Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
client tries to download 7zr over port 80
I'm running my set up on a separate VM alongside my public webserver VM (two different VMs).  Both servers are running nginx and the public webserver receives requests for my domain name for my hashtopolis server and performs a reverse proxy to the hashtopolis VM webserver which then handles the request.  The public webserver redirects all port 80 HTTP requests via 301 redirect to port 443 HTTPS.

I'm running into an issue trying to get any python client to function.  It seems the client is able to register and collect agent data but then fails to find '7zr'.  Below is the output the client gives me.  I receive the same on both windows 10 and ubuntu.  I've tried sudo on ubuntu with no change.  The server is running on ubuntu server 18.04 running nginx.  I do not see any access or error logs in regards to the client requesting 7zr from <url base>/static/7zr.

Upon further examination of the logs below it appears that the client is attempting to download the 7zr over port 80 and receives the 301 from the public facing webserver which causes the client to return an error..  Removing the 301 redirect from port 80 to 443 on the public facing webserver is a functional workaround for this issue.

Where do/can I set the server to inform the client to download 7zr over port 443?  I tried setting the base hostname/port/protocal to my public-facing domain via HTTPS and setting the base url - both of which appear to have no effect.

Client Output

Quote:No token found! Please enter a voucher to register your agent:
Successfully registered!
Collecting agent data...
Login successful!
Hashtopolis Server version: 0.10.1 ()
Client is up-to-date!
Traceback (most recent call last):
  File "/usr/lib/python3.6/", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/", line 85, in _run_code
    exec(code, run_globals)
  File "", line 337, in <module>
  File "", line 139, in init
  File "", line 22, in run
  File "", line 80, in __check_utils
FileNotFoundError: [Errno 2] No such file or directory: '7zr'

Relevant Nginx Access + Error log tail -f output
Quote: - - [22/Feb/2019:13:29:45 -0600] "POST /api/server.php HTTP/1.1" 200 59 "-" "s3-python-0.4.0" - - [22/Feb/2019:13:29:49 -0600] "POST /api/server.php HTTP/1.1" 200 74 "-" "s3-python-0.4.0" - - [22/Feb/2019:13:29:49 -0600] "POST /api/server.php HTTP/1.1" 200 62 "-" "s3-python-0.4.0" - - [22/Feb/2019:13:29:49 -0600] "POST /api/server.php HTTP/1.1" 200 117 "-" "s3-python-0.4.0" - - [22/Feb/2019:13:29:49 -0600] "POST /api/server.php HTTP/1.1" 200 78 "-" "s3-python-0.4.0" - - [22/Feb/2019:13:29:49 -0600] "POST /api/server.php HTTP/1.1" 200 118 "-" "s3-python-0.4.0"

Here are the requested details
Hashtopolis server version 0.10.1+
Client version 0.4.0
hashcat version 5.1.0

Debug output from client:

Quote:[2019-02-22 13:44:55,580] [INFO ] Found existing, checking if python process is running...
[2019-02-22 13:44:55,581] [INFO ] Ignoring file because PID is not existent anymore or not running python!
[2019-02-22 13:44:55,581] [INFO ] Starting client 's3-python-0.4.0'...
[2019-02-22 13:45:08,019] [DEBUG] Setting url to: https://hashtopolis-server/api/server.php
[2019-02-22 13:45:08,020] [DEBUG] {'action': 'testConnection'}
[2019-02-22 13:45:08,028] [DEBUG] Starting new HTTPS connection (1): hashtopolis-server
[2019-02-22 13:45:08,101] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:08,106] [DEBUG] b'{"action":"testConnection","response":"SUCCESS"}'
[2019-02-22 13:45:08,107] [DEBUG] Connection test successful!
[2019-02-22 13:45:26,658] [DEBUG] {'action': 'register', 'voucher': 'aaa', 'name': 'WS01'}
[2019-02-22 13:45:26,890] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:26,891] [DEBUG] b'{"action":"register","response":"SUCCESS","token":"T9LQue26rb"}'
[2019-02-22 13:45:26,906] [INFO ] Successfully registered!
[2019-02-22 13:45:26,914] [INFO ] Collecting agent data...
[2019-02-22 13:45:27,090] [DEBUG] {'action': 'updateInformation', 'token': 'T9LQue26rb', 'uid': 'eaa90cbc-2ee9-4e1b-a6e0-799a1853f333', 'os': 0, 'devices': ['Intel® Xeon® CPU E5420 @ 2.50GHz', 'Intel® Xeon® CPU E5420 @ 2.50GHz', 'VMware SVGA II Adapter']}
[2019-02-22 13:45:27,149] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:27,152] [DEBUG] b'{"action":"updateInformation","response":"SUCCESS"}'
[2019-02-22 13:45:27,153] [DEBUG] {'action': 'login', 'token': 'T9LQue26rb', 'clientSignature': 's3-python-0.4.0'}
[2019-02-22 13:45:27,221] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:27,222] [DEBUG] b'{"action":"login","response":"SUCCESS","multicastEnabled":false,"timeout":30,"server-version":"0.10.1 ()"}'
[2019-02-22 13:45:27,223] [INFO ] Login successful!
[2019-02-22 13:45:27,223] [INFO ] Hashtopolis Server version: 0.10.1 ()
[2019-02-22 13:45:27,224] [DEBUG] {'action': 'checkClientVersion', 'token': 'T9LQue26rb', 'version': '0.4.0', 'type': 'python'}
[2019-02-22 13:45:27,288] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:27,289] [DEBUG] b'{"action":"checkClientVersion","response":"SUCCESS","version":"OK"}'
[2019-02-22 13:45:27,289] [INFO ] Client is up-to-date!
[2019-02-22 13:45:27,290] [DEBUG] {'action': 'downloadBinary', 'token': 'T9LQue26rb', 'type': '7zr'}
[2019-02-22 13:45:27,359] [DEBUG] https://hashtopolis-server:443 "POST /api/server.php HTTP/1.1" 200 None
[2019-02-22 13:45:27,360] [DEBUG] b'{"action":"downloadBinary","response":"SUCCESS","executable":"http:\\/\\/hashtopolis-server\\/static\\/7zr.bin"}'
[2019-02-22 13:45:27,365] [DEBUG] Starting new HTTP connection (1): hashtopolis-server
[2019-02-22 13:45:27,370] [DEBUG] http://hashtopolis-server:80 "HEAD /static/7zr.bin HTTP/1.1" 301 0
Sorry about the delay of an answer, I've been busy.

So if I see it correctly, the Hashtopolis server is behind the proxy, so in case of the 7zr binary download, the server tries to determine its own url where it is reached and builds the download link out of this. But as he is not aware of the proxy, I assume internally he is only accessed by port 80, so he thinks he is only reachable by port 80.

Long story short, in the server config `Config -> Server -> Server` there is the option `Base hostname/port/protocol to use.` which is blank by default (where the server tries to get the hostname on its own), but you can override this by putting in there the protocol and hostname which it should use, in your case something like `https://hashtopolis-server/`.

Forum Jump:

Users browsing this thread: 1 Guest(s)