search

hashview / hashview

A web front-end for password cracking and analytics
https://www.hashview.io
GNU General Public License v3.0
360 stars 39 forks source link

receive error when run ./hashview.py #55

Open ghost opened 2 years ago

ghost commented 2 years ago

Hi, i do exactly from manual, how i can fix this problem?

OS: ubuntu 20.04

root@ubuntu:~/hashview# ./hashview.py
Traceback (most recent call last):
  File "./hashview.py", line 5, in <module>
    from hashview import create_app
  File "/root/hashview/hashview/__init__.py", line 6, in <module>
    from hashview.config import Config
  File "/root/hashview/hashview/config.py", line 5, in <module>
    class Config:
  File "/root/hashview/hashview/config.py", line 8, in Config
    SQLALCHEMY_DATABASE_URI = 'mysql+mysqlconnector://' + file_config['database']['username'] + ':' + file_config['database']['password'] + '@' + file_config['database']['host'] + '/hashview'
  File "/usr/lib/python3.8/configparser.py", line 1255, in __getitem__
    return self._parser.get(self._name, key)
  File "/usr/lib/python3.8/configparser.py", line 799, in get
    return self._interpolation.before_get(self, section, option, value,
  File "/usr/lib/python3.8/configparser.py", line 395, in before_get
    self._interpolate_some(parser, option, L, value, section, defaults, 1)
  File "/usr/lib/python3.8/configparser.py", line 442, in _interpolate_some
    raise InterpolationSyntaxError(
configparser.InterpolationSyntaxError: '%' must be followed by '%' or '(', found: '%'
ghost commented 2 years ago

Also before to receive this error i received another error:

root@ubuntu:~/hashview# ./hashview.py
Traceback (most recent call last):
File "./hashview.py", line 5, in <module>
from hashview import create_app
File "/root/hashview/hashview/__init__.py", line 2, in <module>
from flask import Flask
File "/usr/lib/python3/dist-packages/flask/__init__.py", line 21, in <module>
from .app import Flask
File "/usr/lib/python3/dist-packages/flask/app.py", line 32, in <module>
from werkzeug.wrappers import BaseResponse
ImportError: cannot import name 'BaseResponse' from 'werkzeug.wrappers' (/usr/local/lib/python3.8/dist-packages/werkzeug/wrappers/__init__.py)

To fix it, need to install pip3 install werkzeug==2.0.3

i128 commented 2 years ago

Thanks for the feedback regarding werkeug.

Regarding the first error: 1) did you fill out the hashview/database.conf file? 2) if so, does your password for your database contain a ' character? or perhaps a / caracter?

ghost commented 2 years ago 
mysql
CREATE USER 'hashview'@'localhost' IDENTIFIED BY '58zwFhWe9Qyk_P*Q$kZ%';
GRANT ALL PRIVILEGES ON hashview.* TO 'hashview'@'localhost';
FLUSH PRIVILEGES;
create database hashview;
exit
i128 commented 2 years ago

I think the issue is the use of the use of the % in your mysql password. Config parser is attempting to parse that as a potential variable and not a static value.

ghost commented 2 years ago

yes, you allright, problem was in password, but i have another error:

root@ubuntu:~/hashview# ./hashview.py --debug
/usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning.
 warnings.warn(FSADeprecationWarning(
Please make sure that your dependencies are up to date (including replacing Flask-Bcrypt with Bcrypt-Flask).
root@ubuntu:~/hashview#
i128 commented 2 years ago

IIRC to fix this one you need to force upgrade flask-bcrypt. Try pip3 install flask-bcrypt --upgrade

@Yoshi325 https://github.com/hashview/hashview/blob/main/hashview.py#L46 This is checking for version of flask_bcrypt, but then suggests bcrypt-flask. is this correct?

ghost commented 2 years ago

Hi, thanks for quick answer, i had another error on end of install (after upgrade flask-bcrypt)

Provisioning account in database.
Enter how long data should be retained in DB in days. (note: cracked hashes->plaintext will be be safe from retention culling): 90
Setting up dynamic wordlist.
Setting up static wordlist rockyou.
Setting up best64.rules
Setting up default tasks.
Traceback (most recent call last):
 File "./hashview.py", line 189, in <module>
   if version.parse(settings.version) < version.parse(hashview_version):
AttributeError: 'str' object has no attribute 'parse'
root@ubuntu:~/hashview#
i128 commented 2 years ago

I think i know whats going on. Can you first verify or try again by running

export FLASK_APP=./hashview.py; flask db upgrade and then (again) try ./hashview.py

I'm not positive it'll fix the issue. But it might. Either way let me know.

ghost commented 2 years ago 
root@ubuntu:~/hashview# export FLASK_APP=./hashview.py; flask db upgrade
/usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning.
 warnings.warn(FSADeprecationWarning(
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
root@ubuntu:~/hashview# ./hashview.py --debug
/usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning.
 warnings.warn(FSADeprecationWarning(
Done! Running Hashview! Enjoy.
* Serving Flask app "hashview" (lazy loading)
* Environment: production
  WARNING: This is a development server. Do not use it in a production deployment.
  Use a production WSGI server instead.
* Debug mode: on
* Running on all addresses.
  WARNING: This is a development server. Do not use it in a production deployment.
* Running on https://192.168.1.174:8443/ (Press CTRL+C to quit)
* Restarting with stat
/usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning.
 warnings.warn(FSADeprecationWarning(
Done! Running Hashview! Enjoy.
* Debugger is active!
* Debugger PIN: 126-396-455

wich emal and password i need to use?

i128 commented 2 years ago

You use the username (email address) and password that you entered during the initial setup.

If you forgot it (and setup email) you can click forgot password or enter the database and view the username under the users table.

On Fri, Apr 15, 2022, 3:53 PM connected201 @.***> wrote:

@.:~/hashview# export FLASK_APP=./hashview.py; flask db upgrade /usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/init.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning. warnings.warn(FSADeprecationWarning( INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. @.:~/hashview# ./hashview.py --debug /usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/init.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning. warnings.warn(FSADeprecationWarning( Done! Running Hashview! Enjoy.

  • Serving Flask app "hashview" (lazy loading)
  • Environment: production WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
  • Debug mode: on
  • Running on all addresses. WARNING: This is a development server. Do not use it in a production deployment.
  • Running on https://192.168.1.174:8443/ (Press CTRL+C to quit)
  • Restarting with stat /usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/init.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning. warnings.warn(FSADeprecationWarning( Done! Running Hashview! Enjoy.
  • Debugger is active!
  • Debugger PIN: 126-396-455

https://user-images.githubusercontent.com/20506433/163630868-5e96d4bd-9617-4082-afc8-ab5dfb2e009d.png

wich emal and password i need to use?

— Reply to this email directly, view it on GitHub https://github.com/hashview/hashview/issues/55#issuecomment-1100389490, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASOD24V4HPPIO3D4GQ5253VFHJMXANCNFSM5TOVDVEA . You are receiving this because you commented.Message ID: @.***>

ghost commented 2 years ago

yes, i found email and password, but after creating task and running, i had another error:

Agent:

Time.Started.....: Sat Apr 16 03:02:09 2022 (0 secs)
Time.Estimated...: Sat Apr 16 03:02:09 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (control/wordlists/dynamic-all.txt)
Guess.Mod........: Rules (control/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:250 Thr:1024 Vec:1
Recovered........: 0/2419 (0.00%) Digests, 0/2419 (0.00%) Salts
Remaining........: 2419 (100.00%) Digests, 2419 (100.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-250
Candidate.Engine.: Device Generator
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 41c Fan:  0% Util: 56% Core:1961MHz Mem:3802MHz Bus:16
Started: Sat Apr 16 03:02:07 2022
Stopped: Sat Apr 16 03:02:11 2022
[*] No Results. Skipping upload.
[*] Done working
[*] No Results. Skipping upload.
[!] HTTP POST (response): Got an unexpected return code:500
Traceback (most recent call last):
File "./hashview-agent.py", line 467, in <module>
updateJobTaskResponse = updateJobTask(job_task['id'], 'Completed')
File "./hashview-agent.py", line 361, in updateJobTask
return api.updateJobTask(job_task_id, task_status)
File "/home/shinobi/hashview_agent/agent/api/api.py", line 122, in updateJobTask
decoded_response = json.loads(response)
File "/usr/lib/python3.8/json/__init__.py", line 341, in loads
raise TypeError(f'the JSON object must be str, bytes or bytearray, '
TypeError: the JSON object must be str, bytes or bytearray, not NoneType
root@home-pc:/home/shinobi/hashview_agent#
 

Server:

root@ubuntu:~/hashview# ./hashview.py
/usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning.
warnings.warn(FSADeprecationWarning(
Done! Running Hashview! Enjoy.
* Serving Flask app "hashview" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
[DEBUG] Im retaining all the data: 2022-04-16 07:00:00.000944
[DEBUG] hashview.py->data_retention_cleanup() ff46ac1d564d1813
[DEBUG] hashview.py->data_retention_cleanup() hashview-agent.0.8.0.tgz
[DEBUG] hashview.py->data_retention_cleanup() .gitignore
Found Git Ignore!
[DEBUG] ==============
/root/hashview/hashview/utils/utils.py:193: SAWarning: fully NULL primary key identity cannot load any object.  This condition may raise an error in a future release.
rules_file = Rules.query.get(task.rule_id)
/root/hashview/hashview/utils/utils.py:242: SAWarning: fully NULL primary key identity cannot load any object.  This condition may raise an error in a future release.
agent = Agents.query.get(jobtask.agent_id)
[2022-04-16 07:02:22,314] ERROR in app: Exception on /v1/jobtask/status [POST]
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/root/hashview/hashview/api/routes.py", line 427, in v1_api_set_queue_jobtask_status
if (update_job_task_status(jobtask_id = status_json['job_task_id'], status = status_json['task_status'])):
File "/root/hashview/hashview/utils/utils.py", line 294, in update_job_task_status
send_email(user, 'Hashview: Missing Pushover Key', 'Hello, you were due to recieve a pushover notification, but because your account was not provisioned with an pushover ID and Key, one could not be set. Please log into hashview and set these options under Manage->Profile.')
File "/root/hashview/hashview/utils/utils.py", line 47, in send_email
mail.send(msg)
File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 491, in send
with self.connect() as connection:
File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 144, in __enter__
self.host = self.configure_host()
File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 158, in configure_host
host = smtplib.SMTP(self.mail.server, self.mail.port)
File "/usr/lib/python3.8/smtplib.py", line 255, in __init__
(code, msg) = self.connect(host, port)
File "/usr/lib/python3.8/smtplib.py", line 339, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/usr/lib/python3.8/smtplib.py", line 310, in _get_socket
return socket.create_connection((host, port), timeout,
File "/usr/lib/python3.8/socket.py", line 808, in create_connection
raise err
File "/usr/lib/python3.8/socket.py", line 796, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
 

Task stopped with succesfully status, but in reality bruteforce not running! task duration: ~1 sec.

ghost commented 2 years ago

ghost commented 2 years ago 
root@home-pc:/home/shinobi/hashview_agent# python3 ./hashview-agent.py
[*] Sleeping
[*] Sleeping
[*] Sleeping
Syncing local rules with server.
Done Syncing Rules.
Syncing local wordlists with server.
Done Syncing Wordlists.
[*] We've been assigned Task Id: 1
[*] Task is using a dynamic wordlist. Initiating update
[*] Update Complete
/home/shinobi/hashview_agent/hashcat/hashcat.bin -O -w 3  --session df417c98 -m 500 --potfile-disables-timer=15 --outfile-format 1,3 --outfile control/outfiles/hc_cracked_1_1.txt control/hashes/hashfilewordlists/dynamic-all.txt | tee control/outfiles/hcoutput_1_1.txt
hashcat (v6.2.5) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.6)
====================
* Device #1: NVIDIA GeForce GTX 1060 3GB, 2836/3018 MB, 9MCU
OpenCL API (OpenCL 3.0 CUDA 11.6.110) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1060 3GB, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 15
Hashes: 2760 digests; 2419 unique digests, 2419 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 842 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: df417c98
Status...........: Exhausted
Hash.Mode........: 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5))
Hash.Target......: control/hashes/hashfile_1_1.txt
Time.Started.....: Sat Apr 16 03:09:10 2022 (0 secs)
Time.Estimated...: Sat Apr 16 03:09:10 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (control/wordlists/dynamic-all.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:250 Thr:1024 Vec:1
Recovered........: 0/2419 (0.00%) Digests, 0/2419 (0.00%) Salts
Remaining........: 2419 (100.00%) Digests, 2419 (100.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-250
Candidate.Engine.: Device Generator
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 45c Fan:  0% Util: 70% Core:1949MHz Mem:3802MHz Bus:16
Started: Sat Apr 16 03:09:07 2022
Stopped: Sat Apr 16 03:09:11 2022
[*] No Results. Skipping upload.
[*] Done working
[*] No Results. Skipping upload.
[*] Task Successfully Set to Completed
[*] Sleeping
Syncing local rules with server.
Done Syncing Rules.
Syncing local wordlists with server.
Done Syncing Wordlists.
[*] We've been assigned Task Id: 2
[*] Task is using a dynamic wordlist. Initiating update
[*] Update Complete
/home/shinobi/hashview_agent/hashcat/hashcat.bin -O -w 3  --session 7ae54174 -m 500 --potfile-disables-timer=15 --outfile-format 1,3 --outfile control/outfiles/hc_cracked_1_2.txt  -r control/rules/best6shes/hashfile_1_2.txt control/wordlists/dynamic-all.txt | tee control/outfiles/hcoutput_1_2.txt
hashcat (v6.2.5) starting
* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
CUDA API (CUDA 11.6)
====================
* Device #1: NVIDIA GeForce GTX 1060 3GB, 2836/3018 MB, 9MCU
OpenCL API (OpenCL 3.0 CUDA 11.6.110) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce GTX 1060 3GB, skipped
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 15
Hashes: 2760 digests; 2419 unique digests, 2419 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Optimizers applied:
* Optimized-Kernel
* Zero-Byte
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 842 MB
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Session..........: 7ae54174
Status...........: Exhausted
Hash.Mode........: 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5))
Hash.Target......: control/hashes/hashfile_1_2.txt
Time.Started.....: Sat Apr 16 03:09:35 2022 (0 secs)
Time.Estimated...: Sat Apr 16 03:09:35 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Base.......: File (control/wordlists/dynamic-all.txt)
Guess.Mod........: Rules (control/rules/best64.rule)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:64 Loops:500 Thr:1024 Vec:1
Recovered........: 0/2419 (0.00%) Digests, 0/2419 (0.00%) Salts
Remaining........: 2419 (100.00%) Digests, 2419 (100.00%) Salts
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-500
Candidate.Engine.: Device Generator
Candidates.#1....: [Copying]
Hardware.Mon.#1..: Temp: 47c Fan:  0% Util: 59% Core:1949MHz Mem:3802MHz Bus:16
Started: Sat Apr 16 03:09:33 2022
Stopped: Sat Apr 16 03:09:36 2022
[*] No Results. Skipping upload.
[*] Done working
[*] No Results. Skipping upload.
[!] HTTP POST (response): Got an unexpected return code:500
Traceback (most recent call last):
 File "./hashview-agent.py", line 467, in <module>
   updateJobTaskResponse = updateJobTask(job_task['id'], 'Completed')
 File "./hashview-agent.py", line 361, in updateJobTask
   return api.updateJobTask(job_task_id, task_status)
 File "/home/shinobi/hashview_agent/agent/api/api.py", line 122, in updateJobTask
   decoded_response = json.loads(response)
 File "/usr/lib/python3.8/json/__init__.py", line 341, in loads
   raise TypeError(f'the JSON object must be str, bytes or bytearray, '
TypeError: the JSON object must be str, bytes or bytearray, not NoneType
root@home-pc:/home/shinobi/hashview_agent# ls
agent  control  hashcat  hashview-agent.py  requirements.txt  VERSION.TXT
root@home-pc:/home/shinobi/hashview_agent# cd hashcat/
root@home-pc:/home/shinobi/hashview_agent/hashcat# ./hashcat.bin -O -w 3  --session 7ae54174 -m 500 ---status --status-timer=15 --outfile-format 1,3 --outfile control/outfiles/hc_cracked_1_2.txt  -r con.rule control/hashes/hashfile_1_2.txt control/wordlists/dynamic-all.txt | tee control/outfiles/hcoutp
tee: control/outfiles/hcoutput_1_2.txt: No such file or directory
hashcat (v6.2.5) starting
control/wordlists/dynamic-all.txt: No such file or directory
Started: Sat Apr 16 03:10:29 2022
i128 commented 2 years ago

yes, i found email and password, but after creating task and running, i had another error:

Agent:

Time.Started.....: Sat Apr 16 03:02:09 2022 (0 secs) Time.Estimated...: Sat Apr 16 03:02:09 2022 (0 secs) Kernel.Feature...: Optimized Kernel Guess.Base.......: File (control/wordlists/dynamic-all.txt) Guess.Mod........: Rules (control/rules/best64.rule) Guess.Queue......: 1/1 (100.00%) Speed.#1.........:        0 H/s (0.00ms) @ Accel:128 Loops:250 Thr:1024 Vec:1 Recovered........: 0/2419 (0.00%) Digests, 0/2419 (0.00%) Salts Remaining........: 2419 (100.00%) Digests, 2419 (100.00%) Salts Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day) Progress.........: 0 Rejected.........: 0 Restore.Point....: 0 Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-250 Candidate.Engine.: Device Generator Candidates.#1....: [Copying] Hardware.Mon.#1..: Temp: 41c Fan:  0% Util: 56% Core:1961MHz Mem:3802MHz Bus:16 Started: Sat Apr 16 03:02:07 2022 Stopped: Sat Apr 16 03:02:11 2022 [*] No Results. Skipping upload. [*] Done working [*] No Results. Skipping upload. [!] HTTP POST (response): Got an unexpected return code:500 Traceback (most recent call last): File "./hashview-agent.py", line 467, in <module> updateJobTaskResponse = updateJobTask(job_task['id'], 'Completed') File "./hashview-agent.py", line 361, in updateJobTask return api.updateJobTask(job_task_id, task_status) File "/home/shinobi/hashview_agent/agent/api/api.py", line 122, in updateJobTask decoded_response = json.loads(response) File "/usr/lib/python3.8/json/__init__.py", line 341, in loads raise TypeError(f'the JSON object must be str, bytes or bytearray, ' TypeError: the JSON object must be str, bytes or bytearray, not NoneType root@home-pc:/home/shinobi/hashview_agent#  

Server:

root@ubuntu:~/hashview# ./hashview.py /usr/local/lib/python3.8/dist-packages/flask_sqlalchemy/__init__.py:872: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future.  Set it to True or False to suppress this warning. warnings.warn(FSADeprecationWarning( Done! Running Hashview! Enjoy. * Serving Flask app "hashview" (lazy loading) * Environment: production WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Debug mode: off [DEBUG] Im retaining all the data: 2022-04-16 07:00:00.000944 [DEBUG] hashview.py->data_retention_cleanup() ff46ac1d564d1813 [DEBUG] hashview.py->data_retention_cleanup() hashview-agent.0.8.0.tgz [DEBUG] hashview.py->data_retention_cleanup() .gitignore Found Git Ignore! [DEBUG] ============== /root/hashview/hashview/utils/utils.py:193: SAWarning: fully NULL primary key identity cannot load any object.  This condition may raise an error in a future release. rules_file = Rules.query.get(task.rule_id) /root/hashview/hashview/utils/utils.py:242: SAWarning: fully NULL primary key identity cannot load any object.  This condition may raise an error in a future release. agent = Agents.query.get(jobtask.agent_id) [2022-04-16 07:02:22,314] ERROR in app: Exception on /v1/jobtask/status [POST] Traceback (most recent call last): File "/usr/lib/python3/dist-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/lib/python3/dist-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/lib/python3/dist-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/lib/python3/dist-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/lib/python3/dist-packages/flask/app.py", line 1935, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/root/hashview/hashview/api/routes.py", line 427, in v1_api_set_queue_jobtask_status if (update_job_task_status(jobtask_id = status_json['job_task_id'], status = status_json['task_status'])): File "/root/hashview/hashview/utils/utils.py", line 294, in update_job_task_status send_email(user, 'Hashview: Missing Pushover Key', 'Hello, you were due to recieve a pushover notification, but because your account was not provisioned with an pushover ID and Key, one could not be set. Please log into hashview and set these options under Manage->Profile.') File "/root/hashview/hashview/utils/utils.py", line 47, in send_email mail.send(msg) File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 491, in send with self.connect() as connection: File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 144, in __enter__ self.host = self.configure_host() File "/usr/local/lib/python3.8/dist-packages/flask_mail.py", line 158, in configure_host host = smtplib.SMTP(self.mail.server, self.mail.port) File "/usr/lib/python3.8/smtplib.py", line 255, in __init__ (code, msg) = self.connect(host, port) File "/usr/lib/python3.8/smtplib.py", line 339, in connect self.sock = self._get_socket(host, port, self.timeout) File "/usr/lib/python3.8/smtplib.py", line 310, in _get_socket return socket.create_connection((host, port), timeout, File "/usr/lib/python3.8/socket.py", line 808, in create_connection raise err File "/usr/lib/python3.8/socket.py", line 796, in create_connection sock.connect(sa) ConnectionRefusedError: [Errno 111] Connection refused  

Task stopped with succesfully status, but in reality bruteforce not running! task duration: ~1 sec.

So for this issue here. It looks like the mail server can not be reached by the hashview server. As a result the operation to send a notification to you that the job completed failed to send. And that error message was not liked by the agent. I think two different issues can be drawn from this 1) a button to test email 2) better error handling on the agent

Yoshi325 commented 1 year ago

IIRC to fix this one you need to force upgrade flask-bcrypt. Try pip3 install flask-bcrypt --upgrade

@Yoshi325 https://github.com/hashview/hashview/blob/main/hashview.py#L46 This is checking for version of flask_bcrypt, but then suggests bcrypt-flask. is this correct?

Yes, this is correct. flask_bcrypt aka Flask-Bcrypt didn't support the werkzeug beyond 2.1ish (https://github.com/maxcountryman/flask-bcrypt/issues/87), and versions beyond that have security fixes. Development had stalled on it, so I choose to switch to a fork (bcrypt-flask) that provided support. Development has since picked back up, so we might consider switching back to it in the future. But for now the check is as intended.