hegusung / webhashcat Goto Github PK
View Code? Open in Web Editor NEWHashcat web interface
License: MIT License
Hashcat web interface
License: MIT License
I think it would be comfortable to run nodes and web server in docker. Any plans on it?
spends hours trying to figure it out how to make the node connect to the interface without any luck, keep getting this:
idx | 0 |
---|---|
s | 'Unauthorized Access' |
self | <json.decoder.JSONDecoder object at 0x7f4c578d2c10> |
also cannot connect to server unless if specify the ip, ex: ./manage.py runserver 0.0.0.0:8000
node is running:
โ hashcatnode.service - HashcatNode
Loaded: loaded (/etc/systemd/system/hashcatnode.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-12-14 12:52:43 CST; 35min ago
Main PID: 657 (python3)
Tasks: 1 (limit: 28072)
Memory: 27.0M
CGroup: /system.slice/hashcatnode.service
As a pentester I would like to create a new session using custom mask attacks without uploading a file, because I usually run something like "$company$20?d?d". In order to implement this enhancement I detected the following tasks:
Thanks for this software
One may want to select a word list he likes, (e.g. rockyou.txt) and then happend to it (maybe at the beginning) specific words (e.g if I am cracking github's passwords I may want to add "Github" to my word list), creating thus a unique word list which would be used only for this run.
The input of new words should be quick and easy to do for the user.
It looks like its having an issue with the Nvidia CUDA drivers
[ 2/16] RUN apt-get update && apt-get install -y python3 python3-pip:
#0 0.718 Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
#0 0.718 Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
#0 0.769 Get:3 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 InRelease [1581 B]
#0 0.807 Get:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
#0 0.835 Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
#0 0.905 Ign:6 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64 InRelease
#0 0.912 Err:3 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 InRelease
#0 0.912 The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A4B469963BF863CC
#0 0.923 Hit:7 https://developer.download.nvidia.com/compute/machine-learning/repos/ubuntu1804/x86_64 Release
#0 1.035 Get:8 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [29.8 kB]
#0 1.073 Get:9 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [2284 kB]
#0 1.416 Get:11 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [957 kB]
#0 1.968 Get:12 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [3231 kB]
#0 2.856 Get:13 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [2798 kB]
#0 3.292 Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [991 kB]
#0 3.727 Get:15 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [12.2 kB]
#0 3.732 Get:16 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [12.9 kB]
#0 6.752 Get:17 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1512 kB]
#0 8.824 Get:18 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [22.8 kB]
#0 9.036 Reading package lists...
#0 11.03 W: GPG error: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A4B469963BF863CC
#0 11.03 E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 InRelease' is no longer signed.
failed to solve: executor failed running [/bin/sh -c apt-get update && apt-get install -y python3 python3-pip]: exit code: 100
This is a weird one: when I try adding my local hashcatnode, it will successfully enumerate the hash types and reflect this in the front end, but rules, masks and wordlists are empty.
Adding debugging print statements to hashcatnode show that it is passing it to webhashcat in the JSON, but they remain empty when I try to add a cracking job or view the node.
When adding Hashes from the Website, they appear to be empty on the website, however they are present when navigating to their location:
WebHashcat File Information
administrator@ubuntu:/opt/WebHashcat/Files/Hashfiles$ ls -l
total 16
-rw-rw-r-- 1 administrator administrator 34 Jul 31 04:10 1BZ1TJ5QKN7Q.hashfile
-rw-rw-r-- 1 administrator administrator 34 Jul 31 04:11 8A9LK9826H87.hashfile
-rw-rw-r-- 1 administrator administrator 34 Jul 31 04:01 BEG6N6EIVZYN.hashfile
-rw-rw-r-- 1 administrator administrator 34 Jul 31 04:04 RQ0LO8MP605Y.hashfile
administrator@ubuntu:/opt/WebHashcat/Files/Hashfiles$ cat 1BZ1TJ5QKN7Q.hashfile
$1$vSS8.S0u$55m92Mb5gUOzasbOYWDyX/
Database Output
mysql> SELECT * FROM Hashcat_hashfile
-> ;
+----+-------+-----------------------+-----------+------------+---------------+-------------------+
| id | name | hashfile | hash_type | line_count | cracked_count | username_included |
+----+-------+-----------------------+-----------+------------+---------------+-------------------+
| 1 | tarot | BEG6N6EIVZYN.hashfile | 500 | 0 | 0 | 0 |
| 2 | tarot | RQ0LO8MP605Y.hashfile | 500 | 0 | 0 | 0 |
| 3 | tarot | 1BZ1TJ5QKN7Q.hashfile | 500 | 0 | 0 | 0 |
| 4 | tarot | 8A9LK9826H87.hashfile | 500 | 0 | 0 | 0 |
+----+-------+-----------------------+-----------+------------+---------------+-------------------+
4 rows in set (0.00 sec)
When I import/synchronise a node, the available hashes are not imported. So when I go to upload a file, the only hash is 'plaintext'.
When uploading a hash file (plaintext) and then starting a crack, I get the following message (to be expected, I think):
Error! Inexistant hash mode, did you upgraded hashcat ?
When I click on the 'nodes' tab, I can see all the hash types supported, nothing exciting there.
When running on docker-compose, the celery breaks with a import error from django. The requirements.txt
does not have a version specified, which is prone to breakage. That import was deprecated in Django 3 and removed in django 4.
web_1 | Traceback (most recent call last):
web_1 | File "manage.py", line 10, in <module>
web_1 | execute_from_command_line(sys.argv)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/__init__.py", line 446, in execute_from_command_line
web_1 | utility.execute()
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/__init__.py", line 440, in execute
web_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/base.py", line 414, in run_from_argv
web_1 | self.execute(*args, **cmd_options)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/base.py", line 460, in execute
web_1 | output = self.handle(*args, **options)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/base.py", line 98, in wrapped
web_1 | res = handle_func(*args, **kwargs)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/commands/migrate.py", line 91, in handle
web_1 | self.check(databases=[database])
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/management/base.py", line 487, in check
web_1 | all_issues = checks.run_checks(
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/checks/registry.py", line 88, in run_checks
web_1 | new_errors = check(app_configs=app_configs, databases=databases)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/checks/urls.py", line 14, in check_url_config
web_1 | return check_resolver(resolver)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/core/checks/urls.py", line 24, in check_resolver
web_1 | return check_method()
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/urls/resolvers.py", line 480, in check
web_1 | for pattern in self.url_patterns:
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/utils/functional.py", line 49, in __get__
web_1 | res = instance.__dict__[self.name] = self.func(instance)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/urls/resolvers.py", line 696, in url_patterns
web_1 | patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/utils/functional.py", line 49, in __get__
web_1 | res = instance.__dict__[self.name] = self.func(instance)
web_1 | File "/usr/local/lib/python3.8/dist-packages/django/urls/resolvers.py", line 689, in urlconf_module
web_1 | return import_module(self.urlconf_name)
web_1 | File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
web_1 | return _bootstrap._gcd_import(name[level:], package, level)
web_1 | File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
web_1 | File "<frozen importlib._bootstrap>", line 991, in _find_and_load
web_1 | File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
web_1 | File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
web_1 | File "<frozen importlib._bootstrap_external>", line 848, in exec_module
web_1 | File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
web_1 | File "/webhashcat/WebHashcat/urls.py", line 16, in <module>
web_1 | from django.conf.urls import include,url
web_1 | ImportError: cannot import name 'url' from 'django.conf.urls' (/usr/local/lib/python3.8/dist-packages/django/conf/urls/__init__.py)
./manage.py migrate
`./manage.py migrate
Operations to perform:
Apply all migrations: Hashcat, Nodes, Utils, admin, auth, contenttypes, sessions
Running migrations:
Applying Hashcat.0004_auto_20180824_1041...Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 85, in _execute
return self.cursor.execute(sql, params)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/mysql/base.py", line 71, in execute
return self.cursor.execute(query, args)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 250, in execute
self.errorhandler(self, exc, value)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
raise errorvalue
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 247, in execute
res = self._query(query)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 412, in _query
rowcount = self._do_query(q)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 375, in _do_query
db.query(q)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/connections.py", line 276, in query
_mysql.connection.query(self, query)
_mysql_exceptions.OperationalError: (1091, "Can't DROP 'hashfileid_index'; check that column/key exists")
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "./manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.5/dist-packages/django/core/management/init.py", line 381, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.5/dist-packages/django/core/management/init.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python3.5/dist-packages/django/core/management/base.py", line 316, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python3.5/dist-packages/django/core/management/base.py", line 353, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python3.5/dist-packages/django/core/management/base.py", line 83, in wrapped
res = handle_func(*args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/django/core/management/commands/migrate.py", line 203, in handle
fake_initial=fake_initial,
File "/usr/local/lib/python3.5/dist-packages/django/db/migrations/executor.py", line 117, in migrate
state = self._migrate_all_forwards(state, plan, full_plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python3.5/dist-packages/django/db/migrations/executor.py", line 147, in _migrate_all_forwards
state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
File "/usr/local/lib/python3.5/dist-packages/django/db/migrations/executor.py", line 244, in apply_migration
state = migration.apply(state, schema_editor)
File "/usr/local/lib/python3.5/dist-packages/django/db/migrations/migration.py", line 124, in apply
operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
File "/usr/local/lib/python3.5/dist-packages/django/db/migrations/operations/models.py", line 804, in database_forwards
schema_editor.remove_index(model, index)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/base/schema.py", line 344, in remove_index
self.execute(index.remove_sql(model, self))
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/base/schema.py", line 133, in execute
cursor.execute(sql, params)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 68, in execute
return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 77, in _execute_with_wrappers
return executor(sql, params, many, context)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 85, in _execute
return self.cursor.execute(sql, params)
File "/usr/local/lib/python3.5/dist-packages/django/db/utils.py", line 89, in exit
raise dj_exc_value.with_traceback(traceback) from exc_value
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/utils.py", line 85, in _execute
return self.cursor.execute(sql, params)
File "/usr/local/lib/python3.5/dist-packages/django/db/backends/mysql/base.py", line 71, in execute
return self.cursor.execute(query, args)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 250, in execute
self.errorhandler(self, exc, value)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
raise errorvalue
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 247, in execute
res = self._query(query)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 412, in _query
rowcount = self._do_query(q)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/cursors.py", line 375, in _do_query
db.query(q)
File "/usr/local/lib/python3.5/dist-packages/MySQLdb/connections.py", line 276, in query
_mysql.connection.query(self, query)
django.db.utils.OperationalError: (1091, "Can't DROP 'hashfileid_index'; check that column/key exists")
root@hashcatnode:/opt/WebHashcat/WebHashcat#
`
Add a little pop-up when you leave the mouse over a rule/word list. The pop-up would contain a description of the element which is indicated by the mouse.
I guess the descriptions need to be configurable/added in some way.
Environment:
Request Method: GET
Request URL: http://127.0.0.1:8000/hashfile/10
Django Version: 2.0.6
Python Version: 3.5.2
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'Nodes',
'Hashcat',
'Utils',
'API',
'Auth']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "/home/hidden/.local/lib/python3.5/site-packages/django/core/handlers/exception.py" in inner
35. response = get_response(request)
File "/home/hidden/.local/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
128. response = self.process_exception_by_middleware(e, request)
File "/home/hidden/.local/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
126. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/hidden/.local/lib/python3.5/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
21. return view_func(request, *args, **kwargs)
File "/hidden/WebHashcat/WebHashcat/Hashcat/views.py" in hashfile
247. context['recovered'] = "%s (%.2f%%)" % (humanize.intcomma(hashfile.cracked_count), hashfile.cracked_count/hashfile.line_count*100)
Exception Type: ZeroDivisionError at /hashfile/10
Exception Value: division by zero
When a session is paused, it stays in memory, if you pause too many of them, then you'll run out of memory without knowing what the fuck happened.
Unfortunately, this error occurs when synchronizing the nodes. Probably it is due to too large word lists.
OverflowError at /Nodes/node/<node_name>
string longer than 2147483647 bytes
The sync then stops and the nodes cannot be used to their full extent.
Add time limit for cracking sessions, can be useful for a time constrained assessments where we don't need to leave it run after a certain date.
As i can understand, Node was written only to Linux, but i have my hashcat on Windows. If you can, please make Node avaliable to Windows too.
Hi. I have bit stupid question. So.
I can't configure HashcatNode because don't understand where I should set password for connecting.
[Server]
bind = 23.15.24.23
port = 9999
username = user
sha256hash = WHAT IS IT? HERE?
Thanks for support.
Request Method: | GET |
---|---|
http://127.0.0.1:8000/hashfiles | |
2.2.1 | |
KeyError | |
'Hashcat' | |
/usr/lib/python3.6/configparser.py in getitem, line 959 | |
/usr/bin/python3 | |
3.6.7 | |
['/Hashcat/WebHashcat/WebHashcat', '/Hashcat/WebHashcat/WebHashcat', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/usr/local/lib/python3.6/dist-packages', '/usr/lib/python3/dist-packages'] | |
Wed, 29 May 2019 06:52:10 +0000 |
Wasn't able to follow the instructions at all.
One thing that made it clear that it's out of date was settings.py
doesn't exist.
https://github.com/hegusung/WebHashcat/search?q=settings.py&unscoped_q=settings.py
Most likely because .gitignore
contains WebHashcat/WebHashcat/settings.py
.
I think it would be nice to have the number of passwords which were cracked by a given session, so that we can check which rule/dict is the most efficient.
Ubuntu server 16.04
when running ./manage.py migrate the error returned is "No module celery"...have confirmed python-celery is installed.
When using MySQL or MariaDB, secure-file-priv option must be disabled in the configuration file.
[mysqld]
secure-file-priv = ""
However, It would be better for the code to work without this modification. The destination folder can be found by requesting the secure_file_priv variable in MySQL.
SHOW VARIABLES LIKE "secure_file_priv";
As cracking is a long process one may want to do other thing while everything is running. Yet, if in a hurry we may need to be alerted as soon as a new password has been found. This feature would require to:
Environment:
Request Method: POST
Request URL: http://192.168.2.201/new_session
Django Version: 2.0.7
Python Version: 3.5.2
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'Nodes',
'Hashcat',
'Utils',
'API',
'Auth']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "/usr/local/share/WebHashcat/lib/python3.5/site-packages/django/core/handlers/exception.py" in inner
35. response = get_response(request)
File "/usr/local/share/WebHashcat/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
128. response = self.process_exception_by_middleware(e, request)
File "/usr/local/share/WebHashcat/lib/python3.5/site-packages/django/core/handlers/base.py" in _get_response
126. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/share/WebHashcat/lib/python3.5/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
21. return view_func(request, *args, **kwargs)
File "/opt/WebHashcat/Hashcat/views.py" in new_session
177. res = hashcat_api.create_mask_session(session_name, hashfile, mask)
File "/opt/WebHashcat/Utils/hashcatAPI.py" in create_mask_session
67. "hashes": hashes,
Exception Type: NameError at /new_session
Exception Value: name 'hashes' is not defined
The link "Unsure about which hash type to choose ? check this" opens in the current window.
I think it should open in a new window.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.