secureworks / dcept Goto Github PK

High CPU usage has been noticed with dcept in docker (master branch). dcep process consumes 100% of CPU core permanently.

root     22540  0.0  0.0  14776  2168 pts/2    S+   16:36   0:00 grep dcep
root     31237  0.0  0.0 155364 14896 ?        Ssl  Jun28   0:02 /usr/bin/docker start -a dcept
root     31261  0.0  0.0  20076  2812 pts/1    Ss+  Jun28   0:00 /bin/sh -c cron; /opt/dcept/dcept.py
root     31275 99.9  0.1 224028 24728 pts/1    Sl+  Jun28 45392:56 /usr/bin/python /opt/dcept/dcept.py

Here is strace of dcept process (with children).

dcept-deadlock.txt

when following the instructions

# mcs ht-agent.cs -r:System.Data.dll -r:System.Web.Extensions.dll 

ht-agent.cs(11,18): error CS0234: The type or namespace name `Services' does not exist in the namespace `System.Web'. Are you missing `System.Web.Services' assembly reference?
Compilation failed: 1 error(s), 0 warnings

so i tried
# mcs ht-agent.cs -r:System.Data.dll -r:System.Web.Extensions.dll -r:System.Web.Services

and got not error. i guess it builds fine this way, but not tested this yet.

Hi,

I am trying to configure log event forwarding via syslog to remote server. I followed your instructions and changed dcept.cfg file by:

• uncommenting syslog_host entry and replacing with IP address of the remote syslog server.
• re-build dcept after that running docker_build.sh

Unfortunately I don't see any syslog message passed to remote server. I confirmed that by running tcpdump on both servers. Is there are anything else that I missed to configure?

The dcept server is running CentOS 7 and rsyslog

thanks,

/*I FOUND THE SOLUTION TO MY PROBLEM IN THE CLOSED ISSUES. SORRY.*/

Hello,

I ran ./docker_build.sh and got this error:

--2018-03-29 16:57:28-- http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz Resolving www.openwall.com (www.openwall.com)... 195.42.179.202 Connecting to www.openwall.com (www.openwall.com)|195.42.179.202|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-03-29 16:57:28 ERROR 403: Forbidden.

I tried working around this by creating the directory specified in the wget myself :

Step 11/27 : RUN wget -O /tmp/john.tar.gz http://www.openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz ---> Running in 60493f8009e5

I created the directory (specified above) and put the tar file in it using FileZilla hoping that it would recognize that the resources are there and skip that step. Instead I ran into the same error.

I also tried adding sudo to each of the commands in the docker_build.sh file (just to see if anything would change) and to no avail.

I'm not sure what else I should try. If anyone could point me in the right direction I would be eternally grateful. 👍

I'm trying to put dcept to work in a setup with 3 virtual machines:

1. Windows 2008 AD;
2. Windows 8.1 Workstation;
   3 Ubuntu server with DCEPT.

The sniffer gets the pre-authentication timestamp and the cracker enqueues it, but the cracking process is not capable of decrypting with the message "No password hashes loaded", from JtR.

I looked at the faq at http://www.openwall.com/john/doc/FAQ.shtml but can't get it to work.

I'm using the most recent version of dcept cloned from repository (commit 3edb23b).

Am I missing something?

Hi.

Attempting a new install under Debian, ./docker_build.sh fails here:

john-1.8.0-jumbo-1/src/pst_fmt_plug.c
john-1.8.0-jumbo-1/src/missing_getopt.c

gzip: stdin: unexpected end of file
john-1.8.0-jumbo-1/src/rules.c
john-1.8.0-jumbo-1/src/options.c
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
The command '/bin/sh -c mkdir /tmp/john && tar -xvf /tmp/john.tar.gz -C /tmp/john --strip-components=1' returned a non-zero code: 2
`