search

BC-SECURITY / Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
https://bc-security.gitbook.io/empire-wiki/
BSD 3-Clause "New" or "Revised" License
4.08k stars 565 forks source link

[BUG] [!] Error parsing malleable profile: comfoo.profile, Profile::ingest - Invalid file: comfoo.profile #328

Closed pawp81 closed 3 years ago

pawp81 commented 3 years ago

Note: Please fill out all sections (if applicable) and do not delete the below section headers, otherwise the bot will close the issue.

Empire Version

OS Information (Linux flavor, Python version)

Describe the bug

It is unclear where Malleable C2 profile should be placed for Empire listener to recognize it. I saved comfoo.profile downloaded from https://github.com/BC-SECURITY/Malleable-C2-Profiles/blob/master/APT/comfoo.profile to Empire/data/profiles/ and set it in the configuration of the listener

To Reproduce

Steps to reproduce the behavior:

  1. Copy comfoo.profile file to /opt/Empire/data/profiles
  2. uselistener http_malleable
  3. set Profile comfoo.profile
  4. execute [!] Error parsing malleable profile: comfoo.profile, Profile::ingest - Invalid file: comfoo.profile

Expected behavior

Listener should execute without error with specified profile.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

Cx01N commented 3 years ago

The profiles do not need to be placed in any specific folder as long as they are set from the Malleable listener menu. The data/profiles folder is a legacy feature for the HTTP listener and I recommend storing them elsewhere (we may repurpose it for malleable profiles in the future).

The error you received appears to be a parser failure, which I'll check out and see what might be causing it. We are still tuning the parser, so identifying the failed profiles is a huge help for us. You may want to check out malleable c2 blog post more info on the configuration as well: https://www.bc-security.org/post/empire-malleable-c2-profiles/

pawp81 commented 3 years ago

Moving the comfoo.profile to main Empire folder resolved the problem:

(Empire: listeners/http_malleable) > set Profile
.dockerignore   .github         Dockerfile      README.md       changelog       data            lib             setup
.git            .gitignore      LICENSE         VERSION         comfoo.profile  empire          plugins
(Empire: listeners/http_malleable) > set Profile comfoo.profile
(Empire: listeners/http_malleable) > execute
[*] Starting listener 'http_malleable'
 * Serving Flask app "http_malleable" (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: off
[+] Listener successfully started!
Cx01N commented 3 years ago

Great! I'll take a look into what might have caused it but I'm glad it's working now. Let us know if you see anything else.