View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004962||Kali Linux||[All Projects] Kali Package Bug||public||2018-09-07 11:43||2018-11-19 13:12|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0004962: Hashcat 4.2.1 wrong assumption|
Affects only 2018.3 i386 release...
https://images.offensive-security.com/virtual-images/kali-linux-2018.3-vm-i386.7z 84715b351460cadad7e5d87e4034bfc50a9befc3904205bc6ca0afc6def61066 kali-linux-2018.3-vm-i386.7z
and is reproducible with and without latest updates.
Thank you for your interest in Kali but this bug report is not actionable.
It seems to be an issue specific to i386, but not to Kali.
Please precise what you have done, which image you have tested and how to reproduce this issue.
Can you reproduce this issue on the live image http://cdimage.kali.org/kali-2018.3/kali-linux-2018.3-i386.iso ?
Yes, the kali-linux-2018.3-i386.iso is also affected. I tested back on 2018.2-i386.iso which doesnt have this bug and cracks the password correctly.
To reproduce start the live iso and use hashcat to crack the wordpress saltet md5 from the ticket.
echo "\$P\$B9wJdX0NkO95U2L.kqAGXsFufwSp5N1" > wp.txt
hashcat -m 400 -a 3 wp.txt ?s?s?s?s?s
The output is not as expected and giving a hex'd output which is unusal. Please try exactly with the hash from issue 1683 posted in the description.
Can you reproduce the issue now?
Another user reported the bug exists in Kali Linux x86!
From the testings this seems to be buggy since all updated x86 kernels since > 4.15.0-kali2-686-pae (2018.2), because the live iso still works correctly.
Can you reproduce this as issue and tell us if it is related to kali x86 kernel or to hashcat or even anything else on your distro? Hashcat itself cracks the password correctly in 64bit releases in every version. In my opinion it is actionable now.
I reproduced this error with a simple plaintext md5 crack, on i686 virtualized environment, including fresh-download of live cd and 32bit prepared vm vbox download from offensive-security.com.
Report here: https://github.com/hashcat/hashcat/issues/1709
tested with the following isos:
* kali-linux-light-2018-3a-i386-iso (bug present)
* kali-linux-light-2018-3a-amd64-iso (bug not present)
* kali-linux-2018-3a-i386-iso (bug present)
* kali-linux-2018-3-vbox-i386-ova (bug present)
Some updates on the issue from Jens Steube:
It will get fixed by the next release of hashcat. In the meantime we are advised to use the latest commit. Thank all of you guys for contributing.
||fixed in version 5.0.0-1 in kali-rolling|
|2018-09-07 11:43||Splo1tr||New Issue|
|2018-09-10 11:58||Splo1tr||Note Added: 0009623|
|2018-09-10 13:53||sbrun||Status||new => feedback|
|2018-09-10 13:53||sbrun||Note Added: 0009627|
|2018-09-11 10:14||Splo1tr||Note Added: 0009637|
|2018-09-11 10:14||Splo1tr||Status||feedback => new|
|2018-09-23 22:08||Splo1tr||Note Added: 0009762|
|2018-10-03 06:20||deargle||Note Added: 0009780|
|2018-10-21 12:49||Splo1tr||Note Added: 0009821|
|2018-11-19 13:12||sbrun||Assigned To||=> sbrun|
|2018-11-19 13:12||sbrun||Status||new => resolved|
|2018-11-19 13:12||sbrun||Resolution||open => fixed|
|2018-11-19 13:12||sbrun||Note Added: 0009967|