search

nesfit / fitcrack

A hashcat-based distributed password cracking system
https://fitcrack.fit.vutbr.cz/
Other
143 stars 30 forks source link

Cannot download PCFG file after it has been uploaded #73

Closed alpatron closed 1 year ago

alpatron commented 1 year ago

Hi, when I upload a PCFG ZIP file and then try to download it, the download fails with "An unhandled exception occurred." message. This doesn't seem to affect anything else: running a cracking test with the newly uploaded PCFG works fine. It seems that only downloading the file back is broken.

This behaviour does not occur when downloading the default PCFGs or PCFGs generated from dictionaries; only PCFGs uploaded directly through Webadmin exhibit this behaviour.

I can see that the code is trying to look for the path stored in the database.

https://github.com/nesfit/fitcrack/blob/5a2f48e47ac31748e85e6fa4235b6ffd304edcb2/webadmin/fitcrackAPI/src/src/api/fitcrack/endpoints/pcfg/pcfg.py#L55-L70

And in the database, the path is stored as the uploaded filename, including the .zip extension (see row 16).

+----+------------------------------------------+----------------------------------------------+------------------+---------------------+---------+
| id | name                                     | path                                         | keyspace         | time_added          | deleted |
+----+------------------------------------------+----------------------------------------------+------------------+---------------------+---------+
|  1 | john                                     | john.zip                                     |       1321431161 | 2019-08-30 12:14:53 |       0 |
|  2 | facebook-pastebay                        | facebook-pastebay.zip                        |              999 | 2019-08-30 12:15:08 |       0 |
|  3 | twitter-banned                           | twitter-banned.zip                           |             1096 | 2019-08-30 12:17:48 |       0 |
|  4 | adobe100                                 | adobe100                                     |              163 | 2023-03-21 17:26:27 |       1 |
|  5 | adobe100                                 | adobe100                                     |              163 | 2023-03-21 17:26:36 |       1 |
|  6 | adobe100                                 | adobe100                                     |              163 | 2023-03-21 17:27:09 |       1 |
|  7 | lmao                                     | lmao                                         |              163 | 2023-03-21 17:29:23 |       1 |
|  8 | lmao                                     | lmao                                         |              163 | 2023-03-21 17:30:27 |       1 |
|  9 | adobe100                                 | adobe100                                     |              163 | 2023-03-23 12:38:55 |       1 |
| 10 | adobe100-crlf                            | adobe100-crlf                                |              163 | 2023-03-23 12:39:03 |       1 |
| 11 | adobe100-crlf                            | adobe100-crlf                                |              163 | 2023-03-23 12:59:09 |       1 |
| 12 | bible                                    | bible                                        |            12570 | 2023-03-23 13:36:01 |       1 |
| 13 | yo_mamma                                 | yo_mamma.zip                                 |              999 | 2023-03-28 11:32:14 |       0 |
| 14 | fc_auto_test_pcfg_correct-20230328125309 | fc_auto_test_pcfg_correct-20230328125309.zip |              999 | 2023-03-28 12:53:51 |       0 |
| 15 | fc_auto_test_pcfg_correct-20230328125754 | fc_auto_test_pcfg_correct-20230328125754.zip |              999 | 2023-03-28 12:59:03 |       0 |
| 16 | fc_auto_test_pcfg_correct-20230328125934 | fc_auto_test_pcfg_correct-20230328125934.zip |              999 | 2023-03-28 13:00:12 |       0 |   <=== This is the newly added PCFG; the path has a .zip extension
| 17 | darkweb2017-top1000                      | darkweb2017-top1000                          | 2924855812155399 | 2023-03-28 14:50:59 |       0 |
+----+------------------------------------------+----------------------------------------------+------------------+---------------------+---------+

But in the /usr/share/collections/pcfg directory (the one the download enpoint refers to), the PCFG is stored as a directory, not a ZIP file.

alpatron@fitcrack:/usr/share/collections/pcfg$ ls -l
total 100
drwxr-xr-x 10 www-data www-data  4096 Mar 28 14:50 darkweb2017-top1000
drwxrwxrwx 10 www-data www-data  4096 Aug 30  2019 facebook-pastebay
-rwxrwxrwx  1 www-data www-data 12300 Aug 30  2019 facebook-pastebay.zip
drwxr-xr-x 10 www-data www-data  4096 Mar 28 12:53 fc_auto_test_pcfg_correct-20230328125309
drwxr-xr-x 10 www-data www-data  4096 Mar 28 12:59 fc_auto_test_pcfg_correct-20230328125754
drwxr-xr-x 10 www-data www-data  4096 Mar 28 13:00 fc_auto_test_pcfg_correct-20230328125934  <=== Uploaded PCFG is stored as directory
drwxr-xr-x 11 www-data www-data  4096 Mar 23 13:49 honeynet
drwxr-xr-x  2 www-data www-data  4096 Mar 28 12:46 image
drwxrwxrwx 10 www-data www-data  4096 Aug 30  2019 john
-rwxrwxrwx  1 www-data www-data 28695 Aug 30  2019 john.zip
drwxrwxrwx 10 www-data www-data  4096 Aug 30  2019 twitter-banned
-rwxrwxrwx  1 www-data www-data 11251 Aug 30  2019 twitter-banned.zip
drwxr-xr-x 10 www-data www-data  4096 Mar 28 11:32 yo_mamma

This mismatch causes the failure of the download endpoint. Curiously, as I said before, this does not affect cracking jobs; they work just fine even with the database–directory mismatch.

System details

Fitcrack dev build (f2a0232dd77ef7b4a0ff1fceb736b3d8f169a057) on Ubuntu 22.04.2

How to reproduce

  1. In Webadmin, go to Library -> PCFG
  2. Click "Add New"
  3. Upload a PCFG ZIP file
  4. Try to download the uploaded PCFG
  5. Get a blank site saying {"message": "An unhandled exception occurred."}

Error log

[Tue Mar 28 14:53:19.620925 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] An unhandled exception occurred.
[Tue Mar 28 14:53:19.621001 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] Traceback (most recent call last):
[Tue Mar 28 14:53:19.621020 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1516, in full_dispatch_request
[Tue Mar 28 14:53:19.621039 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     rv = self.dispatch_request()
[Tue Mar 28 14:53:19.621056 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1502, in dispatch_request
[Tue Mar 28 14:53:19.621075 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
[Tue Mar 28 14:53:19.621093 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask_restx/api.py", line 404, in wrapper
[Tue Mar 28 14:53:19.621112 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     resp = resource(*args, **kwargs)
[Tue Mar 28 14:53:19.621128 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 84, in view
[Tue Mar 28 14:53:19.621146 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return current_app.ensure_sync(self.dispatch_request)(*args, **kwargs)
[Tue Mar 28 14:53:19.621165 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask_restx/resource.py", line 46, in dispatch_request
[Tue Mar 28 14:53:19.621184 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     resp = meth(*args, **kwargs)
[Tue Mar 28 14:53:19.621200 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/var/www/html/fitcrackAPI/src/src/api/fitcrack/endpoints/pcfg/pcfg.py", line 66, in get
[Tue Mar 28 14:53:19.621219 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return send_file(path, attachment_filename=pcfg.path, as_attachment=True)
[Tue Mar 28 14:53:19.621238 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/helpers.py", line 612, in send_file
[Tue Mar 28 14:53:19.621257 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return werkzeug.utils.send_file(
[Tue Mar 28 14:53:19.621273 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/werkzeug/utils.py", line 701, in send_file
[Tue Mar 28 14:53:19.621324 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     stat = os.stat(path)
[Tue Mar 28 14:53:19.621342 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/collections/pcfg/fc_auto_test_pcfg_correct-20230328125934.zip'
[Tue Mar 28 14:53:19.622935 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] [2023-03-28 14:53:19,621] ERROR in app: Exception on /pcfg/16 [GET]
[Tue Mar 28 14:53:19.622984 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] Traceback (most recent call last):
[Tue Mar 28 14:53:19.623002 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1516, in full_dispatch_request
[Tue Mar 28 14:53:19.623021 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     rv = self.dispatch_request()
[Tue Mar 28 14:53:19.623037 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1502, in dispatch_request
[Tue Mar 28 14:53:19.623055 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
[Tue Mar 28 14:53:19.623073 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask_restx/api.py", line 404, in wrapper
[Tue Mar 28 14:53:19.623091 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     resp = resource(*args, **kwargs)
[Tue Mar 28 14:53:19.623107 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 84, in view
[Tue Mar 28 14:53:19.623125 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return current_app.ensure_sync(self.dispatch_request)(*args, **kwargs)
[Tue Mar 28 14:53:19.623143 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask_restx/resource.py", line 46, in dispatch_request
[Tue Mar 28 14:53:19.623161 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     resp = meth(*args, **kwargs)
[Tue Mar 28 14:53:19.623177 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/var/www/html/fitcrackAPI/src/src/api/fitcrack/endpoints/pcfg/pcfg.py", line 66, in get
[Tue Mar 28 14:53:19.623195 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return send_file(path, attachment_filename=pcfg.path, as_attachment=True)
[Tue Mar 28 14:53:19.623213 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/flask/helpers.py", line 612, in send_file
[Tue Mar 28 14:53:19.623231 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     return werkzeug.utils.send_file(
[Tue Mar 28 14:53:19.623247 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]   File "/usr/local/lib/python3.10/dist-packages/werkzeug/utils.py", line 701, in send_file
[Tue Mar 28 14:53:19.623265 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150]     stat = os.stat(path)
[Tue Mar 28 14:53:19.623281 2023] [wsgi:error] [pid 981] [remote 192.168.56.1:2150] FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/collections/pcfg/fc_auto_test_pcfg_correct-20230328125934.zip'
ihranicky commented 1 year ago

Fixed. ZIP is now created on-demand and grammars are no stored ZIPped on the server.