Initialize timeout

[jllang763]

I recently got crackq deployed and have been performing some testing. When I submit a brute-force of an NTLM hash. The job sits in the queue for some time and then goes to a timeout status.

[f0cker]

Do you see any errors/warnings when you click on Details?

[jllang763]

I get an Unauthorized message.

[f0cker]

That's odd, are you viewing it as the same user you created the job with?

Can you let me know the rest of the details for the job you submitted so I can reproduce please?

mask etc

I think the most common cause for this is when username is selected for a hash type that does not support it, it would give you an indicator in the Details when this happens usually.

[jllang763]

Yes, I am using the same username. Here is a screenshot of the job details.

[jllang763]

The hash I am submitting in once that this same system cracked using hashcat directly.

[jllang763]

Is there a way to turn on debug so I can do some troubleshooting.

[f0cker]

Ah I was going to suggest that the mask is too big, which happens sometimes with Hashcat, but if it's working from the cli then it's not that. To enable debugging you need to modify the log_config.ini in the docker container, which is a bit clunky I know:

docker exec -it crackq /bin/bash "sed -i 's/INFO/DEBUG/g' crackq/log_config.ini"

Beware it's very verbose at the moment.

[f0cker]

OK I can reproduce it and get the following in the job details: "ERROR: Integer overflow detected in keyspace of mask: ?3?3?3?3?3?3?3?3?3?3?3?3?3?3?3"

This is error message comes directly from hashcat, are you sure the same mask works from the cli?

It seems you are hitting a bug with the job details not showing though, can you enable dev tools in your browser and check if it's a 401 response from the server or just a problem with the GUI display? Thanks for reporting this.

[jllang763]

The hashcat command I have been using is hashcat -a 3 -m 1000 hashes.ntml.txt -O -w 3 -1 ?l?u?d?s ?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1?1 -i --increment-min=8 --increment-max=16 -o cracked.html.txt. Maybe it is because I start at 8 and not 1 chars. Am I able to pass those parms to crackq?

[jllang763]

As for the UI, the dev tool in chrome is not showing any errors

[f0cker]

I've just been working on adding increment actually and I will be pushing it to a new branch later today, but I haven't added increment-min/max yet. The other options are already set statically (-O -w). I might quickly add in increment-min/max tonight or over the weekend, it shouldn't take long.

For the UI/unauthorized issue, do you see the job details request return the details for the job in the dev-tools network tab or is it actually a 401? Just trying to figure out if the problem is the API or the GUI. The request will look like this: https://crackq.org/api/queuing/12ffa10b6a274469b726858c252d3e1b

[jllang763]

So I got the brute-force running with a 9 char mask. As for the UI, that call appears to return a 401.

[jllang763]

nginx logs {IP} - - [11/Jun/2020:15:21:32 +0000] "GET /api/queuing/failedless HTTP/1.1" 200 3 "https://server/failed" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "-" {IP} - - [11/Jun/2020:15:21:34 +0000] "GET /api/queuing/failed HTTP/1.1" 200 105 "https://server/failed" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "-" {IP} - - [11/Jun/2020:15:21:40 +0000] "GET /api/queuing/351309f76af8450ea1ca33bd387c3828 HTTP/1.1" 200 4 "https://server/failed" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" "-"

[jllang763]

If I browse directly to the URI it returns a "401". If I browse directly to a different job id I get a json content.

[f0cker]

OK so somehow that job has been disassociated with your user account. The only time I've had this in testing has been when I've persisted the SQLite DB over when updating to a new version, but that doesn't seem to be the case here. I think this one is going to be hard to reproduce.

[f0cker]

Give this branch a go if you need --increment, I'll add max/min to it soon as well:

https://github.com/f0cker/crackq/tree/gui_updates

[jllang763]

I will once the current crack session finishes.

[f0cker]

Do you think you can reproduce the 401/Unauthorized issue?

[jllang763]

I have not seen it since.

[f0cker]

I'm going to close this off, but feel free to re-open it if happens again.