Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to solve this problem #922

Closed
Ashokmurugan48 opened this issue Jan 26, 2019 · 20 comments
Closed

how to solve this problem #922

Ashokmurugan48 opened this issue Jan 26, 2019 · 20 comments
Labels
bug fix proposed

Comments

@Ashokmurugan48
Copy link

ettercap -Tq -M arp:remote -i wlan0 /192.168.12.1// /192.168.12.226//

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on:
wlan0 -> 1C:3E:84:5F:9C:89
192.168.12.225/255.255.255.0
fe80::4a69:3f4d:94fe:9975/64

Privileges dropped to EUID 0 EGID 0...

33 plugins
42 protocol dissectors
57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!

Scanning for merged targets (2 hosts)...

  • |==================================================>| 100.00 %

3 hosts added to the hosts list...

ARP poisoning victims:

GROUP 1 : 192.168.12.1 7C:5A:1C:54:58:FB

GROUP 2 : 192.168.12.226 04:B1:67:CA:F4:13
Starting Unified sniffing...

Text only Interface activated...
Hit 'h' for inline help

DHCP: [192.168.6.135] ACK : 192.168.6.144 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.144 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.141 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.141 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.138 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.138 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.139 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.139 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.136 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.136 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.144 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.144 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.141 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.141 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.139 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.139 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.145 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.138 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.138 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.136 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1
DHCP: [192.168.6.135] ACK : 192.168.6.136 255.255.255.0 GW 192.168.6.1 DNS 192.168.1.1

Ooops ! This shouldn't happen...
Segmentation Fault...

Please recompile in debug mode, reproduce the bug and send a bugreport

Have a nice day!
@koeppea
Copy link
Member

koeppea commented Jan 26, 2019
edited
Loading

Hi,
you need to help us a little bit to get the root cause of this issue.

  1. Please remove your ettercap installation completely (purge) or use a fresh system (VM)
  2. Get the dependencies installed to fetch the latest source from GitHub and to build it from source
  3. Follow the instructions in the README.GIT file and make sure you configure in Debug mode: cmake -DCMAKE_BUILD_TYPE=Debug ..
  4. Run the program in GDB: gdb --args ettercap -G
  5. Reproduce the issue. When SEGFAULT occurs you're back at the gdb prompt: type bt.
  6. Provide the output of the backtrace and attach the ettercap-$VERSION_debug.log which is located in the directory ettercap (gdb) has been started.

Since the latest source on GitHub contains many fixes which are not included in the released version 0.8.2, it may be possible that you're not able to reproduce.

@Ashokmurugan48
Copy link
Author

Ashokmurugan48 commented Jan 26, 2019
edited
Loading

Thanks for your help, I couldn't remove ettercap

apt-get remove ettercap
Reading package lists... Done
Building dependency tree
Reading state information... Done
Virtual packages like 'ettercap' can't be removed
0 upgraded, 0 newly installed, 0 to remove and 185 not upgraded.

@koeppea
Copy link
Member

koeppea commented Jan 26, 2019 via email

@Ashokmurugan48
Copy link
Author

I uninstall ettercap completely and reinstall ettercap. but this is showing me same error

@koeppea
Copy link
Member

koeppea commented Jan 28, 2019

When you followed the steps outlined above, please provide the information requested there.
Simply uninstalling and reinstalling the same way as before won't help of course.
Please carefully read the steps in my initial answer.

@jackassplus
Copy link

jackassplus commented Jul 8, 2019
edited
Loading

I presume I'm having the same problem.
I have the log, if you need it, but I'll have to sanitize it first.


┌─[root@Windows9] - [~] - [2019-07-08 11:25:20]
└─[130] <> gdb --args ettercap -q -T -M arp:remote ///
GNU gdb (Debian 8.2.1-2) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ettercap...done.
(gdb) run
Starting program: /usr/local/bin/ettercap -q -T -M arp:remote ///
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

ettercap 0.8.3 copyright 2001-2019 Ettercap Development Team

[Detaching after fork from child process 24180]
Cannot change large-receive-offload
Listening on:
  eth0 -> 00:0C:29:6C:B4:F8
          172.16.96.70/255.255.254.0
          fe80::20c:29ff:fe6c:b4f8/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to EUID 65534 EGID 65534...

mdns_spoof: etter.mdns:52 Invalid IPv4 or IPv6 address
mdns_spoof: etter.mdns:54 Invalid IPv4 or IPv6 address
mdns_spoof: etter.mdns:61 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:71 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:78 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:81 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:90 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:99 Invalid IPv4 or IPv6 address
dns_spoof: etter.dns:112 Invalid IPv4 or IPv6 address
  34 plugins
  42 protocol dissectors
  57 ports monitored
24609 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services

[New Thread 0x7ffff332a700 (LWP 24184)]
[New Thread 0x7ffff2b29700 (LWP 24185)]
Randomizing 511 hosts for scanning...
DHCP: [00:0C:29:6C:B4:F8] REQUEST 10.224.104.23
Scanning the whole netmask for 511 hosts...
* |==================================================>| 100.00 %


Thread 3 "ettercap" received signal SIG32, Real-time event 32.
[Switching to Thread 0x7ffff2b29700 (LWP 24185)]
0x00007ffff62d7819 in __GI___poll (fds=0x7ffff2b28ad0, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:29
29      ../sysdeps/unix/sysv/linux/poll.c: No such file or directory.
(gdb) 
(gdb) run
The program being debugged has been started already.
Start it from the beginning? (y or n) n
Program not restarted.
(gdb) c
Continuing.
[Thread 0x7ffff2b29700 (LWP 24185) exited]
97 hosts added to the hosts list...
[New Thread 0x7ffff2b29700 (LWP 24347)]
[New Thread 0x7ffff22ec700 (LWP 24348)]
[New Thread 0x7ffff1aeb700 (LWP 24349)]
[New Thread 0x7ffff12ea700 (LWP 24351)]

ARP poisoning victims:

 GROUP 1 : ANY (all the hosts in the list)

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

[Thread 0x7ffff12ea700 (LWP 24351) exited]
SNMP : 172.16.98.24:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.1:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.1:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.96.15:61349 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.96.15:61349 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.24:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.24:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 10.164.107.40:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 10.164.107.40:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.8:161 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.96.82:59167 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.96.82:59167 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.96.82:59167 -> COMMUNITY: public  INFO: SNMP v1
SNMP : 172.16.98.24:161 -> COMMUNITY: public  INFO: SNMP v1

Thread 6 "ettercap" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff1aeb700 (LWP 24349)]
0x00007ffff7f893a5 in unicodeToString (
    p=0x800041448a45 <error: Cannot access memory at address 0x800041448a45>, len=8480)
    at /root/Linux/ettercap-master/src/dissectors/ec_http.c:876
876           buf[i] = *p & 0x7f;
(gdb) bt
#0  0x00007ffff7f893a5 in unicodeToString
    (p=0x800041448a45 <error: Cannot access memory at address 0x800041448a45>, len=8480)
    at /root/Linux/ettercap-master/src/dissectors/ec_http.c:876
#1  0x00007ffff7f8816b in Parse_NTLM_Auth
    (ptr=0x7fffe805a000 "POST /ReportServer/ReportExecution2005.asmx HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)\r\nAccept-Language: en-US\r\nContent-Type: text/xml; c"..., from_here=0x7fffe805a159 "TlRMTVNTUAADAAAAGAAYAJAAAACOAY4BqAAAABIAEgBYAAAAEgASAGoAAAAUABQAfAAAAAAAAAA2AgAABYKIogoA7kIAAAAPGhTvCFNbtCaAXL6FNTc+AmQAZQByAGIAeQBjAGkAdAB5AHMAdgBjAF8AbwBhAHMAaQBzAEQAQwBHAEQAUwBLADAAMAA0ADUAAAAAAAAA"..., po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/dissectors/ec_http.c:505
#2  0x00007ffff7f8707d in dissector_http
    (buf=0x55555559309c "eportExecution2005.asmx HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)\r\nAccept-Language: en-US\r\nContent-Type: text/xml; charset=utf-8\r\nSOAPAc"..., buflen=1149, len=0x7ffff1aea88c, po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/dissectors/ec_http.c:167
#3  0x00007ffff7f5e4d4 in decode_data
    (buf=0x555555593088 "POST /ReportServer/ReportExecution2005.asmx HTTP/1.1\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)\r\nAccept-Language: en-US\r\nContent-Type: text/xml; c"..., buflen=1169, len=0x7ffff1aea88c, po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/ec_decode.c:305
#4  0x00007ffff7fa3623 in decode_tcp
    (buf=0x555555593074 "\352]", buflen=1189, len=0x7ffff1aea88c, po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/protocols/ec_tcp.c:295
#5  0x00007ffff7fa15f9 in decode_ip
    (buf=0x555555593060 "E", buflen=1209, len=0x7ffff1aea88c, po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/protocols/ec_ip.c:231
#6  0x00007ffff7fa079d in decode_eth
    (buf=0x555555593052 "", buflen=1223, len=0x7ffff1aea88c, po=0x7ffff1aea890)
    at /root/Linux/ettercap-master/src/protocols/ec_eth.c:81
#7  0x00007ffff7f5e10d in ec_decode
--Type <RET> for more, q to quit, c to continue without paging--
    (param=0x555555570ad0 "", pkthdr=0x7ffff1aeaa70, pkt=0x7ffff438337e "")
    at /root/Linux/ettercap-master/src/ec_decode.c:187
#8  0x00007ffff63b0616 in  () at /lib/x86_64-linux-gnu/libpcap.so.0.8
#9  0x00007ffff63b12c4 in  () at /lib/x86_64-linux-gnu/libpcap.so.0.8
#10 0x00007ffff63b90cd in pcap_loop () at /lib/x86_64-linux-gnu/libpcap.so.0.8
#11 0x00007ffff7f59b18 in capture (args=0x555555570ad0)
    at /root/Linux/ettercap-master/src/ec_capture.c:90
#12 0x00007ffff7973fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
#13 0x00007ffff62e24cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)

@koeppea
Copy link
Member

koeppea commented Jul 8, 2019

Is it possible to get a packet capture to reproduce?

@jackassplus
Copy link

Is there a way I can send it to you directly?

@koeppea
Copy link
Member

koeppea commented Jul 9, 2019 via email

@jackassplus
Copy link

link to zip containing pcap, debug output and etterlog sent

@koeppea
Copy link
Member

koeppea commented Jul 9, 2019

Got it. Thanks. Will have a look in the next few days....

@koeppea
Copy link
Member

koeppea commented Aug 12, 2019

Been finally able to reproduce the issue. How I have something grabby to dig deeper into the issue....

@koeppea koeppea mentioned this issue Aug 14, 2019
Merged
@koeppea
Copy link
Member

koeppea commented Aug 14, 2019

@jackassplus Could you please test if the related pull request fixes the issue for you?
@Ashokmurugan48 Could you please also test, since you've initially created this issue. I'm not sure if this is essentially the same issue you're facing.

@jackassplus
Copy link

Preliminary testing is positive. No segfaults yet.

@koeppea
Copy link
Member

koeppea commented Aug 21, 2019

That sounds good.
So that means you're going to do further tests?

@jackassplus
Copy link

will stay on this build for a bit, but as far as I'm concerned, it is working.

@jackassplus
Copy link

One of the guys I have testing it says he's having problems terminating it. 'q' doesn't seem to work. The mainline build (kali repo) isn't having that problem.

@koeppea
Copy link
Member

koeppea commented Aug 23, 2019 via email

@koeppea
Copy link
Member

koeppea commented Nov 22, 2019
edited
Loading

@jackassplus I'm currently troubleshooting another problem (#974) for which I find also some indications in the GDB output from you, that you're having the same problem.

Well of course, the initial segmentation fault problem is another one and has been addressed as you know (PR still pending for merge).

I just like to know if Kali has some general problem (I assume related to libpcap).

Could you please run the following command ettercap -Tqslq.
One time in the terminal and one time in GDB.
Before you run in GDB, create a breakpoint for function capture: break capture.
If GDB asks you to create a pending breakpoint, since it may not yet have read all the symbols, confirm with y
When the breakpoint is hit, type info threads and then continue.

Please paste the output here. Thanks.

@koeppea
Copy link
Member

koeppea commented Nov 27, 2019

PR #960 merged. Closing issue.

@koeppea koeppea closed this as completed Nov 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug fix proposed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jackassplus @koeppea @Ashokmurugan48