search

hashview / hashview-old

A web front-end for password cracking and analytics
http://www.hashview.io
GNU General Public License v3.0
621 stars 134 forks source link

Specific plaintext passwords cause database import to fail #382

Closed johnnyDEP closed 5 years ago

johnnyDEP commented 6 years ago

It looks like if a password contains an escape character or a byte representation of a utf8 character a database import of plain text credentials will fail. I was able to repeat by importing creds with the '\x' sequence in them. Hopefully the stack trace will help.

This seems relevant: https://stackoverflow.com/questions/1168036/how-to-fix-incorrect-string-value-errors

09:48:56 web.1 | 2017-12-08 09:48:56 - DataObjects::SQLError - Incorrect string value: '\xE02017' for column 'plaintext' at row 1: 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-do-adapter-1.2.0/lib/dm-do-adapter/adapter.rb:194:inexecute_non_query' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-do-adapter-1.2.0/lib/dm-do-adapter/adapter.rb:194:in block in update' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-do-adapter-1.2.0/lib/dm-do-adapter/adapter.rb:276:inwith_connection' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-do-adapter-1.2.0/lib/dm-do-adapter/adapter.rb:193:in update' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/repository.rb:180:inupdate' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource/persistence_state/dirty.rb:54:in update_resource' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource/persistence_state/dirty.rb:22:incommit' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:963:in _persist' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:994:inblock in update_with_hooks' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:991:in catch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:991:inupdate_with_hooks' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:1028:in save_self' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-validations-1.2.0/lib/dm-validations.rb:54:insave_self' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:1013:in block in _save' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:1229:inrun_once' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:1012:in _save' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/resource.rb:412:insave' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-validations-1.2.0/lib/dm-validations.rb:40:in block in save' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-validations-1.2.0/lib/dm-validations/context.rb:16:inin_context' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-validations-1.2.0/lib/dm-validations.rb:40:in save' 09:48:56 web.1 | /build/hashview/helpers/cracked_importer.rb:63:inblock (2 levels) in importCracked' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/collection.rb:508:in block in each' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/support/lazy_array.rb:411:inblock in each' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/support/lazy_array.rb:411:in each' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/support/lazy_array.rb:411:ineach' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/dm-core-1.2.1/lib/dm-core/collection.rb:505:in each' 09:48:56 web.1 | /build/hashview/helpers/cracked_importer.rb:59:inblock in importCracked' 09:48:56 web.1 | /build/hashview/helpers/cracked_importer.rb:31:in each_line' 09:48:56 web.1 | /build/hashview/helpers/cracked_importer.rb:31:inimportCracked' 09:48:56 web.1 | /build/hashview/routes/api.rb:187:in block in <top (required)>' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:in block in compile!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in[]' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (3 levels) in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:994:inroute_eval' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in block (2 levels) in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1015:inblock in process_route' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:in catch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:inprocess_route' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:973:in block in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:ineach' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1085:inblock in dispatch!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in block in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:incatch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1082:indispatch!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in block in call!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:inblock in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in catch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:ininvoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:in call!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:895:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/session/abstract/id.rb:225:in context' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/session/abstract/id.rb:220:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/logger.rb:15:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/commonlogger.rb:33:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:219:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:212:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/head.rb:13:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/methodoverride.rb:22:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:182:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:2013:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in block in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1787:insynchronize' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/handler/webrick.rb:88:inservice' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:138:in service' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:94:inrun' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/server.rb:294:in block in start_thread' 09:48:56 web.1 | 127.0.0.1 - - [08/Dec/2017:09:48:56 -0600] "POST /v1/jobtask/57/crackfile/upload HTTP/1.1" 500 30 0.1875 09:48:56 web.1 | localhost - - [08/Dec/2017:09:48:56 CST] "POST /v1/jobtask/57/crackfile/upload HTTP/1.1" 500 30 09:48:56 web.1 | - -> /v1/jobtask/57/crackfile/upload 09:48:56 hashcat-worker.1 | 500 Internal Server Error 09:48:56 web.1 | 127.0.0.1 - - [08/Dec/2017:09:48:56 -0600] "POST /v1/jobtask/57/status HTTP/1.1" 200 - 0.0092 09:48:56 web.1 | localhost - - [08/Dec/2017:09:48:56 CST] "POST /v1/jobtask/57/status HTTP/1.1" 200 0 09:48:56 web.1 | - -> /v1/jobtask/57/status 09:48:56 web.1 | 2017-12-08 09:48:56 - NoMethodError - undefined methodstatus=' for nil:NilClass: 09:48:56 web.1 | /build/hashview/helpers/status.rb:45:in updateTaskqueueStatus' 09:48:56 web.1 | /build/hashview/routes/api.rb:80:inblock in <top (required)>' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1611:inblock in compile!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:in []' 09:48:56 background-worker.1 | resque-scheduler: [INFO] 2017-12-08T09:48:56-06:00: queueing TestJob (do_test_job) 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:inblock (3 levels) in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:994:in route_eval' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:975:inblock (2 levels) in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1015:in block in process_route' 09:48:56 background-worker.1 | resque-scheduler: [INFO] 2017-12-08T09:48:56-06:00: queueing WordlistImporter (do_wordlist_importer) 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:incatch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1013:in process_route' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:973:inblock in route!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:in each' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:972:inroute!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1085:in block in dispatch!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:inblock in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in catch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:ininvoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1082:in dispatch!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:inblock in call!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in block in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:incatch' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1067:in invoke' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:907:incall!' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:895:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/session/abstract/id.rb:225:incontext' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/session/abstract/id.rb:220:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/logger.rb:15:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/commonlogger.rb:33:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:219:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:212:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/head.rb:13:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/methodoverride.rb:22:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:182:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:2013:in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:inblock in call' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1787:in synchronize' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/sinatra-1.4.8/lib/sinatra/base.rb:1487:incall' 09:48:56 web.1 | /usr/local/rvm/gems/ruby-2.2.2/gems/rack-1.6.8/lib/rack/handler/webrick.rb:88:in service' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:138:inservice' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:94:in run' 09:48:56 web.1 | /usr/local/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/server.rb:294:inblock in start_thread' 09:48:56 web.1 | 127.0.0.1 - - [08/Dec/2017:09:48:56 -0600] "POST /v1/queue/20/status HTTP/1.1" 500 30 0.0036 09:48:56 web.1 | localhost - - [08/Dec/2017:09:48:56 CST] "POST /v1/queue/20/status HTTP/1.1" 500 30 09:48:56 web.1 | - -> /v1/queue/20/status 09:48:56 hashcat-worker.1 | 500 Internal Server Error`

i128 commented 6 years ago

Is the non UTF character part of the username?

i128 commented 6 years ago

Issue should be address in v0.7.4-beta

i128 commented 5 years ago

issue should now be resolved.