search

BC-SECURITY / Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
https://bc-security.gitbook.io/empire-wiki/
BSD 3-Clause "New" or "Revised" License
4.21k stars 575 forks source link

[BUG] empire/starkiller - agent not found #743

Closed jfmaes closed 1 week ago

jfmaes commented 1 month ago

Is there an existing issue for this?

Empire Version

5.11.2

Python Version

3.12.2

Operating System

linux

Database

SQLite

Current Behavior

on occassions when running modules the agent identifier can not be found. this is particularly frequent when the agent got renamed, but also happens when the agent is not renamed either.

It's hard to pinpoint the cause of the bug, as the starkiller ui just gives you a very generic error message, the ps-empire terminal also does not give a proper stack trace even with logging set to debug.

the most verbose messaging I had was when using the client version of ps-empire.

Expected Behavior

expect modules to run and identify the correct agent

Steps To Reproduce

  1. run ps-empire server
  2. connect to starkiller or the ps-empire client
  3. select for example usemodule/bof_situational_awareness_get_password_policy
  4. fill out the needed options for the module you selected
  5. press submit or execute

Anything else?

Snag_a5746b2 Snag_a578523

Cx01N commented 2 weeks ago

I can confirm this is an issue in the terminal. However, the module does work if you use the form in Starkiller, in case you need to use it while I work on a fix.

On a side note, just a heads up that we are moving to Starkiller as the primary platform, with the client being deprecated in 6.0 since the terminal can replace that functionality.

Cx01N commented 2 weeks ago

Have a fix in place: https://github.com/BC-SECURITY/Starkiller-Sponsors/pull/206