search

hashview / hashview-old

A web front-end for password cracking and analytics
http://www.hashview.io
GNU General Public License v3.0
622 stars 133 forks source link

Error 500 when adding a job #453

Open antonovfr opened 5 years ago

antonovfr commented 5 years ago

Hi, I spent a lot of time trying to figure this out but for some reason I cannot. I get an error 500 message when starting a job: 16:17:09 web.1 | 2018-11-19 16:17:09 - NoMethodError - undefined method hash_id' for nil:NilClass: 16:17:09 web.1 | /home/apuser/repos/hashview/helpers/build_crack_cmd.rb:20:inbuildCrackCmd' 16:17:09 web.1 | /home/apuser/repos/hashview/routes/jobs.rb:405:in block (2 levels) in <top (required)>' 16:17:09 web.1 | /home/apuser/repos/hashview/routes/jobs.rb:391:ineach' 16:17:09 web.1 | /home/apuser/repos/hashview/routes/jobs.rb:391:in block in <top (required)>' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1611:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1611:in block in compile!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:975:in[]' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:975:in block (3 levels) in route!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:994:inroute_eval' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:975:in block (2 levels) in route!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1015:inblock in process_route' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1013:in catch' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1013:inprocess_route' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:973:in block in route!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:972:ineach' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:972:in route!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1085:inblock in dispatch!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:in block in invoke' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:incatch' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:in invoke' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1082:indispatch!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:907:in block in call!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:inblock in invoke' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:in catch' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1067:ininvoke' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:907:in call!' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:895:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/session/abstract/id.rb:225:in context' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/session/abstract/id.rb:220:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/logger.rb:15:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/commonlogger.rb:33:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:219:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:212:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/head.rb:13:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/methodoverride.rb:22:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:182:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:2013:incall' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1487:in block in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1787:insynchronize' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/sinatra-1.4.7/lib/sinatra/base.rb:1487:in call' 16:17:09 web.1 | /home/apuser/.rvm/gems/ruby-2.2.2/gems/rack-1.6.5/lib/rack/handler/webrick.rb:88:inservice' 16:17:09 web.1 | /usr/share/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:138:in service' 16:17:09 web.1 | /usr/share/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/httpserver.rb:94:inrun' 16:17:09 web.1 | /usr/share/rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/webrick/server.rb:294:in `block in start_thread' 16:17:09 web.1 | 10.0.1.122 - - [19/Nov/2018:16:17:09 +0100] "GET /jobs/start/2 HTTP/1.1" 500 30 0.0050 16:17:09 web.1 | 10.0.1.122 - - [19/Nov/2018:16:17:09 CET] "GET /jobs/start/2 HTTP/1.1" 500 30

I am running hashcat 5.0 (should not be an issue) and ubuntu 16.04.5.

i128 commented 5 years ago

What is the hashtype for the hashfile or hashes you uploaded?

antonovfr commented 5 years ago

I added a single ntlm hash, and specified NTLM

i128 commented 5 years ago

If you dont have too many hashes, try going into the hashview db and see if its listed.

mysql -u root -p use hashview; select * from hashes;

It should be the last or near last entry, with an id, original hash, hashtype, and cracked value. Also, did you copy/paste the hash into hashview, or did you upload it from a file?

antonovfr commented 5 years ago

I will check tomorrow for the database, but I copy pasted the hash. Thanks for the prompt response.

i128 commented 5 years ago

Did you copy the hash as a 32 char alphanumeric string, or did it contain other things like usernames, etc?

antonovfr commented 5 years ago

Just the 32 char. I tried directly with hashcat and it worked.

On Mon 19 Nov 2018 at 17:37, i128 notifications@github.com wrote:

Did you copy the hash as a 32 char alphanumeric string, or did it contain other things like usernames, etc?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/hashview/hashview/issues/453#issuecomment-439957449, or mute the thread https://github.com/notifications/unsubscribe-auth/AHOuqW3Z3Hru_mm1w6WHU-3BRltY1Re-ks5uwt4vgaJpZM4YpUeB .

antonovfr commented 5 years ago

Hey, so today I have more time to test. I checked in the database and the hash table is indeed empty. To reproduce, I installed the software, create a new job, customer acme corp, I name the hash as test, I generate the hash from a ntlm hash generator, and copy past it in the box. Then it prompt me for the file type, as I don't have any, I keep it on - select -, then confirm. It then propose me a list of hash types, and I select NTLM. Then I get the Local Check page. Finally on the Assign Tasks to Job page, I add a task lower alpha 7 char and click done. If I look at the DB at this point, the hash is not there. And so when I run the job, error 500

antonovfr commented 5 years ago

I also just tried to add the hash in a file and upload it but still no result.

antonovfr commented 5 years ago

By adding a hash which looks like it was taken from a pwddump, it works. The hash format is: Administrator:500:611D6F6E763B902934544489FCC9192B:B71ED1E7F2B60ED5A2EDD28379D45C91::: (found it on the internet, not mine) and this time it is in the database. However now, the agent does not get detected, even though I have log like this when starting the server

10:41:40 redis.1 | started with pid 17818 10:41:40 mgmt-worker.1 | started with pid 17819 10:41:40 hashcat-worker.1 | started with pid 17821 10:41:40 background-worker.1 | started with pid 17825 10:41:40 web.1 | started with pid 17827 [...] 10:41:42 hashcat-worker.1 | agent has 0 CPUs 10:41:42 hashcat-worker.1 | agent has 2 GPUs 10:41:51 hashcat-worker.1 | agent max cracking speed (single NTLM hash): 10:41:51 hashcat-worker.1 |
10:41:51 hashcat-worker.1 | {"cpu_count"=>0, "gpu_count"=>2, "benchmark"=>""}

When I go to manage agents, I get 0 agents, 0 GPUs

i128 commented 5 years ago

Hey, so today I have more time to test. I checked in the database and the hash table is indeed empty. To reproduce, I installed the software, create a new job, customer acme corp, I name the hash as test, I generate the hash from a ntlm hash generator, and copy past it in the box. Then it prompt me for the file type, as I don't have any, I keep it on - select -,

There's the problem, if you copied and paste in the following

Administrator:500:611D6F6E763B902934544489FCC9192B:B71ED1E7F2B60ED5A2EDD28379D45C91:::

The the file type is pwdump, not - select -

(note to self: we should submit an error if -select- option is chosen)

antonovfr commented 5 years ago

Hi,

Just tried today with the pwdump option selected. I do not get an error 500 however, hashcat is never ran and the task stays queued.

ccammilleri commented 5 years ago

does hashcat work via command line without hashview? I ask b/c you'll experience a forever queued job and i also see this in your above output:

{"cpu_count"=>0, "gpu_count"=>2, "benchmark"=>""}

benchmark shouldn't be empty. you should have a value. you can test with:

hashcat64.bin -m 1000 -b

antonovfr commented 5 years ago

Yeah then the issue is from there. However hashcat works from the command line :/ so I am not sure what the issue is.

On Wed 12 Dec 2018 at 17:27, ccammilleri notifications@github.com wrote:

does hashcat work via command line without hashview? I ask b/c you'll experience a forever queued job and i also see this in your above output:

{"cpu_count"=>0, "gpu_count"=>2, "benchmark"=>""}

benchmark shouldn't be empty. you should have a value. you can test with:

hashcat64.bin -m 1000 -b

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/hashview/hashview/issues/453#issuecomment-446650633, or mute the thread https://github.com/notifications/unsubscribe-auth/AHOuqZXz_9X1Azhc6CnmTonk1A-D5yBWks5u4S6IgaJpZM4YpUeB .

jjmoody commented 5 years ago

does hashcat work via command line without hashview? I ask b/c you'll experience a forever queued job and i also see this in your above output:

{"cpu_count"=>0, "gpu_count"=>2, "benchmark"=>""}

benchmark shouldn't be empty. you should have a value. you can test with:

hashcat64.bin -m 1000 -b

How can I add a value to benchmark manually if hashview is starting without a value?