search

HavocFramework / Havoc

The Havoc Framework
https://havocframework.com
GNU General Public License v3.0
6.83k stars 963 forks source link

[File a bug report for the Demon Implant]: socks proxy module fails and crashes teamserver #238

Closed rafale0n closed 1 year ago

rafale0n commented 1 year ago

Contact Details

No response

What happened?

Run socks add 4443. Setup socks4 proxychains config to point to IP@4443 and run proxychains cme smb Internal-IP and observe the teamserver crash with an error described below:

Did You Do a Pull First?

Latest (You performed a pull first)

Relevant log output

[22:41:35] [DBUG] [agent.(*Agent).TaskDispatch:1717]: Task Output: 
00000000  00 00 00 11 00 00 95 1a  00 00 00 02 00 00 00 d1  |................|
00000010  00 00 00 cd ff 53 4d 42  72 00 00 00 00 98 01 48  |.....SMBr......H|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 ff ff 4b 1e  |..............K.|
00000030  00 00 00 00 11 00 00 0f  32 00 01 00 04 41 00 00  |........2....A..|
00000040  00 00 01 00 00 00 00 00  fc f3 01 80 7f 3b 9a b9  |.............;..|
00000050  fa 08 d9 01 00 00 00 88  00 11 3d 1c 54 7c f2 41  |..........=.T|.A|
00000060  4c 92 3a 4b 59 46 e0 e8  83 60 76 06 06 2b 06 01  |L.:KYF...`v..+..|
00000070  05 05 02 a0 6c 30 6a a0  3c 30 3a 06 0a 2b 06 01  |....l0j.<0:..+..|
00000080  04 01 82 37 02 02 1e 06  09 2a 86 48 82 f7 12 01  |...7.....*.H....|
00000090  02 02 06 09 2a 86 48 86  f7 12 01 02 02 06 0a 2a  |....*.H........*|
000000a0  86 48 86 f7 12 01 02 02  03 06 0a 2b 06 01 04 01  |.H.........+....|
000000b0  82 37 02 02 0a a3 2a 30  28 a0 26 1b 24 6e 6f 74  |.7....*0(.&.$not|
000000c0  5f 64 65 66 69 6e 65 64  5f 69 6e 5f 52 46 43 34  |_defined_in_RFC4|
000000d0  31 37 38 40 70 6c 65 61  73 65 5f 69 67 6e 6f 72  |178@please_ignor|
000000e0  65                                                |e|

[22:41:35] [DBUG] [handlers.(*HTTP).request:337]: End
panic: runtime error: index out of range [8] with length 8

goroutine 97 [running]:
Havoc/pkg/agent.(*Agent).SocksClientClose(0xc00059e240, 0x951a)
    /home/Havoc/Teamserver/pkg/agent/agent.go:940 +0x225
Havoc/pkg/agent.(*Agent).TaskPrepare.func1.1(0x951a)
    /home/Havoc/Teamserver/pkg/agent/demons.go:1507 +0x3ce
created by Havoc/pkg/agent.(*Agent).TaskPrepare.func1
    /home/Havoc/Teamserver/pkg/agent/demons.go:1468 +0x5f5


### Did You Read Over Your Issue First?

- [X] I declare I made an effort and provided the necessary information for replication of the issue.
rafale0n commented 1 year ago

Interestingly it seems to happen on Windows Server 2016, however no output comes back from cme either, even from a "non-affected" Windows OS like Server 2019.

Cracked5pider commented 1 year ago

Thanks for letting me know. going to take a look into this.

Kx1z0 commented 1 year ago

I have the same issue. Using cme to do some password spraying on a subnet.

Command used: socks add 8080 (Havoc) proxychains -q python3 /home/user/Tools/cme smb hostname -u user -p 'password' (Ubuntu)

Error: imagen imagen

S4ntiagoP commented 1 year ago

Apparently, the issue was a race condition at SocksClientClose, this should now work at the dev branch. If you encounter the same crash again, re-open this issue.