View Issue Details

IDProjectCategoryView StatusLast Update
0004962Kali Linux[All Projects] Kali Package Bugpublic2018-11-19 13:12
ReporterSplo1trAssigned Tosbrun 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version2018.3 
Target VersionFixed in Version 
Summary0004962: Hashcat 4.2.1 wrong assumption
Descriptionhttps://github.com/hashcat/hashcat/issues/1683

Activities

Splo1tr

2018-09-10 11:58

reporter   ~0009623

Affects only 2018.3 i386 release...

https://images.offensive-security.com/virtual-images/kali-linux-2018.3-vm-i386.7z 84715b351460cadad7e5d87e4034bfc50a9befc3904205bc6ca0afc6def61066 kali-linux-2018.3-vm-i386.7z

and is reproducible with and without latest updates.

sbrun

2018-09-10 13:53

manager   ~0009627

Thank you for your interest in Kali but this bug report is not actionable.
It seems to be an issue specific to i386, but not to Kali.
Please precise what you have done, which image you have tested and how to reproduce this issue.
Can you reproduce this issue on the live image http://cdimage.kali.org/kali-2018.3/kali-linux-2018.3-i386.iso ?

Splo1tr

2018-09-11 10:14

reporter   ~0009637

Yes, the kali-linux-2018.3-i386.iso is also affected. I tested back on 2018.2-i386.iso which doesnt have this bug and cracks the password correctly.

To reproduce start the live iso and use hashcat to crack the wordpress saltet md5 from the ticket.

echo "\$P\$B9wJdX0NkO95U2L.kqAGXsFufwSp5N1" > wp.txt
hashcat -m 400 -a 3 wp.txt ?s?s?s?s?s

The output is not as expected and giving a hex'd output which is unusal. Please try exactly with the hash from issue 1683 posted in the description.

Can you reproduce the issue now?

Splo1tr

2018-09-23 22:08

reporter   ~0009762

Another user reported the bug exists in Kali Linux x86!

https://github.com/hashcat/hashcat/issues/1695

From the testings this seems to be buggy since all updated x86 kernels since > 4.15.0-kali2-686-pae (2018.2), because the live iso still works correctly.

Can you reproduce this as issue and tell us if it is related to kali x86 kernel or to hashcat or even anything else on your distro? Hashcat itself cracks the password correctly in 64bit releases in every version. In my opinion it is actionable now.

deargle

2018-10-03 06:20

reporter   ~0009780

I reproduced this error with a simple plaintext md5 crack, on i686 virtualized environment, including fresh-download of live cd and 32bit prepared vm vbox download from offensive-security.com.

Report here: https://github.com/hashcat/hashcat/issues/1709

tested with the following isos:
* kali-linux-light-2018-3a-i386-iso (bug present)
* kali-linux-light-2018-3a-amd64-iso (bug not present)
* kali-linux-2018-3a-i386-iso (bug present)
* kali-linux-2018-3-vbox-i386-ova (bug present)

Splo1tr

2018-10-21 12:49

reporter   ~0009821

Some updates on the issue from Jens Steube:

https://github.com/hashcat/hashcat/commit/a4ac370496d030777a5d5d65a894ac6bc2f953c6

It will get fixed by the next release of hashcat. In the meantime we are advised to use the latest commit. Thank all of you guys for contributing.

sbrun

2018-11-19 13:12

manager   ~0009967

fixed in version 5.0.0-1 in kali-rolling

Issue History

Date Modified Username Field Change
2018-09-07 11:43 Splo1tr New Issue
2018-09-10 11:58 Splo1tr Note Added: 0009623
2018-09-10 13:53 sbrun Status new => feedback
2018-09-10 13:53 sbrun Note Added: 0009627
2018-09-11 10:14 Splo1tr Note Added: 0009637
2018-09-11 10:14 Splo1tr Status feedback => new
2018-09-23 22:08 Splo1tr Note Added: 0009762
2018-10-03 06:20 deargle Note Added: 0009780
2018-10-21 12:49 Splo1tr Note Added: 0009821
2018-11-19 13:12 sbrun Assigned To => sbrun
2018-11-19 13:12 sbrun Status new => resolved
2018-11-19 13:12 sbrun Resolution open => fixed
2018-11-19 13:12 sbrun Note Added: 0009967