09-05-2013, 04:55 PM
I believe I found a bug - unfortunately I do not have access to trac.
The machine that I am tested on is a Dell i3 Running Ubuntu:
Dell-System-Inspiron-N4110 3.2.0-40-generic #64-Ubuntu SMP Mon Mar 25 21:22:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
I followed directions in another topic to brute force hmac-sha1.
Generated Salts:
Generated Test File:
Tried to Crack:
Result was a segmentation fault.
When running hashcat through strace I received the following:
The machine that I am tested on is a Dell i3 Running Ubuntu:
Dell-System-Inspiron-N4110 3.2.0-40-generic #64-Ubuntu SMP Mon Mar 25 21:22:10 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
I followed directions in another topic to brute force hmac-sha1.
Generated Salts:
Code:
hashcat-cli64.bin --stdout -a 3 ?d?d?d?d > external_salts.txt
Generated Test File:
Code:
echo -n "abcd" | openssl dgst -sha1 -hmac 1234 > m0160.txt
Tried to Crack:
Code:
hashcat-cli64.bin -m 160 -e external_salts.txt --pw-min 4 -a 3 m0160.txt ?l?l?l?l
Result was a segmentation fault.
When running hashcat through strace I received the following:
Code:
strace hashcat-cli64.bin -m 160 -e external_salts.txt --pw-min 4 -a 3 m0160.txt ?l?l?l?l
execve("/usr/local/bin/hashcat-cli64.bin", ["hashcat-cli64.bin", "-m", "160", "-e", "external_salts.txt", "--pw-min", "4", "-a", "3", "m0160.txt", "?l?l?l?l"], [/* 21 vars */]) = 0
brk(0) = 0x208b000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d7d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=130937, ...}) = 0
mmap(NULL, 130937, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f7361d5d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pU\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1030512, ...}) = 0
mmap(NULL, 3125544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7361861000
mprotect(0x7f736195c000, 2093056, PROT_NONE) = 0
mmap(0x7f7361b5b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xfa000) = 0x7f7361b5b000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=135366, ...}) = 0
mmap(NULL, 2212904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7361644000
mprotect(0x7f736165c000, 2093056, PROT_NONE) = 0
mmap(0x7f736185b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f736185b000
mmap(0x7f736185d000, 13352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f736185d000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\30\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1811128, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d5c000
mmap(NULL, 3925208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f7361285000
mprotect(0x7f736143a000, 2093056, PROT_NONE) = 0
mmap(0x7f7361639000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b4000) = 0x7f7361639000
mmap(0x7f736163f000, 17624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f736163f000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d5b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d5a000
arch_prctl(ARCH_SET_FS, 0x7f7361d5b700) = 0
mprotect(0x7f7361639000, 16384, PROT_READ) = 0
mprotect(0x7f736185b000, 4096, PROT_READ) = 0
mprotect(0x7f7361b5b000, 4096, PROT_READ) = 0
mprotect(0x7f7361d7f000, 4096, PROT_READ) = 0
munmap(0x7f7361d5d000, 130937) = 0
set_tid_address(0x7f7361d5b9d0) = 5086
set_robust_list(0x7f7361d5b9e0, 0x18) = 0
futex(0x7fff87ffc28c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f7361d5b700) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f736164a750, [], SA_RESTORER|SA_SIGINFO, 0x7f7361653cb0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f736164a7e0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f7361653cb0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0) = 0x208b000
brk(0x20ac000) = 0x20ac000
open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d7c000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 3519
lseek(3, -2252, SEEK_CUR) = 1267
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 2252
close(3) = 0
munmap(0x7f7361d7c000, 4096) = 0
open("./eula.accepted", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=4, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d7c000
read(3, ".\0\0\0", 4096) = 4
close(3) = 0
munmap(0x7f7361d7c000, 4096) = 0
open("./hashcat.keyfile", O_RDONLY) = -1 ENOENT (No such file or directory)
write(1, "Initializing hashcat v0.46 by at"..., 74Initializing hashcat v0.46 by atom with 8 threads and 32mb segment-size...) = 74
write(1, "\n", 1
) = 1
write(1, "\n", 1
) = 1
mmap(NULL, 33558528, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f735f284000
open("external_salts.txt", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=54320, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d7c000
read(3, "0\n1\n2\n3\n4\n5\n6\n7\n8\n9\n00\n10\n20\n30\n"..., 4096) = 4096
brk(0x20d2000) = 0x20d2000
brk(0x20f3000) = 0x20f3000
brk(0x2114000) = 0x2114000
brk(0x2135000) = 0x2135000
brk(0x2156000) = 0x2156000
brk(0x2177000) = 0x2177000
brk(0x2198000) = 0x2198000
brk(0x21b9000) = 0x21b9000
brk(0x21da000) = 0x21da000
brk(0x21fb000) = 0x21fb000
brk(0x221c000) = 0x221c000
brk(0x223d000) = 0x223d000
brk(0x225e000) = 0x225e000
brk(0x227f000) = 0x227f000
brk(0x22a0000) = 0x22a0000
brk(0x22c1000) = 0x22c1000
brk(0x22e2000) = 0x22e2000
brk(0x2303000) = 0x2303000
brk(0x2324000) = 0x2324000
brk(0x2345000) = 0x2345000
brk(0x2366000) = 0x2366000
read(3, "449\n549\n649\n749\n849\n949\n059\n159\n"..., 4096) = 4096
brk(0x2387000) = 0x2387000
brk(0x23a8000) = 0x23a8000
brk(0x23c9000) = 0x23c9000
brk(0x23ea000) = 0x23ea000
brk(0x240b000) = 0x240b000
brk(0x242c000) = 0x242c000
brk(0x244d000) = 0x244d000
brk(0x246e000) = 0x246e000
brk(0x248f000) = 0x248f000
brk(0x24b0000) = 0x24b0000
brk(0x24d1000) = 0x24d1000
brk(0x24f2000) = 0x24f2000
brk(0x2513000) = 0x2513000
brk(0x2534000) = 0x2534000
brk(0x2555000) = 0x2555000
brk(0x2576000) = 0x2576000
brk(0x2597000) = 0x2597000
read(3, "70\n5770\n6770\n7770\n8770\n9770\n0870"..., 4096) = 4096
brk(0x25b8000) = 0x25b8000
brk(0x25d9000) = 0x25d9000
brk(0x25fa000) = 0x25fa000
brk(0x261b000) = 0x261b000
brk(0x263c000) = 0x263c000
brk(0x265d000) = 0x265d000
brk(0x267e000) = 0x267e000
brk(0x269f000) = 0x269f000
brk(0x26c0000) = 0x26c0000
brk(0x26e1000) = 0x26e1000
brk(0x2702000) = 0x2702000
brk(0x2723000) = 0x2723000
brk(0x2744000) = 0x2744000
brk(0x2765000) = 0x2765000
brk(0x2786000) = 0x2786000
brk(0x27a7000) = 0x27a7000
read(3, "1\n4951\n5951\n6951\n7951\n8951\n9951\n"..., 4096) = 4096
brk(0x27c8000) = 0x27c8000
brk(0x27e9000) = 0x27e9000
brk(0x280a000) = 0x280a000
brk(0x282b000) = 0x282b000
brk(0x284c000) = 0x284c000
brk(0x286d000) = 0x286d000
brk(0x288e000) = 0x288e000
brk(0x28af000) = 0x28af000
brk(0x28d0000) = 0x28d0000
brk(0x28f1000) = 0x28f1000
brk(0x2912000) = 0x2912000
brk(0x2933000) = 0x2933000
brk(0x2954000) = 0x2954000
brk(0x2975000) = 0x2975000
brk(0x2996000) = 0x2996000
brk(0x29b7000) = 0x29b7000
brk(0x29d8000) = 0x29d8000
read(3, "\n3142\n4142\n5142\n6142\n7142\n8142\n9"..., 4096) = 4096
brk(0x29f9000) = 0x29f9000
brk(0x2a1a000) = 0x2a1a000
brk(0x2a3b000) = 0x2a3b000
brk(0x2a5c000) = 0x2a5c000
brk(0x2a7d000) = 0x2a7d000
brk(0x2a9e000) = 0x2a9e000
brk(0x2abf000) = 0x2abf000
brk(0x2ae0000) = 0x2ae0000
brk(0x2b01000) = 0x2b01000
brk(0x2b22000) = 0x2b22000
brk(0x2b43000) = 0x2b43000
brk(0x2b64000) = 0x2b64000
brk(0x2b85000) = 0x2b85000
brk(0x2ba6000) = 0x2ba6000
brk(0x2bc7000) = 0x2bc7000
brk(0x2be8000) = 0x2be8000
read(3, "2323\n3323\n4323\n5323\n6323\n7323\n83"..., 4096) = 4096
brk(0x2c09000) = 0x2c09000
brk(0x2c2a000) = 0x2c2a000
brk(0x2c4b000) = 0x2c4b000
brk(0x2c6c000) = 0x2c6c000
brk(0x2c8d000) = 0x2c8d000
brk(0x2cae000) = 0x2cae000
brk(0x2ccf000) = 0x2ccf000
brk(0x2cf0000) = 0x2cf0000
brk(0x2d11000) = 0x2d11000
brk(0x2d32000) = 0x2d32000
brk(0x2d53000) = 0x2d53000
brk(0x2d74000) = 0x2d74000
brk(0x2d95000) = 0x2d95000
brk(0x2db6000) = 0x2db6000
brk(0x2dd7000) = 0x2dd7000
brk(0x2df8000) = 0x2df8000
read(3, "504\n2504\n3504\n4504\n5504\n6504\n750"..., 4096) = 4096
brk(0x2e19000) = 0x2e19000
brk(0x2e3a000) = 0x2e3a000
brk(0x2e5b000) = 0x2e5b000
brk(0x2e7c000) = 0x2e7c000
brk(0x2e9d000) = 0x2e9d000
brk(0x2ebe000) = 0x2ebe000
brk(0x2edf000) = 0x2edf000
brk(0x2f00000) = 0x2f00000
brk(0x2f21000) = 0x2f21000
brk(0x2f42000) = 0x2f42000
brk(0x2f63000) = 0x2f63000
brk(0x2f84000) = 0x2f84000
brk(0x2fa5000) = 0x2fa5000
brk(0x2fc6000) = 0x2fc6000
brk(0x2fe7000) = 0x2fe7000
brk(0x3008000) = 0x3008000
read(3, "84\n1784\n2784\n3784\n4784\n5784\n6784"..., 4096) = 4096
brk(0x3029000) = 0x3029000
brk(0x304a000) = 0x304a000
brk(0x306b000) = 0x306b000
brk(0x308c000) = 0x308c000
brk(0x30ad000) = 0x30ad000
brk(0x30ce000) = 0x30ce000
brk(0x30ef000) = 0x30ef000
brk(0x3110000) = 0x3110000
brk(0x3131000) = 0x3131000
brk(0x3152000) = 0x3152000
brk(0x3173000) = 0x3173000
brk(0x3194000) = 0x3194000
brk(0x31b5000) = 0x31b5000
brk(0x31d6000) = 0x31d6000
brk(0x31f7000) = 0x31f7000
brk(0x3218000) = 0x3218000
brk(0x3239000) = 0x3239000
read(3, "5\n0965\n1965\n2965\n3965\n4965\n5965\n"..., 4096) = 4096
brk(0x325a000) = 0x325a000
brk(0x327b000) = 0x327b000
brk(0x329c000) = 0x329c000
brk(0x32bd000) = 0x32bd000
brk(0x32de000) = 0x32de000
brk(0x32ff000) = 0x32ff000
brk(0x3320000) = 0x3320000
brk(0x3341000) = 0x3341000
brk(0x3362000) = 0x3362000
brk(0x3383000) = 0x3383000
brk(0x33a4000) = 0x33a4000
brk(0x33c5000) = 0x33c5000
brk(0x33e6000) = 0x33e6000
brk(0x3407000) = 0x3407000
brk(0x3428000) = 0x3428000
brk(0x3449000) = 0x3449000
read(3, "\n9056\n0156\n1156\n2156\n3156\n4156\n5"..., 4096) = 4096
brk(0x346a000) = 0x346a000
brk(0x348b000) = 0x348b000
brk(0x34ac000) = 0x34ac000
brk(0x34cd000) = 0x34cd000
brk(0x34ee000) = 0x34ee000
brk(0x350f000) = 0x350f000
brk(0x3530000) = 0x3530000
brk(0x3551000) = 0x3551000
brk(0x3572000) = 0x3572000
brk(0x3593000) = 0x3593000
brk(0x35b4000) = 0x35b4000
brk(0x35d5000) = 0x35d5000
brk(0x35f6000) = 0x35f6000
brk(0x3617000) = 0x3617000
brk(0x3638000) = 0x3638000
brk(0x3659000) = 0x3659000
read(3, "8237\n9237\n0337\n1337\n2337\n3337\n43"..., 4096) = 4096
brk(0x367a000) = 0x367a000
brk(0x369b000) = 0x369b000
brk(0x36bc000) = 0x36bc000
brk(0x36dd000) = 0x36dd000
brk(0x36fe000) = 0x36fe000
brk(0x371f000) = 0x371f000
brk(0x3740000) = 0x3740000
brk(0x3761000) = 0x3761000
brk(0x3782000) = 0x3782000
brk(0x37a3000) = 0x37a3000
brk(0x37c4000) = 0x37c4000
brk(0x37e5000) = 0x37e5000
brk(0x3806000) = 0x3806000
brk(0x3827000) = 0x3827000
brk(0x3848000) = 0x3848000
brk(0x3869000) = 0x3869000
brk(0x388a000) = 0x388a000
read(3, "418\n8418\n9418\n0518\n1518\n2518\n351"..., 4096) = 4096
brk(0x38ab000) = 0x38ab000
brk(0x38cc000) = 0x38cc000
brk(0x38ed000) = 0x38ed000
brk(0x390e000) = 0x390e000
brk(0x392f000) = 0x392f000
brk(0x3950000) = 0x3950000
brk(0x3971000) = 0x3971000
brk(0x3992000) = 0x3992000
brk(0x39b3000) = 0x39b3000
brk(0x39d4000) = 0x39d4000
brk(0x39f5000) = 0x39f5000
brk(0x3a16000) = 0x3a16000
brk(0x3a37000) = 0x3a37000
brk(0x3a58000) = 0x3a58000
mmap(NULL, 163840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d32000
brk(0x3a79000) = 0x3a79000
read(3, "98\n7698\n8698\n9698\n0798\n1798\n2798"..., 4096) = 4096
brk(0x3a9a000) = 0x3a9a000
brk(0x3abb000) = 0x3abb000
brk(0x3adc000) = 0x3adc000
brk(0x3afd000) = 0x3afd000
brk(0x3b1e000) = 0x3b1e000
brk(0x3b3f000) = 0x3b3f000
brk(0x3b60000) = 0x3b60000
brk(0x3b81000) = 0x3b81000
brk(0x3ba2000) = 0x3ba2000
brk(0x3bc3000) = 0x3bc3000
brk(0x3be4000) = 0x3be4000
brk(0x3c05000) = 0x3c05000
brk(0x3c26000) = 0x3c26000
brk(0x3c47000) = 0x3c47000
brk(0x3c68000) = 0x3c68000
brk(0x3c89000) = 0x3c89000
brk(0x3caa000) = 0x3caa000
read(3, "9\n6879\n7879\n8879\n9879\n0979\n1979\n"..., 4096) = 1072
brk(0x3ccb000) = 0x3ccb000
brk(0x3cec000) = 0x3cec000
brk(0x3d0d000) = 0x3d0d000
brk(0x3d2e000) = 0x3d2e000
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f7361d7c000, 4096) = 0
write(1, "Added external salts from file e"..., 62Added external salts from file external_salts.txt: 11110 salts) = 62
write(1, "\n", 1
) = 1
open("m0160.txt", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=41, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7361d7c000
read(3, "8717c25d45b7c48e66d917255c6e5b9e"..., 4096) = 41
mmap(NULL, 134221824, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7357283000
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f7361d7c000, 4096) = 0
write(1, "Added hashes from file m0160.txt"..., 49Added hashes from file m0160.txt: 1 (11110 salts)) = 49
write(1, "\n", 1
) = 1
write(1, "Activating quick-digest mode for"..., 44Activating quick-digest mode for single-hash) = 44
write(1, "\n", 1
) = 1
write(1, "\nNOTE: press enter for status-sc"..., 36
NOTE: press enter for status-screen) = 36
write(1, "\n", 1
) = 1
write(1, "\n", 1
) = 1
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7356a82000
mprotect(0x7f7356a82000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f7357281ff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f73572829d0, tls=0x7f7357282700, child_tidptr=0x7f73572829d0) = 5087
rt_sigaction(SIGINT, {0x4a0940, [INT], SA_RESTORER|SA_RESTART, 0x7f73612bb4a0}, {SIG_DFL, [], 0}, 8) = 0
setpriority(PRIO_PROCESS, 0, 1) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7356281000
mprotect(0x7f7356281000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f7356a80ff0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f7356a819d0, tls=0x7f7356a81700, child_tidptr=0x7f7356a819d0) = 5088
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)