Client does not detect and pass small keyspaces to the server.

[helloworldwh]

Current Server Version - 0.3.2 Current Client Version - 0.43.13 Task Command: -a0 #HL# word.txt Debug Output - Client Version 0.43.13 Checking for client updates {"action":"update","type":"csharp","version":"0.43.13"} {"action":"update","response":"SUCCESS","version":"OK"} You are using the latest client version System is Linux Existing token found {"action":"login","token":"M6IryWn7bM"} {"action":"login","response":"SUCCESS","timeout":"30"} Logged in to server {"action":"download","type":"hashcat","token":"M6IryWn7bM","force":0} Hashcat version found Getting task {"action":"task","token":"M6IryWn7bM"} {"action":"task","response":"SUCCESS","task":12,"attackcmd":"-a3 #HL# word.txt ?a?a?a?a?a?a?a?a ","cmdpars":" --hash-type=0","hashlist":8,"bench":30,"statustimer":5,"files":["word.txt"],"benchType":"speed","hashlistAlias":"#HL#"} Downloading hashlist for this task, please wait... {"action":"hashes","token":"M6IryWn7bM","hashlist":8} Getting chunk... {"action":"chunk","token":"M6IryWn7bM","taskId":12} {"action":"chunk","response":"SUCCESS","status":"keyspace_required"} Server has requested the client to measure the keyspace for this task Something went wrong with keyspace measuring

Unhandled Exception: System.FormatException: Input string was not in a correct format. at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in :0 at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in :0 at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in :0 at System.Convert.ToInt64 (System.String value) [0x0000c] in :0 at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.FormatException: Input string was not in a correct format. at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in :0 at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in :0 at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in :0 at System.Convert.ToInt64 (System.String value) [0x0000c] in :0 at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0

Problem Description: I am totally new to hash cracking so this could be a very simple fix. I have upload word.txt which contains "password" to the files portion of the site. I have also uploaded hash.txt containing the hash for "password" to the hashlists(this is using MD5). I then created a new task with this hashlist and word.txt. When I run mono ./hashtopussy.exe, it is giving me the above error. I am running ubuntu server for server and ubuntu for client if that helps. Thanks in advance for help with the noob question.

[winxp5421]

Ah yes, we welcome new people and its quite alright to be "new" at something we all where at one time or another. familiarize yourself with the hashcat modes -a3 means you are doing a Mask (bruteforce) attack only! your command "-a3 #HL# word.txt ?a?a?a?a?a?a?a?a " also has a wordlist file and hashcat is simply throwing an error as it does not know what you want done with the wordlist as you have specifically stated you want to run in "bruteforce only mode"

based on your command "-a3 #HL# word.txt ?a?a?a?a?a?a?a?a " you would need to run in -a6 which would create password candidates that have each word in your word.txt and then add 8 characters (all characters) onto the end( example: password00000000, passwordaaaaaaaa, passwordAAAAAAA ) and so on. which i do belive based on your explanation would not be what you are looking for. if you just want to run the passwords inside your txt without modification run with -a0 #HL# word.txt (straight attack)

[winxp5421]

On a secondary note, i would highly suggest working with hashcat in the CLI when you are first starting out instead of using hashtopussy. Hashtopussy is great but, you really do need to have a great understanding of how hashcat is used in the CLI before moving to a distributed solution such has Hashtopussy. You are welcome to still use HTP but, learning the fundamentals of hashcat in the CLI will be beneficial to your knowledge in the long run.

[helloworldwh]

Thank you so much for the response. I will definitely familiarize myself with the attack modes. I did see the Task Creation Guidelines page and was kind of running of that. Even if I run -a0 #HL# word.txt I still am getting the same error that my string was not in the correct format. My goal is just to input a hash, have it compare with the word.txt(which only has "password" in it) and output that it was able to find password and crack that hash. Or something like that?

As to your second comment, I am currently an intern and have been tasked with setting up hashtopussy for the office so that is where I started. I will definitely start working with hashcat and familiarize myself with it if that is what I need to do to learn how to make hashtopussy work. Thanks again for the info! @winxp5421

[winxp5421]

Hmm, would you mind posting a screen shot of the tasks.php page and the debug output of the client with the new task you generated?

[helloworldwh]

[winxp5421]

Everything looks good as far as i can see ( at first glance) can you make sure hashcat runs by itself properly without errors by running ./hashcat64.bin -b you do not have to finish the entire benchmark.

[helloworldwh]

Yes, it is running without errors except for I run "hashcat -b" as hashcat is located in /usr/local/bin/hashcat and is installed vs. just on the desktop. I think this is the right way to say it? I'm new at linux also. lol

[winxp5421]

OH, alright. Hashtopussy should automatically download hashcat it should be located in hashtopussy/hashcat hashtopussy is the folder you have hashtopussy.exe located in 1. does this folder exist and does it contain hashcat files? 2. can you run ./hashcat64.bin -b while inside that directory with a terminal?

[helloworldwh]

You are right. Hashcat is also located in hashtopussy/hashcat. It does run without errors using ./hashcat64.bin -b. I followed your videos on youtube and everything from that perspective seems to be working.

[winxp5421]

That is really strange it seems all of the major parts are there and working. Can you verify hashtopussy/hashlist/8 exists and contains your hash(s)

[helloworldwh]

Yes, the hash is there and is exactly the same as in "hash.txt" which is in the hashlist. Any other super simple beginner errors that I could be making? As I don't have a lot of knowledge of password hash cracking, and I followed your videos for the setup, the error likely has something to do with me setting up the instructions for what I want it to crack? My method - (Assume if I dont say it, I just left it at the default value) 1. upload word.txt(that contains "password") to "Files" tab 2. Create new hashlist(give it name, hashtype(0. MD5) and upload hash.txt(which contains MD5 "password" hash)) 3. Create a new Task(enter name, select Hashlist: hashlist, select Benchmark Type: Speed Test, check word.txt on right, enter Command line mentioned above) 4. change priority to 1 and mono ./hashtopussy.exe in terminal

[winxp5421]

I don't see anything incorrect in your procedure that looks fine to me. I'm sorry, this has not been a smooth experience for you.

Verify hashtopussy/file/word.txt exists and contains plain text passwords ( or "password" ) in your specific configuration.

If that file exists and contains what it is supposed to.

try running hashcat from the hashtopussy/hashcat dir ./hashcat64.bin -a0 --machine-readable --keyspace ../files/word.txt and post back the output. the output should be '1'

[helloworldwh]

Hey, sorry, had to take a lunch break haha. I think we may have found the problem. When I run that command, it is simply outputting "2". I am not sure if thats what you were expecting or not.(This is the output that it give when I put in the exact command that you gave above) Also, the word.txt does contain "password" in hashtopussy/files/word.txt @winxp5421

Also, you're all good on it not being a smooth experience for me. It has made me learn a lot about password cracking and improved my overall understanding of ubuntu.

[winxp5421]

Outputting 2 is what we are looking for. i almost wonder if having such a small keyspace is throwing an error can you try using a wordlist like rockyou or something a bit larger and see if you get the same results?

[winxp5421]

https://wiki.skullsecurity.org/Passwords is a good place to start

[helloworldwh]

Any reason it may not be letting me upload this file? I am able to open and view rockyou.txt but when I got to upload it, I add the file, and hit the "upload files" button and the page refreshes/loads and it is not there. It is also not in hashtopussy/files. I even tried waiting a couple minutes and it does not seem to be doing anything. It is still uploading the word.txt instantly.

I have also appended more words to the word.txt file and it is still giving me the same error. I think that it was also giving me this error even when I did not have the word.txt file attached if that means anything.

[winxp5421]

Probably your php settings do not allow files this large have a look here https://github.com/s3inlc/hashtopussy/wiki/Server-Prerequisites under php param.

[winxp5421]

or upload via import your choice.

[helloworldwh]

Congratulations Sir! You did it. That was the problem. I uploaded rockyou.txt, ran it and it worked just fine! I don't know how common it is to use a small file as I did( I tried one with 30 words) but you might want to put this in the "Frequent Problems" section? Anyways, thank you so much for the help.

[winxp5421]

Usually, you would not use a distributed solution for such a small task, however, this is still technically a bug so congratz to you. you found a bug your first day :). we will get someone on fixing this thanks for working with me to collect more information.

[Console]

Just to add a +1 here. I was doing some testing with the example hashes from the hashcat wiki trying to pin down an issue we were having with large SPN hashes.

Using a dictionary of:

password
password123
hashcat

Same issue with the same attack command -a0 #HL# test.dict, hashtype used was 13100 and it would bomb out every time with the exact same stacktrace as given in the screenhots by @helloworldwh.

Worked around it at the time by dropping the small dictionary/wordlist and going with -a3 #HL# -1 hasct ?1?1?1?1?1?1?1 as an attack command and that worked just fine with the same hashlist, hashtype etc.

[s3inlc]

As this issue is sitting here for more than half a year and there was a huge code change since, I close this issue now.

If the issue still persists with the newest version, please reopen.