff]
[ 0.005466] Initmem setup node 0 [mem 0x0000000000001000-0x000000023ebfffff]
[ 0.005552] On node 0, zone DMA: 1 pages in unavailable ranges
[ 0.005603] On node 0, zone DMA: 97 pages in unavailable ranges
[ 0.019182] On node 0, zone Normal: 16 pages in unavailable ranges
[ 0.019361] On node 0, zone Normal: 5120 pages in unavailable ranges
[ 0.020067] ACPI: PM-Timer IO Port: 0x4008
[ 0.020152] IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23
[ 0.020156] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[ 0.020159] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level)
[ 0.020166] ACPI: Using ACPI (MADT) for SMP configuration information
[ 0.020175] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
[ 0.020203] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
[ 0.020206] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
[ 0.020208] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
[ 0.020209] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
[ 0.020211] PM: hibernation: Registered nosave memory: [mem 0xdfff0000-0xdfffffff]
[ 0.020213] PM: hibernation: Registered nosave memory: [mem 0xe0000000-0xfebfffff]
[ 0.020214] PM: hibernation: Registered nosave memory: [mem 0xfec00000-0xfec00fff]
[ 0.020216] PM: hibernation: Registered nosave memory: [mem 0xfec01000-0xfedfffff]
[ 0.020217] PM: hibernation: Registered nosave memory: [mem 0xfee00000-0xfee00fff]
[ 0.020219] PM: hibernation: Registered nosave memory: [mem 0xfee01000-0xfffbffff]
[ 0.020220] PM: hibernation: Registered nosave memory: [mem 0xfffc0000-0xffffffff]
[ 0.020223] [mem 0xe0000000-0xfebfffff] available for PCI devices
[ 0.020225] Booting paravirtualized kernel on KVM
[ 0.020227] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[ 0.025741] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
[ 0.025956] percpu: Embedded 61 pages/cpu s212992 r8192 d28672 u2097152
[ 0.025965] pcpu-alloc: s212992 r8192 d28672 u2097152 alloc=12097152
[ 0.025969] pcpu-alloc: [0] 0
[ 0.026006] kvm-guest: PV spinlocks disabled, single CPU
[ 0.026012] Fallback order for Node 0: 0
[ 0.026017] Built 1 zonelists, mobility grouping on. Total pages: 2188096
[ 0.026019] Policy zone: Normal
[ 0.026021] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.0.0-kali3-amd64 root=UUID=569fc278-60cb-4708-83d2-2a9575bd56f1 ro quiet splash
[ 0.026108] Unknown kernel command line parameters "splash BOOT_IMAGE=/boot/vmlinuz-6.0.0-kali3-amd64", will be passed to user space.
[ 0.027834] Dentry cache hash table entries: 2097152 (order: 12, 16777216 bytes, linear)
[ 0.028682] Inode-cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear)
[ 0.028738] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
[ 0.028744] software IO TLB: area num 1.
[ 0.065634] Memory: 3626988K/8891960K available (12294K kernel code, 2263K rwdata, 8856K rodata, 2736K init, 5404K bss, 338496K reserved, 0K cma-reserved)
[ 0.066961] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.067016] Kernel/User page tables isolation: enabled
[ 0.067043] ftrace: allocating 39252 entries in 154 pages
[ 0.077641] ftrace: allocated 154 pages with 4 groups
[ 0.078562] Dynamic Preempt: voluntary
[ 0.078749] rcu: Preemptible hierarchical RCU implementation.
[ 0.078750] rcu: RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=1.
[ 0.078753] Trampoline variant of Tasks RCU enabled.
[ 0.078754] Rude variant of Tasks RCU enabled.
[ 0.078755] Tracing variant of Tasks RCU enabled.
[ 0.078756] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
[ 0.078757] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[ 0.087037] NR_IRQS: 524544, nr_irqs: 256, preallocated irqs: 16
[ 0.087290] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[ 0.087407] random: crng init done
[ 0.103853] Console: colour VGA+ 80x25
[ 0.103876] printk: console [tty0] enabled
[ 0.103900] ACPI: Core revision 20220331
[ 0.104050] APIC: Switch to symmetric I/O mode setup
[ 0.104498] x2apic enabled
[ 0.104908] Switched APIC routing to physical x2apic.
[ 0.106783] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 0.106824] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2135f7c97c8, max_idle_ns: 440795273205 ns
[ 0.106833] Calibrating delay loop (skipped) preset value.. 4608.00 BogoMIPS (lpj=9216000)
[ 0.106838] pid_max: default: 32768 minimum: 301
[ 0.106874] LSM: Security Framework initializing
[ 0.106891] landlock: Up and running.
[ 0.106893] Yama: disabled by default; enable with sysctl kernel.yama.
[ 0.106924] AppArmor: AppArmor initialized
[ 0.106927] TOMOYO Linux initialized
[ 0.106934] LSM support for eBPF active
[ 0.107091] Mount-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[ 0.107122] Mountpoint-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[ 0.107608] process: using mwait in idle threads
[ 0.107615] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8
[ 0.107617] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4
[ 0.107623] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 0.107625] Spectre V2 : Mitigation: Retpolines
[ 0.107627] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 0.107628] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[ 0.107630] RETBleed: WARNING: Spectre v2 mitigation leaves CPU vulnerable to RETBleed attacks, data leaks possible!
[ 0.110836] RETBleed: Vulnerable
[ 0.110838] Speculative Store Bypass: Vulnerable
[ 0.110847] MDS: Mitigation: Clear CPU buffers
[ 0.110848] MMIO Stale Data: Mitigation: Clear CPU buffers
[ 0.110850] SRBDS: Unknown: Dependent on hypervisor status
[ 0.139282] Freeing SMP alternatives memory: 32K
[ 0.246829] smpboot: CPU0: Intel(R) Core(TM) i3-7020U CPU @ 2.30GHz (family: 0x6, model: 0x8e, stepping: 0xa)
[ 0.246829] cblist_init_generic: Setting adjustable number of callback queues.
[ 0.246829] cblist_init_generic: Setting shift to 0 and lim to 1.
[ 0.246829] cblist_init_generic: Setting shift to 0 and lim to 1.
[ 0.246829] cblist_init_generic: Setting shift to 0 and lim to 1.
[ 0.246829] Performance Events: unsupported p6 CPU model 142 no PMU driver, software events only.
[ 0.246829] rcu: Hierarchical SRCU implementation.
[ 0.246829] rcu: Max phase no-delay instances is 1000.
[ 0.246829] NMI watchdog: Perf NMI watchdog permanently disabled
[ 0.246829] smp: Bringing up secondary CPUs ...
[ 0.246829] smp: Brought up 1 node, 1 CPU
[ 0.246829] smpboot: Max logical packages: 1
[ 0.246829] smpboot: Total of 1 processors activated (4608.00 BogoMIPS)
[ 0.267152] node 0 deferred pages initialised in 24ms
[ 0.267547] devtmpfs: initialized
[ 0.267611] x86/mm: Memory block size: 128MB
[ 0.268894] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[ 0.268901] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
[ 0.268945] pinctrl core: initialized pinctrl subsystem
[ 0.269609] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 0.270004] DMA: preallocated 2048 KiB GFP_KERNEL pool for atomic allocations
[ 0.270158] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[ 0.270380] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[ 0.270403] audit: initializing netlink subsys (disabled)
[ 0.270598] thermal_sys: Registered thermal governor 'fair_share'
[ 0.270600] thermal_sys: Registered thermal governor 'bang_bang'
[ 0.270602] thermal_sys: Registered thermal governor 'step_wise'
[ 0.270603] thermal_sys: Registered thermal governor 'user_space'
[ 0.270604] thermal_sys: Registered thermal governor 'power_allocator'
[ 0.270610] cpuidle: using governor ladder
[ 0.270612] cpuidle: using governor menu
[ 0.270666] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[ 0.270955] PCI: Using configuration type 1 for base access
[ 0.272417] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[ 0.272447] audit: type=2000 audit(1669188535.374:1): state=initialized audit_enabled=0 res=1
[ 0.306563] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
[ 0.306566] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
[ 0.306992] ACPI: Added _OSI(Module Device)
[ 0.306995] ACPI: Added _OSI(Processor Device)
[ 0.306996] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 0.306998] ACPI: Added _OSI(Processor Aggregator Device)
[ 0.307000] ACPI: Added _OSI(Linux-Dell-Video)
[ 0.307002] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[ 0.307003] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[ 0.309433] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 0.311441] ACPI: Interpreter enabled
[ 0.311454] ACPI: PM: (supports S0 S5)
[ 0.311456] ACPI: Using IOAPIC for interrupt routing
[ 0.311697] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 0.311699] PCI: Using E820 reservations for host bridge windows
[ 0.311875] ACPI: Enabled 2 GPEs in block 00 to 07
[ 0.319983] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 0.319994] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3]
[ 0.319999] acpi PNP0A03:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI]
[ 0.320729] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 0.321444] PCI host bridge to bus 0000:00
[ 0.321448] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 0.321453] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 0.321456] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 0.321460] pci_bus 0000:00: root bus resource [mem 0xe0000000-0xfdffffff window]
[ 0.321464] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 0.321857] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
[ 0.322834] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
[ 0.324145] pci 0000:00:01.1: [8086:7111] type 00 class 0x01018a
[ 0.324851] pci 0000:00:01.1: reg 0x20: [io 0xd000-0xd00f]
[ 0.325143] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
[ 0.325147] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
[ 0.325150] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
[ 0.325153] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
[ 0.325467] pci 0000:00:02.0: [15ad:0405] type 00 class 0x030000
[ 0.327268] pci 0000:00:02.0: reg 0x10: [io 0xd010-0xd01f]
[ 0.331174] pci 0000:00:02.0: reg 0x14: [mem 0xe0000000-0xe0ffffff pref]
[ 0.335165] pci 0000:00:02.0: reg 0x18: [mem 0xf0000000-0xf01fffff]
[ 0.354899] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[ 0.355312] pci 0000:00:03.0: [8086:100e] type 00 class 0x020000
[ 0.362958] pci 0000:00:03.0: reg 0x10: [mem 0xf0200000-0xf021ffff]
[ 0.370946] pci 0000:00:03.0: reg 0x18: [io 0xd020-0xd027]
[ 0.390886] pci 0000:00:04.0: [80ee:cafe] type 00 class 0x088000
[ 0.394931] pci 0000:00:04.0: reg 0x10: [io 0xd040-0xd05f]
[ 0.398929] pci 0000:00:04.0: reg 0x14: [mem 0xf0400000-0xf07fffff]
[ 0.402929] pci 0000:00:04.0: reg 0x18: [mem 0xf0800000-0xf0803fff pref]
[ 0.419225] pci 0000:00:05.0: [8086:2415] type 00 class 0x040100
[ 0.419434] pci 0000:00:05.0: reg 0x10: [io 0xd100-0xd1ff]
[ 0.419538] pci 0000:00:05.0: reg 0x14: [io 0xd200-0xd23f]
[ 0.420345] pci 0000:00:06.0: [106b:003f] type 00 class 0x0c0310
[ 0.422952] pci 0000:00:06.0: reg 0x10: [mem 0xf0804000-0xf0804fff]
[ 0.450972] pci 0000:00:07.0: [8086:7113] type 00 class 0x068000
[ 0.451821] pci 0000:00:07.0: quirk: [io 0x4000-0x403f] claimed by PIIX4 ACPI
[ 0.451838] pci 0000:00:07.0: quirk: [io 0x4100-0x410f] claimed by PIIX4 SMB
[ 0.452210] pci 0000:00:0b.0: [8086:265c] type 00 class 0x0c0320
[ 0.454962] pci 0000:00:0b.0: reg 0x10: [mem 0xf0805000-0xf0805fff]
[ 0.482978] pci 0000:00:0d.0: [8086:2829] type 00 class 0x010601
[ 0.486963] pci 0000:00:0d.0: reg 0x10: [io 0xd240-0xd247]
[ 0.490940] pci 0000:00:0d.0: reg 0x14: [io 0xd248-0xd24b]
[ 0.494959] pci 0000:00:0d.0: reg 0x18: [io 0xd250-0xd257]
[ 0.498968] pci 0000:00:0d.0: reg 0x1c: [io 0xd258-0xd25b]
[ 0.502987] pci 0000:00:0d.0: reg 0x20: [io 0xd260-0xd26f]
[ 0.506941] pci 0000:00:0d.0: reg 0x24: [mem 0xf0806000-0xf0807fff]
[ 0.516122] ACPI: PCI: Interrupt link LNKA configured for IRQ 11
[ 0.516476] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
[ 0.516606] ACPI: PCI: Interrupt link LNKC configured for IRQ 9
[ 0.516735] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
[ 0.516972] iommu: Default domain type: Translated
[ 0.516974] iommu: DMA domain TLB invalidation policy: lazy mode
[ 0.517057] EDAC MC: Ver: 3.0.0
[ 0.517722] NetLabel: Initializing
[ 0.517724] NetLabel: domain hash size = 128
[ 0.517725] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 0.517751] NetLabel: unlabeled traffic allowed by default
[ 0.517753] PCI: Using ACPI for IRQ routing
[ 0.517754] PCI: pci_cache_line_size set to 64 bytes
[ 0.518077] e820: reserve RAM buffer [mem 0x0009fc00-0x0009ffff]
[ 0.518080] e820: reserve RAM buffer [mem 0xdfff0000-0xdfffffff]
[ 0.518082] e820: reserve RAM buffer [mem 0x23ec00000-0x23fffffff]
[ 0.518138] pci 0000:00:02.0: vgaarb: setting as boot VGA device
[ 0.518141] pci 0000:00:02.0: vgaarb: bridge control possible
[ 0.518143] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[ 0.518147] vgaarb: loaded
[ 0.519447] clocksource: Switched to clocksource kvm-clock
[ 0.531644] VFS: Disk quotas dquot_6.6.0
[ 0.531661] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.531824] AppArmor: AppArmor Filesystem Enabled
[ 0.531846] pnp: PnP ACPI init
[ 0.532989] pnp: PnP ACPI: found 2 devices
[ 0.539459] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[ 0.539700] NET: Registered PF_INET protocol family
[ 0.539951] IP idents hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[ 0.544184] tcp_listen_portaddr_hash hash table entries: 8192 (order: 5, 131072 bytes, linear)
[ 0.544218] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 0.544284] TCP established hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[ 0.544581] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes, linear)
[ 0.544674] TCP: Hash tables configured (established 131072 bind 65536)
[ 0.544809] MPTCP token hash table entries: 16384 (order: 6, 393216 bytes, linear)
[ 0.544872] UDP hash table entries: 8192 (order: 6, 262144 bytes, linear)
[ 0.544946] UDP-Lite hash table entries: 8192 (order: 6, 262144 bytes, linear)
[ 0.545014] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 0.545023] NET: Registered PF_XDP protocol family
[ 0.545034] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 0.545038] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 0.545040] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 0.545043] pci_bus 0000:00: resource 7 [mem 0xe0000000-0xfdffffff window]
[ 0.545103] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 0.548479] PCI: CLS 0 bytes, default 64
[ 0.548548] Trying to unpack rootfs image as initramfs...
[ 0.554896] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 0.554899] software IO TLB: mapped [mem 0x00000000dbff0000-0x00000000dfff0000] (64MB)
[ 0.554945] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x2135f7c97c8, max_idle_ns: 440795273205 ns
[ 0.554959] clocksource: Switched to clocksource tsc
[ 0.554992] platform rtc_cmos: registered platform RTC device (no PNP device found)
[ 0.555298] Initialise system trusted keyrings
[ 0.555307] Key type blacklist registered
[ 0.558960] workingset: timestamp_bits=36 max_order=22 bucket_order=0
[ 0.560959] zbud: loaded
[ 0.561177] integrity: Platform Keyring initialized
[ 0.561179] Key type asymmetric registered
[ 0.561181] Asymmetric key parser 'x509' registered
[ 1.234951] Freeing initrd memory: 68252K
[ 1.241678] alg: self-tests for CTR-KDF (hmac(sha256)) passed
[ 1.241701] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 250)
[ 1.241736] io scheduler mq-deadline registered
[ 1.242754] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 1.243059] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 1.243486] Linux agpgart interface v0.103
[ 1.243609] AMD-Vi: AMD IOMMUv2 functionality not available on this system - This is not a bug.
[ 1.243744] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f03:PS2M] at 0x60,0x64 irq 1,12
[ 1.244324] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 1.244331] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 1.244487] mousedev: PS/2 mouse device common for all mice
[ 1.244798] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
[ 1.245466] rtc_cmos rtc_cmos: registered as rtc0
[ 1.245514] rtc_cmos rtc_cmos: setting system clock to 2022-11-23T07:28:41 UTC (1669188521)
[ 1.245533] rtc_cmos rtc_cmos: alarms up to one day, 114 bytes nvram
[ 1.245542] intel_pstate: CPU model not supported
[ 1.245556] ledtrig-cpu: registered to indicate activity on CPUs
[ 1.260993] NET: Registered PF_INET6 protocol family
[ 1.267053] Segment Routing with IPv6
[ 1.267068] In-situ OAM (IOAM) with IPv6
[ 1.267098] mip6: Mobile IPv6
[ 1.267100] NET: Registered PF_PACKET protocol family
[ 1.267138] mpls_gso: MPLS GSO support
[ 1.267300] IPI shorthand broadcast: enabled
[ 1.267325] sched_clock: Marking stable (1247370434, 19476046)->(1266410402, 436078)
[ 1.267451] registered taskstats version 1
[ 1.267458] Loading compiled-in X.509 certificates
[ 1.363280] Loaded X.509 cert 'Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
[ 1.363303] Loaded X.509 cert 'Debian Secure Boot Signer 2022 - linux: 14011249c2675ea8e5148542202005810584b25f'
[ 1.363418] zswap: loaded using pool lzo/zbud
[ 1.363568] Key type ._fscrypt registered
[ 1.363570] Key type .fscrypt registered
[ 1.363571] Key type fscrypt-provisioning registered
[ 1.369378] Key type encrypted registered
[ 1.369384] AppArmor: AppArmor sha1 policy hashing enabled
[ 1.369395] ima: No TPM chip found, activating TPM-bypass!
[ 1.369401] ima: Allocated hash algorithm: sha256
[ 1.369412] ima: No architecture policies found
[ 1.369428] evm: Initialising EVM extended attributes:
[ 1.369429] evm: security.selinux
[ 1.369430] evm: security.SMACK64 (disabled)
[ 1.369432] evm: security.SMACK64EXEC (disabled)
[ 1.369433] evm: security.SMACK64TRANSMUTE (disabled)
[ 1.369434] evm: security.SMACK64MMAP (disabled)
[ 1.369435] evm: security.apparmor
[ 1.369436] evm: security.ima
[ 1.369437] evm: security.capability
[ 1.369438] evm: HMAC attrs: 0x1
[ 1.488514] Freeing unused decrypted memory: 2036K
[ 1.488994] Freeing unused kernel image (initmem) memory: 2736K
[ 1.489061] Write protecting the kernel read-only data: 24576k
[ 1.489655] Freeing unused kernel image (text/rodata gap) memory: 2040K
[ 1.489922] Freeing unused kernel image (rodata/data gap) memory: 1384K
[ 1.571711] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 1.571715] x86/mm: Checking user space page tables
[ 1.650875] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 1.650893] Run /init as init process
[ 1.650895] with arguments:
[ 1.650896] /init
[ 1.650898] splash
[ 1.650899] with environment:
[ 1.650900] HOME=/
[ 1.650901] TERM=linux
[ 1.650903] BOOT_IMAGE=/boot/vmlinuz-6.0.0-kali3-amd64
[ 1.939951] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
[ 1.942564] ACPI: video: Video Device [GFX0] (multi-head: yes rom: no post: no)
[ 1.942733] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/LNXVIDEO:00/input/input3
[ 1.947809] ACPI: battery: Slot [BAT0] (battery present)
[ 1.954924] ACPI: button: Power Button [PWRF]
[ 1.955051] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input4
[ 1.955081] ACPI: button: Sleep Button [SLPF]
[ 1.991606] piix4_smbus 0000:00:07.0: SMBus Host Controller at 0x4100, revision 0
[ 2.004177] cryptd: max_cpu_qlen set to 1000
[ 2.006263] AVX2 version of gcm_enc/dec engaged.
[ 2.006300] AES CTR mode by8 optimization enabled
[ 2.012757] e1000: Intel(R) PRO/1000 Network Driver
[ 2.012762] e1000: Copyright (c) 1999-2006 Intel Corporation.
[ 2.039918] SCSI subsystem initialized
[ 2.103961] ACPI: bus type USB registered
[ 2.103990] usbcore: registered new interface driver usbfs
[ 2.104002] usbcore: registered new interface driver hub
[ 2.104014] usbcore: registered new device driver usb
[ 2.106035] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 2.106333] ehci-pci: EHCI PCI platform driver
[ 2.107194] ehci-pci 0000:00:0b.0: EHCI Host Controller
[ 2.107220] ehci-pci 0000:00:0b.0: new USB bus registered, assigned bus number 1
[ 2.107765] ehci-pci 0000:00:0b.0: irq 19, io mem 0xf0805000
[ 2.110674] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 2.126489] ehci-pci 0000:00:0b.0: USB 2.0 started, EHCI 1.00
[ 2.126700] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.00
[ 2.126704] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 2.126707] usb usb1: Product: EHCI Host Controller
[ 2.126709] usb usb1: Manufacturer: Linux 6.0.0-kali3-amd64 ehci_hcd
[ 2.126711] usb usb1: SerialNumber: 0000:00:0b.0
[ 2.126934] hub 1-0:1.0: USB hub found
[ 2.126942] hub 1-0:1.0: 12 ports detected
[ 2.127730] ohci-pci: OHCI PCI platform driver
[ 2.128543] ohci-pci 0000:00:06.0: OHCI PCI host controller
[ 2.128551] ohci-pci 0000:00:06.0: new USB bus registered, assigned bus number 2
[ 2.128652] ohci-pci 0000:00:06.0: irq 22, io mem 0xf0804000
[ 2.131787] libata version 3.00 loaded.
[ 2.132464] ata_piix 0000:00:01.1: version 2.13
[ 2.135011] ahci 0000:00:0d.0: version 3.0
[ 2.135858] ahci 0000:00:0d.0: SSS flag set, parallel bus scan disabled
[ 2.136047] ahci 0000:00:0d.0: AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
[ 2.136052] ahci 0000:00:0d.0: flags: 64bit ncq stag only ccc
[ 2.146932] scsi host0: ata_piix
[ 2.150057] scsi host2: ata_piix
[ 2.150116] ata1: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0xd000 irq 14
[ 2.150119] ata2: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0xd008 irq 15
[ 2.151974] scsi host1: ahci
[ 2.152196] ata3: SATA max UDMA/133 abar m8192@0xf0806000 port 0xf0806100 irq 21
[ 2.167074] ACPI: bus type drm_connector registered
[ 2.188895] usb usb2: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.00
[ 2.188901] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 2.188904] usb usb2: Product: OHCI PCI host controller
[ 2.188906] usb usb2: Manufacturer: Linux 6.0.0-kali3-amd64 ohci_hcd
[ 2.188908] usb usb2: SerialNumber: 0000:00:06.0
[ 2.189232] hub 2-0:1.0: USB hub found
[ 2.189258] hub 2-0:1.0: 12 ports detected
[ 2.210332] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input5
[ 2.357689] ata2.01: ATAPI: VBOX CD-ROM, 1.0, max UDMA/133
[ 2.364176] scsi 2:0:1:0: CD-ROM VBOX CD-ROM 1.0 PQ: 0 ANSI: 5
[ 2.395515] usb 1-1: new high-speed USB device number 2 using ehci-pci
[ 2.591853] ata3: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[ 2.592065] ata3.00: ATA-6: VBOX HARDDISK, 1.0, max UDMA/133
[ 2.592073] ata3.00: 41943040 sectors, multi 128: LBA48 NCQ (depth 32)
[ 2.597493] ata3.00: configured for UDMA/133
[ 2.597578] scsi 1:0:0:0: Direct-Access ATA VBOX HARDDISK 1.0 PQ: 0 ANSI: 5
[ 2.684088] vmwgfx 0000:00:02.0: vgaarb: deactivate vga console
[ 2.685421] Console: switching to colour dummy device 80x25
[ 2.686269] vmwgfx 0000:00:02.0: [drm] FIFO at 0x00000000f0000000 size is 2048 kiB
[ 2.686283] vmwgfx 0000:00:02.0: [drm] VRAM at 0x00000000e0000000 size is 16384 kiB
[ 2.686295] vmwgfx 0000:00:02.0: [drm] Running on SVGA version 2.
[ 2.686304] vmwgfx 0000:00:02.0: [drm] Capabilities: rect copy, cursor, cursor bypass, cursor bypass 2, alpha cursor, extended fifo, pitchlock, irq mask, gmr, traces, gmr2, screen object 2, command buffers,
[ 2.686306] vmwgfx 0000:00:02.0: [drm] DMA map mode: Caching DMA mappings.
[ 2.686447] vmwgfx 0000:00:02.0: [drm] Legacy memory limits: VRAM = 16384 kB, FIFO = 2048 kB, surface = 507904 kB
[ 2.686450] vmwgfx 0000:00:02.0: [drm] MOB limits: max mob size = 0 kB, max mob pages = 0
[ 2.686453] vmwgfx 0000:00:02.0: [drm] Max GMR ids is 8192
[ 2.686455] vmwgfx 0000:00:02.0: [drm] Max number of GMR pages is 1048576
[ 2.686457] vmwgfx 0000:00:02.0: [drm] Maximum display memory size is 16384 kiB
[ 2.708780] vmwgfx 0000:00:02.0: [drm] Screen Object display unit initialized
[ 2.709080] vmwgfx 0000:00:02.0: [drm] Fifo max 0x00200000 min 0x00001000 cap 0x00000355
[ 2.709361] vmwgfx 0000:00:02.0: [drm] Using command buffers with DMA pool.
[ 2.709375] vmwgfx 0000:00:02.0: [drm] Available shader model: Legacy.
[ 2.709383] [drm:vmw_host_printf [vmwgfx]] ERROR Failed to send host log message.
[ 2.711930] fbcon: svgadrmfb (fb0) is primary device
[ 2.712963] Console: switching to colour frame buffer device 100x37
[ 2.720378] [drm] Initialized vmwgfx 2.20.0 20211206 for 0000:00:02.0 on minor 0
[ 2.740844] usb 2-1: new full-speed USB device number 2 using ohci-pci
[ 2.864507] sr 2:0:1:0: [sr0] scsi3-mmc drive: 32x/32x xa/form2 tray
[ 2.864513] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 2.890259] e1000 0000:00:03.0 eth0: (PCI:33MHz:32-bit) 08:00:27:7a:de:7d
[ 2.890268] e1000 0000:00:03.0 eth0: Intel(R) PRO/1000 Network Connection
[ 2.892451] sr 2:0:1:0: Attached scsi CD-ROM sr0
[ 2.892799] sd 1:0:0:0: [sda] 41943040 512-byte logical blocks: (21.5 GB/20.0 GiB)
[ 2.892810] sd 1:0:0:0: [sda] Write Protect is off
[ 2.892813] sd 1:0:0:0: [sda] Mode Sense: 00 3a 00 00
[ 2.892828] sd 1:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 2.892850] sd 1:0:0:0: [sda] Preferred minimum I/O size 512 bytes
[ 2.953642] sda: sda1 sda2 < sda5 >
[ 2.953808] sd 1:0:0:0: [sda] Attached SCSI disk
[ 3.028940] usb 1-1: New USB device found, idVendor=2357, idProduct=0120, bcdDevice= 2.00
[ 3.028946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3.028948] usb 1-1: Product: 802.11ac WLAN Adapter
[ 3.028950] usb 1-1: Manufacturer: Realtek
[ 3.028952] usb 1-1: SerialNumber: 00e04c000001
[ 3.058789] usb 2-1: New USB device found, idVendor=80ee, idProduct=0021, bcdDevice= 1.00
[ 3.058795] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 3.058798] usb 2-1: Product: USB Tablet
[ 3.058800] usb 2-1: Manufacturer: VirtualBox
[ 3.069952] hid: raw HID events driver (C) Jiri Kosina
[ 3.084667] usbcore: registered new interface driver usbhid
[ 3.084672] usbhid: USB HID core driver
[ 3.087009] input: VirtualBox USB Tablet as /devices/pci0000:00/0000:00:06.0/usb2/2-1/2-1:1.0/0003:80EE:0021.0001/input/input6
[ 3.087158] hid-generic 0003:80EE:0021.0001: input,hidraw0: USB HID v1.10 Mouse [VirtualBox USB Tablet] on usb-0000:00:06.0-1/input0
[ 3.331484] PM: Image not found (code -22)
[ 5.441069] EXT4-fs (sda1): mounted filesystem with ordered data mode. Quota mode: none.
[ 5.809491] Not activating Mandatory Access Control as /sbin/tomoyo-init does not exist.
[ 7.123994] systemd[1]: Inserted module 'autofs4'
[ 7.253185] systemd[1]: systemd 252.1-1 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[ 7.253191] systemd[1]: Detected virtualization oracle.
[ 7.253196] systemd[1]: Detected architecture x86-64.
[ 7.314100] systemd[1]: Hostname set to
Thanks. Unfortunately that is unreadable. Please attach the txt file
@poliang95 thanks. Same conditions: KALI + ZSH + sudo == segmentation fault. Are you running KALI inside a VM? To identify what caused it exactly (zsh or sudo), please run hcxdumptool in a bash shell.
Also please move to su and than run hcxdumptool without sudo. $ su $ hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=79
I'm not able to reproduce that issue running this (recommended) environment (no VM):
$ uname -r
6.0.9-arch1-1
$ bash --version
bash --version
GNU bash, Version 5.1.16(1)-release (x86_64-pc-linux-gnu)
$ sudo --version
sudo --version
Sudo version 1.9.12p1
Sudoers policy plugin version 1.9.12p1
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.12p1
Sudoers audit plugin version 1.9.12p1
running as expected
$ sudo hcxdumptool -i wlp39s0f3u1u4 -o dumpfile.pcapng --active_beacon --enable_status=79
initialization of hcxdumptool 6.2.7-16-g29c1743 (depending on the capabilities of the device, this may take some time)...
start capturing (stop with ctrl+c)
NMEA 0183 PROTOCOL........: N/A
PHYSICAL INTERFACE........: phy1
INTERFACE NAME............: wlp39s0f3u1u4
INTERFACE PROTOCOL........: IEEE 802.11
INTERFACE TX POWER........: 20 dBm (lowest value reported by the device)
INTERFACE HARDWARE MAC....: 74da38f84e1b (not used for the attack)
INTERFACE VIRTUAL MAC.....: 74da38f84e1b (not used for the attack)
DRIVER....................: mt7601u
DRIVER VERSION............: 6.0.9-arch1-1
DRIVER FIRMWARE VERSION...: N/A
openSSL version...........: 1.0
ERRORMAX..................: 100 errors
BPF code blocks...........: 0
FILTERLIST ACCESS POINT...: 0 entries
FILTERLIST CLIENT.........: 0 entries
FILTERMODE................: unused
WEAK CANDIDATE............: 12345678
ESSID list................: 0 entries
ACCESS POINT (ROGUE)......: 00269f5915d4 (BROADCAST WILDCARD used for the attack)
ACCESS POINT (ROGUE)......: 00269f5915d5 (BROADCAST OPEN used for the attack)
ACCESS POINT (ROGUE)......: 00269f5915d6 (used for the attack and incremented on every new client)
CLIENT (ROGUE)............: c8aaccdffec1
EAPOLTIMEOUT..............: 20000 usec
EAPOLEAPTIMEOUT...........: 2500000 usec
REPLAYCOUNT...............: 63452
ANONCE....................: 03aefc3b31c004bdf6d6e50de95d73993eee9abe8970e5f679f5bd34ddc6b1c6
SNONCE....................: 1ef853835f24e5e9ca996f555a9fa076c73b2a4c7f0dae5cce5f82a791d0dfef
TIME FREQ/CH MAC_DEST MAC_SOURCE ESSID [FRAME TYPE]
07:02:20 2417/2 ffffffffffff a58094302cc2f TEST_NET [BEACON]
07:03:00 2467/12 ERROR:0 INCOMING:763 AGE:2 OUTGOING:758 PMKIDROGUE:0 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:04:00 2412/1 ERROR:0 INCOMING:3359 AGE:1 OUTGOING:1936 PMKIDROGUE:0 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:05:00 2422/3 ERROR:0 INCOMING:6205 AGE:5 OUTGOING:3060 PMKIDROGUE:1 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:06:00 2432/5 ERROR:0 INCOMING:7464 AGE:1 OUTGOING:4225 PMKIDROGUE:2 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:07:00 2442/7 ERROR:0 INCOMING:10011 AGE:1 OUTGOING:5372 PMKIDROGUE:2 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:08:00 2452/9 ERROR:0 INCOMING:11076 AGE:1 OUTGOING:6550 PMKIDROGUE:2 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:09:00 2462/11 ERROR:0 INCOMING:12260 AGE:17 OUTGOING:7737 PMKIDROGUE:2 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
...
07:10:00 2472/13 ERROR:0 INCOMING:13614 AGE:1 OUTGOING:8906 PMKIDROGUE:2 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
^C
terminating...
Tried again to force the "segmentation error" - no luck:
$ sudo gdb --args ./hcxdumptool -i wlp39s0f3u1u4 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79
GNU gdb (GDB) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./hcxdumptool...
(gdb) set logging on
(gdb) r
Starting program: /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool -i wlp39s0f3u1u4 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
initialization of hcxdumptool 6.2.7-22-gc65aac5 (depending on the capabilities of the device, this may take some time)...
[Detaching after vfork from child process 6442]
[Detaching after vfork from child process 6443]
[Detaching after vfork from child process 6444]
[Detaching after vfork from child process 6445]
[Detaching after vfork from child process 6446]
[Detaching after vfork from child process 6447]
start capturing (stop with ctrl+c)
...
^C
Program received signal SIGINT, Interrupt.
0x00007ffff71169a0 in pselect () from /usr/lib/libc.so.6
(gdb)
By latest commit, I added uncommented debug options. Please to a fresh git clone uncomment debug information in Makefile
to CFLAGS += -ggdb -fsanitize=address
$ make clean $ make $ sudo gdb --args ./hcxdumptool -i wlp39s0f3u1u4 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79 on (gdb) prompt type "set logging on" and "r" (gdb) set logging on (gdb) r now hcxdumptool will start and everything went in gdb.txt log file wait for the segmentaion fault quit gdb (gdb) q confirm with y than attach gdb.txt file here.
If the error is caused by hcxdumptool, you'll see something similar to this (example code to force an error):
=================================================================
==10689==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffe5d0 at pc 0x555555555280 bp 0x7fffffffe570 sp 0x7fffffffe560
WRITE of size 1 at 0x7fffffffe5d0 thread T0
#0 0x55555555527f in main /home/zerobeat/temp/sonstige/Simple.c:30
#1 0x7ffff763c28f (/usr/lib/libc.so.6+0x2328f)
#2 0x7ffff763c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349)
#3 0x5555555550d4 in _start ../sysdeps/x86_64/start.S:115
Address 0x7fffffffe5d0 is located in stack of thread T0 at offset 64 in frame
#0 0x5555555551b8 in main /home/zerobeat/temp/sonstige/Simple.c:24
This frame has 1 object(s):
[32, 64) 'essidlen' (line 26) <== Memory access at offset 64 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/zerobeat/temp/sonstige/Simple.c:30 in main
Shadow bytes around the buggy address:
0x10007fff7c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007fff7cb0: 00 00 f1 f1 f1 f1 00 00 00 00[f3]f3 f3 f3 00 00
0x10007fff7cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10007fff7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10689==ABORTING
[Inferior 1 (process 10689) exited with code 01]
(gdb)
Thanks. Unfortunately that is unreadable. Please attach the txt file Hello as requested
Thanks. Unfortunately nothing inside that can help us. Her hcxdumptool entered promiscuous mode: [ 6119.561985] device wlan0 entered promiscuous mode ... [25633.095296] Sending monitor positions (8 of them) to the host: VINF_SUCCESS here ends the log.
Looks like we need to take a look at gdb.txt log to figure out whats going on.
Thank you for your feedback , below is my comment : I have changed root password since i don't know the default one . script : Test .sh `
su root -c 'hcxdumptool -i wlan0 -o dumpfile.pcapng --active_beacon --enable_status=79'
` Output of the Script :
i got "Segmentation fault" , please refer to attached file..
PS : i have changed the values of "MAC_SOURCE" " ESSID" in the file ..so please ignore this ..
Thanks. We need the exact position where the segmentation error occur. I still have no idea where this happens
BTW:
--enable_status=64 will show only status messages (every minute one) - that's enough to hunt for the issue.
07:04:00 2412/1 ERROR:0 INCOMING:3359 AGE:1 OUTGOING:1936 PMKIDROGUE:0 PMKID:0 M1M2ROGUE:0 M1M2:0 M2M3:0 M3M4:0 M3M4ZEROED:0 GPS:0
Now, as you changed the password, you can run gdb as described here: https://github.com/ZerBea/hcxdumptool/issues/231#issuecomment-1326054533 Maybe the gdb.txt log is more useful for us.
Just dived into KALI documentation and noticed that bash is still present. To move to bash open a terminal than type $ bash $ hcxdumptool -i wlan0-o dumpfile.pcapng --active_beacon --enable_status=15 now hcxdumptool should run inside a bash shell
git clone https://github.com/ZerBea/hcxdumptool
Thank you for your feedback , below is my comments : 1- git clone https://github.com/ZerBea/hcxdumptool ` └─# git clone https://github.com/ZerBea/hcxdumptool Cloning into 'hcxdumptool'... remote: Enumerating objects: 4244, done. remote: Counting objects: 100% (935/935), done. remote: Compressing objects: 100% (352/352), done. remote: Total 4244 (delta 613), reused 746 (delta 582), pack-reused 3309 Receiving objects: 100% (4244/4244), 1.40 MiB | 1000.00 KiB/s, done. Resolving deltas: 100% (2875/2875), done.
`
2.Take backup of Makefile
` ┌──(root㉿kali)-[/home/dimitri/Lab/hcxdumptool] └─# ls -ltra total 488 drwxr-xr-x 3 dimitri dimitri 4096 Nov 24 04:50 .. -rw-r--r-- 1 root root 12120 Nov 24 04:50 README.md -rw-r--r-- 1 root root 1670 Nov 24 04:50 Makefile -rw-r--r-- 1 root root 123 Nov 24 04:50 .gitmodules -rw-r--r-- 1 root root 21 Nov 24 04:50 .gitignore drwxr-xr-x 2 root root 4096 Nov 24 04:50 docs -rw-r--r-- 1 root root 71647 Nov 24 04:50 changelog -rw-r--r-- 1 root root 217 Nov 24 04:50 Android.mk -rw-r--r-- 1 root root 161 Nov 24 04:50 AndroidManifest.xml drwxr-xr-x 2 root root 4096 Nov 24 04:50 usefulscripts drwxr-xr-x 2 root root 4096 Nov 24 04:50 man -rw-r--r-- 1 root root 1081 Nov 24 04:50 license.txt drwxr-xr-x 2 root root 4096 Nov 24 04:50 jni drwxr-xr-x 3 root root 4096 Nov 24 04:50 include -rw-r--r-- 1 root root 8889 Nov 24 04:50 hcxpioff.c -rw-r--r-- 1 root root 342900 Nov 24 04:50 hcxdumptool.c drwxr-xr-x 8 root root 4096 Nov 24 04:50 .git drwxr-xr-x 8 root root 4096 Nov 24 04:50 .
┌──(root㉿kali)-[/home/dimitri/Lab/hcxdumptool] └─# cp Makefile Makefile.bk
`
$ make clean $ make $ sudo gdb --args ./hcxdumptool -i wlan0 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79
This is the output :
` └─$ sudo gdb --args ./hcxdumptool -i wlan0 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79 GNU gdb (Debian 12.1-4) 12.1 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: https://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at: http://www.gnu.org/software/gdb/documentation/.
For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./hcxdumptool... (gdb) set logging on Warning: 'set logging on', an alias for the command 'set logging enabled', is deprecated. Use 'set logging enabled on'.
Copying output to gdb.txt. Copying debug output to gdb.txt. (gdb) r Starting program: /home/dimitri/Lab/hcxdumptool/hcxdumptool -i wlan0 -o /tmp/dumpfile.pcapng --active_beacon --enable_status=79 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". initialization of hcxdumptool 6.2.7-24-gc94f076 (depending on the capabilities of the device, this may take some time)... [Detaching after vfork from child process 2016] [Detaching after vfork from child process 2018] [Detaching after vfork from child process 2020] [Detaching after vfork from child process 2022] [Detaching after vfork from child process 2024] [Detaching after vfork from child process 2026]
start capturing (stop with ctrl+c) NMEA 0183 PROTOCOL........: N/A PHYSICAL INTERFACE........: phy0 INTERFACE NAME............: wlan0 INTERFACE PROTOCOL........: unassociated INTERFACE TX POWER........: 0 dBm (lowest value reported by the device) INTERFACE HARDWARE MAC....: 1c61b41fb584 (not used for the attack) INTERFACE VIRTUAL MAC.....: da8a0fec2d7c (not used for the attack) DRIVER....................: rtl88XXau (this driver is not recommended - expect driver errors) DRIVER VERSION............: 6.0.0-kali3-amd64 DRIVER FIRMWARE VERSION...: openSSL version...........: 1.0 ERRORMAX..................: 100 errors BPF code blocks...........: 0 FILTERLIST ACCESS POINT...: 0 entries FILTERLIST CLIENT.........: 0 entries FILTERMODE................: unused WEAK CANDIDATE............: 12345678 ESSID list................: 0 entries ACCESS POINT (ROGUE)......: 000c538b01de (BROADCAST WILDCARD used for the attack) ACCESS POINT (ROGUE)......: 000c538b01df (BROADCAST OPEN used for the attack) ACCESS POINT (ROGUE)......: 000c538b01e0 (used for the attack and incremented on every new client) CLIENT (ROGUE)............: d85dfbd3117a EAPOLTIMEOUT..............: 20000 usec EAPOLEAPTIMEOUT...........: 2500000 usec REPLAYCOUNT...............: 61971 ANONCE....................: 6809870ca6b21f3b4b8d6517467c1e235295d6553bd97c76d9c1cac2bdcdc162 SNONCE....................: 4f0f2bfa99dbf41cc4f84604e43d02062c59a1fc87da94c7043f5890be5bf093
==2009==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5555555e8a40 at pc 0x7ffff7848061 bp 0x7fffffffdfa0 sp 0x7fffffffd750 WRITE of size 29952 at 0x5555555e8a40 thread T0
#1 0x5555555786b3 in detectweakwpa /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:3670
#2 0x55555558593b in printeapol /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:3769
#3 0x55555559d742 in process80211eapol_m2 /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:3994
#4 0x55555559d742 in process80211eapol /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:4263
#5 0x5555555a4aff in process80211eap /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:4283
#6 0x5555555a4aff in process_packet /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:5765
#7 0x5555555abbae in process_fd /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:6108
#8 0x555555570b5d in main /home/dimitri/Lab/hcxdumptool/hcxdumptool.c:9512
#9 0x7ffff7046189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x7ffff7046244 in __libc_start_main_impl ../csu/libc-start.c:381
#11 0x555555572560 in _start (/home/dimitri/Lab/hcxdumptool/hcxdumptool+0x1e560)
0x5555555e8a40 is located 32 bytes to the left of global variable 'keymic' defined in 'hcxdumptool.c:3655:16' (0x5555555e8a60) of size 16
0x5555555e8a40 is located 0 bytes to the right of global variable 'eapoltmp' defined in 'hcxdumptool.c:3657:16' (0x5555555e8640) of size 1024
SUMMARY: AddressSanitizer: global-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0aab2aab50f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0aab2aab5140: 00 00 00 00 00 00 00 00[f9]f9 f9 f9 00 00 f9 f9
0x0aab2aab5150: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9
0x0aab2aab5160: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0aab2aab5170: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x0aab2aab5180: f9 f9 f9 f9 00 00 00 00 00 00 00 00 01 f9 f9 f9
0x0aab2aab5190: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2009==ABORTING
[Inferior 1 (process 2009) exited with code 01]
(gdb) q
Please find attached the gdb.txt file
` gdb.txt
Just dived into KALI documentation and noticed that bash is still present. To move to bash open a terminal than type $ bash $ hcxdumptool -i wlan0-o dumpfile.pcapng --active_beacon --enable_status=15 now hcxdumptool should run inside a bash shell
Thank you , same error
Segmentation fault
Great, thanks.
Now I'm able to reproduce the segmentation fault:
debug detektweak
=================================================================
==2572==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5555555e8a80 at pc 0x7ffff785f427 bp 0x7fffffffe6a0 sp 0x7fffffffde48
WRITE of size 38656 at 0x5555555e8a80 thread T0
#0 0x7ffff785f426 in __interceptor_memcpy /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
#1 0x555555578716 in detectweakwpa /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:3677
#2 0x5555555859db in printeapol /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:3775
#3 0x55555559ca0d in process80211eapol_m3 /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:3967
#4 0x55555559ca0d in process80211eapol /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:4270
#5 0x5555555a4a7a in process80211eap /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:4289
#6 0x5555555a4a7a in process_packet /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:5771
#7 0x5555555abe8e in process_fd /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:6114
#8 0x555555570b8d in main /home/zerobeat/Source/Programme/git_hcxdumptool/hcxdumptool.c:9518
#9 0x7ffff703c28f (/usr/lib/libc.so.6+0x2328f)
#10 0x7ffff703c349 in __libc_start_main (/usr/lib/libc.so.6+0x23349)
#11 0x5555555725a4 in _start ../sysdeps/x86_64/start.S:115
0x5555555e8a80 is located 32 bytes to the left of global variable 'keymic' defined in 'hcxdumptool.c:3660:16' (0x5555555e8aa0) of size 16
0x5555555e8a80 is located 0 bytes to the right of global variable 'eapoltmp' defined in 'hcxdumptool.c:3662:16' (0x5555555e8680) of size 1024
SUMMARY: AddressSanitizer: global-buffer-overflow /usr/src/debug/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0aab2aab5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0aab2aab5140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0aab2aab5150:[f9]f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0aab2aab5160: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
0x0aab2aab5170: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
0x0aab2aab5180: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x0aab2aab5190: 00 00 00 00 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
0x0aab2aab51a0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2572==ABORTING
[Inferior 1 (process 2572) exited with code 01]
Ok, pushed an update. This commit should fix the segmentation fault: https://github.com/ZerBea/hcxdumptool/commit/a64983fc50b7a29cb77e33d4b93fa12c0a6a28f1 Please try.
Found some more problems when detecting weak EAPOL and fixed them. Please test latest git head. If everything is working as expected, we can close this issue report.
Thank you , it works fine but now i am not able to found dumpfile.pcapng , file has not been generated ...
hcxdumptool -i wlan0 dumpfile.pcapng --active_beacon --enable_status=15
my directory has generated the below files...
-rw------- 1 dimitri dimitri 4751 Nov 24 16:17 .zsh_history -rw------- 1 dimitri dimitri 49 Nov 24 16:19 .Xauthority -rw-r----- 1 dimitri dimitri 4 Nov 24 16:19 .vboxclient-clipboard.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 16:19 .vboxclient-seamless.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 16:19 .vboxclient-draganddrop.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 16:19 .vboxclient-display-svga-x11.pid -rw------- 1 dimitri dimitri 5651 Nov 24 16:19 .xsession-errors
Hello , also i would like to keep only one hcxdumptool directory , i have noticed that i have created 2 since i was doing some testing with Makefile and bash scripts ..., Please how to clean and keep only one ...or how to remove all then i can install the fresh one ...
directory : /home/dimitri
-rw------- 1 dimitri dimitri 20 Nov 23 09:04 .lesshst drwxr-xr-x 3 root root 4096 Nov 23 19:01 hs -rw------- 1 dimitri dimitri 77 Nov 24 10:41 .bash_history drwxr-xr-x 9 dimitri dimitri 4096 Nov 24 10:49 hcxdumptool drwxr-xr-x 3 dimitri dimitri 4096 Nov 24 15:40 Lab -rw------- 1 dimitri dimitri 4827 Nov 24 16:23 .zsh_history -rw------- 1 dimitri dimitri 6056 Nov 24 16:23 .xsession-errors.old -rw------- 1 dimitri dimitri 49 Nov 24 23:30 .Xauthority -rw-r----- 1 dimitri dimitri 4 Nov 24 23:30 .vboxclient-clipboard.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 23:30 .vboxclient-seamless.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 23:30 .vboxclient-draganddrop.pid -rw-r----- 1 dimitri dimitri 4 Nov 24 23:30 .vboxclient-display-svga-x11.pid -rw------- 1 dimitri dimitri 5723 Nov 24 23:30 .xsession-errors drwxr-xr-x 19 dimitri dimitri 4096 Nov 24 23:31 .
directory : /home/dimitri/Lab
-rw-r--r-- 1 dimitri dimitri 1560 Nov 24 04:00 log.tmp -rwx------ 1 root root 180 Nov 24 04:15 Test.sh drwxr-xr-x 3 dimitri dimitri 4096 Nov 24 15:40 . drwxr-xr-x 9 root root 4096 Nov 24 15:40 hcxdumptool drwxr-xr-x 19 dimitri dimitri 4096 Nov 24 23:31 ..
Dump files are always stored int that directory from which you started hcxdumptool. E.g. if you start hcxdumptool -o dumpfile.pcapng from /tmp your dump file is in /tmp/dumpfile.pcapng I suggest to remove all hcxdumptool git clones. Than get a fresh one $ git clone https://github.com/ZerBea/hcxdumptool $ cd hcxdumptool $ make $ make sudo make install now create a working directory in $HOME (e.g. dumpfiles) from now on, it is enough to tell hcxdumptool where this directory is: $ hcxdumptool -i wlan0 -o $HOME/dumpfiles/dumpfile.pcapng --active_beacon --enable_status=15
This applies to all hcxtools. E.g. hcxpcapngtool create a hash directory in $HOME (e.g. hashfiles) from now on, it is enough to tell hcxpcapngtool where this directory is: $ hcxpcapngtool -o $HOME/hashfiles/hash.hc22000 $HOME/dumpfiles/. or create an additional wordlist folder to store weak candidates in $HOME (e.g. wordlists) $ hcxpcapngtool -o $HOME/hashfiles/hash.hc22000 -R $HOME/wordlists/prlist $HOME/dumpfiles/. That allow hashcat to test weak candidates: $ hashcat -m 22000 $HOME/hashfiles/hash.hc22000 $HOME/wordlists/prlist
Thank you , but how to remove all hcxdumptool git clones ?
how to remove all hcxdumptool git clones ?
Please cofirm : rm -r hcxdumptool , is it enough to remove all hcxdumptool git clones ?
$ rm -r hcxdumptool will only remove the clone in the current directory $ git clone https://github.com/ZerBea/hcxdumptool will create a new one $ make install will overwrite hcxdumptool located in bin
$ rm -r hcxdumptool will only remove the clone in the current directory $ git clone https://github.com/ZerBea/hcxdumptool will create a new one $ make install will overwrite hcxdumptool located in bin
Thank you so much, for your excellent support.
So below are my observations related to hcxdumptool command :
1) - I got error -> failed to read packet: Network , please refer to the attached file (Network is down.txt)
2)- after this error , I have sent again the command without rebooting the system , i got error --> Operation not permitted , please refer to the attached file (Operation not permitted.txt)
3)-after that , I have rebooted the system with command " reboot " and now i am not able to receive data means NO (TIME FREQ/CH MAC_DEST MAC_SOURCE ESSID [FRAME TYPE] ) ,I run this command for more than 5 min . please refer to the attached file (No_TIME_FREQ_MAC_DEST _MAC_SOURCE_ESSID.txt)
No_TIME_FREQ_MAC_DEST _MAC_SOURCE_ESSID.txt
4: finally , I shutdown the system and restart again VM , and start Kali ..and executed the same command , it works fine BUT the dumpfile.pcapng file is not generated , i run this command for more than 4 mins , please refer to the attached file (dumpfile.pcapng file is not generated.txt)
dumpfile.pcapng file is not generated.txt
Thank you
This is a system message:
failed to read packet: Network is down
The device was disconnected either by the VM or a broken cable.
failed to set monitor mode, ioctl(SIOCSIWMODE) not supported by driver: Operation not permitted
Related to the first problem. The device is still disconnected.
You have to investigate why the VM disconnect the device.
sudo hcxdumptool -i wlan0 /home/dimitri/dumpfiles/dumpfile.pcapng --active_beacon --enable_status=15
The dump file was not stored because you missed the option switch (-o). Correct command ist:
sudo hcxdumptool -i wlan0 -o /home/dimitri/dumpfiles/dumpfile.pcapng --active_beacon --enable_status=15
This is a system message:
failed to read packet: Network is down
The device was disconnected either by the VM or a broken cable.
failed to set monitor mode, ioctl(SIOCSIWMODE) not supported by driver: Operation not permitted
Related to the first problem. The device is still disconnected. You have to investigate why the VM disconnect the device.
sudo hcxdumptool -i wlan0 /home/dimitri/dumpfiles/dumpfile.pcapng --active_beacon --enable_status=15
The dump file was not stored because you missed the option switch (-o). Correct command ist:sudo hcxdumptool -i wlan0 -o /home/dimitri/dumpfiles/dumpfile.pcapng --active_beacon --enable_status=15
Thank you so much for your excellent support and help, it works fine , please you can close this thread.
You're welcome.
Hello
I am using the below command and it works fine , i can get the beacon, ESSID ...but i am getting the below error
zsh: segmentation fault sudo hcxdumptool -i wlan0 -o output.pcapng --enable_status=15
Do you have any idea ?
Thanks