hashtopolis / server

Hashtopolis - distributed password cracking with Hashcat
GNU General Public License v3.0
1.46k stars 223 forks source link

"Integer Overflow Detected In Keyspace For...." #213

Closed Console closed 7 years ago

Console commented 7 years ago
Hashtopussy: 0.3.2
Client Version 0.43.13
Task Command: -a 3 -w 4 -1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ #HL# ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
Hashformat: 5500 (NetNTLMv1-VANILLA / NetNTLMv1+ESS) 

First issue. Attempting the task command: -a 3 -w 4 #HL# results in a stack trace from hashtopussy

Hashcat version v3.6.0 found
Getting task
{"action":"task","token":"YrxjKrQwIj"}
{"action":"task","response":"SUCCESS","task":44,"attackcmd":"-a 3 -w 4 #HL#","cmdpars":"--force --gpu-temp-disable --hash-type=5500","hashlist":3,"bench":30,"statustimer":5,"files":[],"benchType":"run","hashlistAlias":"#HL#"}
Downloading hashlist for this task, please wait...
{"action":"hashes","token":"YrxjKrQwIj","hashlist":3}
Getting chunk...
{"action":"chunk","token":"YrxjKrQwIj","taskId":44}
{"action":"chunk","response":"SUCCESS","status":"keyspace_required"}
Server has requested the client to measure the keyspace for this task
Something went wrong with keyspace measuring

Unhandled Exception:
System.FormatException: Input string was not in a correct format.
  at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Convert.ToInt64 (System.String value) [0x0000c] in <a07d6bf484a54da2861691df910339b1>:0 
  at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.FormatException: Input string was not in a correct format.
  at System.Number.StringToNumber (System.String str, System.Globalization.NumberStyles options, System.Number+NumberBuffer& number, System.Globalization.NumberFormatInfo info, System.Boolean parseDecimal) [0x00057] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Number.ParseInt64 (System.String value, System.Globalization.NumberStyles options, System.Globalization.NumberFormatInfo numfmt) [0x00016] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Int64.Parse (System.String s, System.IFormatProvider provider) [0x00008] in <a07d6bf484a54da2861691df910339b1>:0 
  at System.Convert.ToInt64 (System.String value) [0x0000c] in <a07d6bf484a54da2861691df910339b1>:0 
  at hashtopussy.hashcatClass.parseKeyspace (System.String line, System.Int64& keySpace) [0x0000e] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.hashcatClass.runKeyspace (System.Int64& keySpace) [0x00139] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.taskClass.getChunk (System.Int32 inTask) [0x00325] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.taskClass.getTask () [0x002f1] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 
  at hashtopussy.Program.Main (System.String[] args) [0x001f9] in <7a7f1fcab7204586a6876fb631c6c5e2>:0 

Assuming this was down to not specifying a mask (though hashcat is meant to handle this due to having default values set as per: https://hashcat.net/wiki/doku.php?id=hashcat#default_values) I decided to specify the mask along with the custom character space required.

Which resulted in the following error message being reported by hashtopussy

Getting task
{"action":"task","token":"YrxjKrQwIj"}
{"action":"task","response":"SUCCESS","task":46,"attackcmd":"-a 3 -w 4 -1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ #HL# ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d","cmdpars":"--force --gpu-temp-disable --hash-type=5500","hashlist":3,"bench":30,"statustimer":5,"files":[],"benchType":"run","hashlistAlias":"#HL#"}
Downloading hashlist for this task, please wait...
{"action":"hashes","token":"YrxjKrQwIj","hashlist":3}
Getting chunk...
{"action":"chunk","token":"YrxjKrQwIj","taskId":46}
{"action":"chunk","response":"SUCCESS","status":"keyspace_required"}
Server has requested the client to measure the keyspace for this task
Integer overflow detected in keyspace of mask: ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d
{"action":"error","token":"YrxjKrQwIj","task":46,"message":"Invalid keyspace, keyspace probably too small for this hashtype"}

No idea whats going on as the task command itself running using hashcat standalone works fine on the machine as is.

winxp5421 commented 7 years ago

Can you post a screenshot of your task from the web panel "-a 3 -w 4 #HL#" does not look right to me.

When dealing with "special" characters in the commands you really should use hcchar files to reduce potential escape character confusion with the software.

winxp5421 commented 7 years ago

Oh i see what you mean with "-a 3 -w 4 #HL#" hashcat should be using ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d by default. you really should be using a full mask with hashtopussy and not leave this blank.

run -a 3 -w 4 -1 ?l?d?u -2 ?l?d -3 ?l?d*!$@_ #HL# ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d as the attack command but put the special characters in a hcchar file

If you need an example -a3 -1?u?d -2?l?d?u -3 LowDigSp.hcchar #HL# ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d

Where LowDigSp.hcchar contains "?l?d*!$@_"

winxp5421 commented 7 years ago

You also should not be using -w4 in the attack command.. -w should only be used per client in the client specific parameters... like --gpu-temp-disable etc.

winxp5421 commented 7 years ago

Oh and as an added tip, -1 ?u?l?d contains [Space] whereas -1?u?l?d would not.

winxp5421 commented 7 years ago

Ok, so here is another perfect example of hashcats Overflow feature. this is not exactly a hashtopussy "issue" this is hashcat telling you the keyspace you are trying to run is "unreasonable"

hashcat64.exe --keyspace -a 3 -1?l?d?u -2?l?d -3?l?d*!$@_ ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d results in an overflow because this keyspace integer (result) is larger than 64bits and there for unreasonable to run.

winxp5421 commented 7 years ago

you are welcome to read up on Atom's response to this here https://hashcat.net/forum/thread-6588.html?highlight=Overflow

Console commented 7 years ago

Thanks for clearing that one up! :+1: and for the suggested improvements to my tasking too!

Apologies for raising a non-issue.

winxp5421 commented 7 years ago

No no i would rather have you post a potential issue than not post at all. Thanks for using and testing our software!

SSLEIVA commented 6 years ago

Most likely, it is giving error because there is a very large integer in the database, for example unixtimestamp (milliseconds)