Closed Invoke-Mimikatz closed 4 years ago
I can confirm that this issue is present on the current 2.5 build and the new dev build.
Been spending some time trying to isolate the issue. The Empire 2.5 master branch runs without locking up the agent but this bug is also present in the Empire 2.5 Dev branch. That also coincides with some updates to agent.
My best guess right now is that an update broke the multi threading as the agents continue to run through the module logic loops. They just become unresponsive both on the compromised host and to the C2 server
@Invoke-Mimikatz I just pushed a commit that should have fixed this issue. Let me know if it still persists.
Tested this out with keylogger and it seems to run correctly as a background job now.
Empire Version
[Version] 2.5 BC-Security Fork
OS Information (Linux flavor, Python version)
Python 2.7.16, Kali GNU/Linux, version 2019.2
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
Expected behaviour: An agent runs a long running job. The agent continues to beacon back to C2 server, and the agent can run other jobs while the first job runs in the background.
Actual behaviour: The agent starts a long running job. The agent no longer beacons back to the C2 server, and an operator can no longer interact with the agent.
Screenshot of error, embedded text output, or Pastebin link to the error
No screenshot, but tested a few long running modules, including
inveigh_relay
,process_killer
,keylogger
, and areverse_socks_proxy
module I've been working on. All of these modules that run like a job should be run in the background, should be able to be viewed by runningjobs
and should be able to be killed withjobs kill JOB_ID
. All agents die after the start of any of these long running jobs.Any additional information
Agent running on Windows 10, PSversion 5.1