server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon hashtopolis

Deleted files are being advertised to agents

Open tosiara opened this issue 4 years ago • 3 comments

  • Your current Server version: 0.12.0 commit 0e9047b branch master
  • Current Client version: s3-python-0.6.0.10
  • Your current Hashcat version: 6.1.1

I have deleted all wordlists, but still see the file list being sent to agents:

Entering loop...
{'action': 'getFileStatus', 'token': 'XXX'}
https://XXXX "POST /XXXX HTTP/1.1" 200 230
b'{"action":"getFileStatus","response":"SUCCESS","filenames":["XXXX","Pre-cracked_XXXXX","Pre-cracked_XXXX","Pre-cracked_XXXX","XXXXX"]}'

I can see the same list of files is still being kept at:

mysql> select * from FileDelete;
+--------------+----------------+-----+
| fileDeleteId | filename       | time|
+--------------+----------------+-----+
|            1 | XXX            | XXX |
|            2 | XXX            | XXX |
|            3 | XXX            | XXX |
|            4 | XXX            | XXX |
|            5 | XXX            | XXX |
+--------------+----------------+-----+

I can't find a way to delete the list through the UI. What is the purpose of the table FileDelete? Is it safe to manually truncate it?

I ask because one the file names has leaked sensitive info I don't want it to be freely advertise to agents

Thanks

tosiara avatar Oct 15 '20 07:10 tosiara

Hey, the FileDelete table is used to send out filenames to the agents which they can delete (as they were deleted on the server). Before this was added, there was no way to remove the files on the agents from the server (you had to manually go to each agent and remove the entries in the files folder). As the server itself does not know, at which time all agents at least once have received the filename to delete, it does not clean it from the list and always sends all. But if you know that the files are deleted or the agents or if you just want to make sure that the filenames are not sent anymore, you can safely remove them from the FileDelete table.

s3inlc avatar Dec 19 '20 15:12 s3inlc

Ok, understood. Maybe it would be better to not keep the list of deleted files in the database. The client could receive the list of existing files instead, and delete any local file that is not in the list

tosiara avatar Dec 19 '20 16:12 tosiara

That's an idea to consider. I hope that is doable also with large amounts of files.. but the same could happen with the current way as well.

s3inlc avatar Dec 20 '20 12:12 s3inlc