Long running modules lock up agents #16
Comments
|
I can confirm that this issue is present on the current 2.5 build and the new dev build.
|
|
Been spending some time trying to isolate the issue. The Empire 2.5 master branch runs without locking up the agent but this bug is also present in the Empire 2.5 Dev branch. That also coincides with some updates to agent. My best guess right now is that an update broke the multi threading as the agents continue to run through the module logic loops. They just become unresponsive both on the compromised host and to the C2 server |
Hubbl3
added a commit
that referenced
this issue
Dec 26, 2019
|
@Invoke-Mimikatz I just pushed a commit that should have fixed this issue. Let me know if it still persists. |
|
Tested this out with keylogger and it seems to run correctly as a background job now. |
vinnybod
added a commit
that referenced
this issue
Feb 21, 2021
* Initial database pulled from vinnybod * made compatibility changes * json working but not ideal * updated listener endpoint sql calls * update get_agent * update agent tasking results * updated agent download and upload * result changes * fixed agent result formatting issue * more agent sql updates * eliminated old sql calls in api * updated agent table call * updated agent results * more agent endpoint changes * agent setting endpoints updated * updated taskings and results to update agent name in rename * fixed or statement in function * removed tasking and result renaming for now - for a future release * updated more agent functions * updated update_agent_results_db * updated keyword obufscation * updated user functions * updated agent return * added dictionary option to agents * Updated start existing listener * fixed result printing issue * converted update listener * updated kill listener * updated delete listener * updated get inactive listeners * update listener options not working with new format * updated credentials table * sql commands for credentials updated * reformatted agents and updated autorun commands * updated agent tasking to orm * fixed update listener options * converted autorun * updated get_agent_tasks_listener_db * updated process agent packet * auto reformatted empire.py * updated keyword obfuscation * updated reports * updated config pragma * fixes for starkiller * undid update_dir function * fixed module vs agent version * removed old database connection functions * fixed date formatting error * updated database setup and restart with new configuration * fixed install directory error * fixed versioning issues with python 3.9 and updated some random functions * updated poetry to use python 3.8 * fixed weird issue where ./ is no longer valid for installpath * Fixed timestamps and other stuff??? * reset poetry.lock/toml files * Sql alchemy vr edits (#2) * saving my place * get initial file browser call working * add sqlalchemy to poetry * fix a timestamp thing * file browser seems to be functioning (for python agents at least) * fix another thing with timestamps, get_config works with mysql too, add config.yaml to switch between databases * time_stamp > timestamp * call out cffi 1.14.4 because 1.14.3 doesn't install on mac os for some reason * more rework on timestamps. use sqlachemy-utc for timezone-aware retrievals * timestamp serialization on socketio * convert some raw sql queries * got reporting query on mysql and sqlite. updated timestamp for reporting table. still a problem with session_key on the agent table * add link to substring stackoverflow * Fixed circular logic with helpers so resetting database works * should fix the sessionid and datetime issues - pending vinnybod changes * fix session_key serialization * fixed database encoding issue with sessionkey for sqlite only * removed helpers call from database * use same query for api and cli report. convert high_integrity check, make high_integrity a boolean * forgot to return the agent in new method and removed helpers reference in model (#6) * only refresh the token if one doesn't exist * convert reporting queries * updated reporting endpoints * updated agent info * fixed deleted line of get_agent_db * updated get_config * fixed case where agent info comes back as dict * updated credential report * updated report master log * revert some of the string parsing since we haven't verified some of the byte vs string issues * cast high_integrity to int so the api contract isn't broken * revert back to coin's query() with added order_by * revert back to coin's .contains filter * added locks to agents.py * added locks to empire.py * int issue from high_integrity conversion * added threading lock to empire and agent files * fixed misstyped lock and release commands * updated reset scripts * fixed int issue with high_integrity being None instead of 0 * updated internal_ip to save only the first one * cast session_key to a string, can't serialize bytes in json * fixed issue with multiple tasks failing * fixed printing issue with multiple results * fix reporting endpoint * limit size of result object to avoid performance issues * fixed type with missing username in agents * Update lib/common/agents.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * removed get_agents_db_orm * Update empire Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update config.yaml Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update lib/common/agents.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update lib/common/agents.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update lib/common/helpers.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update lib/common/empire.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * Update lib/common/credentials.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * fixed minor error with credentials and formatting * Update lib/common/credentials.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * updated language to scalar * added .first() to autorun * fixed clear autorun db * Update lib/common/credentials.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * fixed autorun db calls * Update lib/common/credentials.py Co-authored-by: Vincent Rose <vrose04@gmail.com> * removed modifying table at runtime * update initialization behavior to remove the need for setup_database.… (#16) * update initialization behavior to remove the need for setup_database.py, defaults can be set in yaml, revert the install_path changes * cleanup Co-authored-by: Vincent Rose <vrose04@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Empire Version
[Version] 2.5 BC-Security Fork
OS Information (Linux flavor, Python version)
Python 2.7.16, Kali GNU/Linux, version 2019.2
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Expected behaviour: An agent runs a long running job. The agent continues to beacon back to C2 server, and the agent can run other jobs while the first job runs in the background.
Actual behaviour: The agent starts a long running job. The agent no longer beacons back to the C2 server, and an operator can no longer interact with the agent.
Screenshot of error, embedded text output, or Pastebin link to the error
No screenshot, but tested a few long running modules, including
inveigh_relay,process_killer,keylogger, and areverse_socks_proxymodule I've been working on. All of these modules that run like a job should be run in the background, should be able to be viewed by runningjobsand should be able to be killed withjobs kill JOB_ID. All agents die after the start of any of these long running jobs.Any additional information
Agent running on Windows 10, PSversion 5.1
The text was updated successfully, but these errors were encountered: