manasmbellani
commented
5 years ago I received this exact same error as well. Here is a bit more info about the way I have configured my listener.
(Empire: listeners) > info http
http Options:
Name Required Value Description
---- -------- ------- -----------
StagerURI False URI for the stager. Must use /download/. Example: /download/stager.php
ProxyCreds False default Proxy credentials ([domain\]username:password) to use for request (default, none, or other).
KillDate False Date for the listener to exit (MM/dd/yyyy).
Name True http Name for the listener.
Launcher True powershell -noP -sta -w 1 -enc Launcher string.
DefaultProfile True /preload?manifest=wac,/sa,/load? Default communication profile for the agent.
manifest=wac|Mozilla/5.0
(Windows NT 6.1; WOW64;
Trident/7.0; rv:11.0) like Gecko
|Host:onedrive.live.com|Accept:t
ext/html,application/xml
;*/*;|Accept-Encoding:gzip, defl
ate|Cookie:E=P;We/01nw8bIg=oIbA0
4j2Itig4t8cWKNKrDaG/ZDZuMnyxXC+B
kkNivU=;PFzM9cj
DefaultLostLimit True 60 Number of missed checkins before exiting
Host True http://0.0.0.0:80 Hostname/IP for staging.
Port True 80 Port for the listener.
WorkingHours False Hours for the agent to operate (09:00-17:00).
CertPath False Certificate path for https listeners.
DefaultJitter True 0.25 Jitter in agent reachback interval (0.0-1.0).
SlackChannel False #general The Slack channel or DM that notifications will be sent to.
BindIP True 0.0.0.0 The IP to bind to on the control server.
UserAgent False default User-agent string to use for the staging request (default, none, or other).
StagingKey True Pe,tK)#6F5D-{y+4x0dhbYX>:|kgsLNi Staging key for initial agent negotiation.
DefaultDelay True 4 Agent delay/reach back interval (in seconds).
SlackToken False Your SlackBot API token to communicate with your Slack instance.
ServerVersion True Microsoft-IIS/7.5 Server header for the control server.
Proxy False default Proxy to use for request (default, none, or other).
The moment I remove the below from DefaultProfile, I am able to get a working agent from the victim machine.
|Cookie:E=P;We/01nw8bIg=oIbA04j2Itig4t8cWKNKrDaG/ZDZuMnyxXC+BkkNivU=;PFzM9cj
Empire Version
2.5
OS Information (Linux flavor, Python version)
KaliLinux 2019.1
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
When I set the header
Cookie:in the DefaultProfile of an http listener, then I generate a launcher and I execute it on a target machine: I receive the following error on the Empire Console.[!] search requested by 192.168.254.130 with no routing packet.For my understanding it seems the agent doesn't add Session in the cookies of the generated requests when other cookies are already set by the listener profile. I get the same behavior either from the powershell or the python agent.Screenshot of error, embedded text output, or Pastebin link to the error
[!] search requested by 192.168.254.130 with no routing packet.Any additional information