search

MythicAgents / Apollo

A .NET Framework 4.0 Windows Agent
BSD 3-Clause "New" or "Revised" License
430 stars 89 forks source link

Error installing in aarch64 #128

Open g4uss47 opened 1 month ago

g4uss47 commented 1 month ago

While trying to install the Apollo Agent the installer runs into an issue, although I think the issue is not with Apollo agent itself and rather with donut.

./mythic-cli install github https://github.com/MythicAgents/Apollo
2024/05/08 11:07:13 [*] Creating temporary directory
2024/05/08 11:07:13 [*] Cloning https://github.com/MythicAgents/Apollo
Cloning into '/opt/Mythic/tmp'...
2024/05/08 11:07:16 [*] Parsing config.json
[*] Processing Payload Type apollo
[*] apollo already exists. Replace current version?  [y/n]: y
2024/05/08 11:07:17 [*] Stopping current container
2024/05/08 11:07:17 [*] Removing current version
2024/05/08 11:07:17 [+] Successfully removed the current version
2024/05/08 11:07:17 [*] Copying new version of payload into place
2024/05/08 11:07:17 [*] Adding service into docker-compose
WARN[0000] /opt/Mythic/docker-compose.yml: `version` is obsolete
No stopped containers
WARN[0000] /opt/Mythic/docker-compose.yml: `version` is obsolete
[+] Building 16.5s (5/6)                                         docker:default
 => [apollo internal] load build definition from Dockerfile                0.0s
 => => transferring dockerfile: 179B                                       0.0s
 => [apollo internal] load metadata for docker.io/itsafeaturemythic/mythi  0.8s
 => [apollo internal] load .dockerignore                                   0.0s
 => => transferring context: 2B                                            0.0s
 => CACHED [apollo 1/3] FROM docker.io/itsafeaturemythic/mythic_python_do  0.0s
 => ERROR [apollo 2/3] RUN python3 -m pip install donut-shellcode         15.6s
------
 > [apollo 2/3] RUN python3 -m pip install donut-shellcode:
2.141 Collecting donut-shellcode
2.208   Downloading donut-shellcode-1.0.2.tar.gz (293 kB)
2.264      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 293.0/293.0 kB 6.6 MB/s eta 0:00:00
2.432   Installing build dependencies: started
8.662   Installing build dependencies: finished with status 'done'
8.665   Getting requirements to build wheel: started
9.305   Getting requirements to build wheel: finished with status 'done'
9.313   Preparing metadata (pyproject.toml): started
10.00   Preparing metadata (pyproject.toml): finished with status 'done'
10.01 Building wheels for collected packages: donut-shellcode
10.02   Building wheel for donut-shellcode (pyproject.toml): started
13.12   Building wheel for donut-shellcode (pyproject.toml): finished with status 'error'
**13.15   error: subprocess-exited-with-error**
13.15
13.15   × Building wheel for donut-shellcode (pyproject.toml) did not run successfully.
13.15   │ exit code: 1
13.15   ╰─> [65 lines of output]
13.15       running bdist_wheel
13.15       running build
13.15       running build_ext
13.15       building 'donut' extension
13.15       creating build
13.15       creating build/temp.linux-aarch64-cpython-311
13.15       creating build/temp.linux-aarch64-cpython-311/loader
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c donut.c -o build/temp.linux-aarch64-cpython-311/donut.o
13.15       donut.c: In function ‘read_file_info’:
13.15       donut.c:574:19: warning: comparison of integer expressions of different signedness: ‘ULONG64’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
13.15                  if (ofs != -1) {
13.15                          ^~
13.15       donut.c:579:22: warning: comparison of integer expressions of different signedness: ‘ULONG64’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
13.15                      if(ofs != -1) {
13.15                             ^~
13.15       donut.c: In function ‘gen_random_string’:
13.15       donut.c:667:15: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uint64_t’ {aka ‘long unsigned int’} [-Wsign-compare]
13.15            for(i=0; i<len; i++) {
13.15                      ^
13.15       donut.c: In function ‘is_dll_export’:
13.15       donut.c:1481:16: warning: comparison of integer expressions of different signedness: ‘ULONG64’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
13.15                if(ofs != -1) {
13.15                       ^~
13.15       In function ‘build_module’,
13.15           inlined from ‘DonutCreate’ at donut.c:1590:17:
13.15       donut.c:768:7: warning: ‘strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
13.15              strncpy(mod->method, c->method, DONUT_MAX_NAME-1);
13.15              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       donut.c:746:9: warning: ‘strncpy’ output may be truncated copying 8 bytes from a string of length 255 [-Wstringop-truncation]
13.15                strncpy(mod->domain, c->domain, DONUT_DOMAIN_LEN);
13.15                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       donut.c:753:9: warning: ‘strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
13.15                strncpy(mod->cls, c->cls, DONUT_MAX_NAME-1);
13.15                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       donut.c:756:9: warning: ‘strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
13.15                strncpy(mod->method, c->method, DONUT_MAX_NAME-1);
13.15                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       donut.c:763:7: warning: ‘strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
13.15              strncpy(mod->runtime, c->runtime, DONUT_MAX_NAME-1);
13.15              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       donut.c:792:7: warning: ‘strncat’ output may be truncated copying 250 bytes from a string of length 255 [-Wstringop-truncation]
13.15              strncat(mod->args, c->args, DONUT_MAX_NAME-6);
13.15              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c donutmodule.c -o build/temp.linux-aarch64-cpython-311/donutmodule.o
13.15       donutmodule.c:199:9: warning: initialization of ‘PyObject * (*)(PyObject *, PyObject *)’ {aka ‘struct _object * (*)(struct _object *, struct _object *)’} from incompatible pointer type ‘PyObject * (*)(PyObject *, PyObject *, PyObject *)’ {aka ‘struct _object * (*)(struct _object *, struct _object *, struct _object *)’} [-Wincompatible-pointer-types]
13.15                Donut_Create, // C wrapper function
13.15                ^~~~~~~~~~~~
13.15       donutmodule.c:199:9: note: (near initialization for ‘Donut_FunctionsTable[0].ml_meth’)
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c encrypt.c -o build/temp.linux-aarch64-cpython-311/encrypt.o
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c format.c -o build/temp.linux-aarch64-cpython-311/format.o
13.15       format.c: In function ‘base64_template’:
13.15       format.c:94:10: warning: ‘i’ may be used uninitialized in this function [-Wmaybe-uninitialized]
13.15            while(i!=0) { *out++ = '='; i--; }
13.15                 ^
13.15       format.c:58:14: note: ‘i’ was declared here
13.15            uint32_t i, len, x;
13.15                     ^
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c hash.c -o build/temp.linux-aarch64-cpython-311/hash.o
13.15       gcc -pthread -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -Iinclude -I/usr/local/include/python3.11 -c loader/clib.c -o build/temp.linux-aarch64-cpython-311/loader/clib.o
13.15       creating build/lib.linux-aarch64-cpython-311
13.15       gcc -pthread -shared build/temp.linux-aarch64-cpython-311/donut.o build/temp.linux-aarch64-cpython-311/donutmodule.o build/temp.linux-aarch64-cpython-311/encrypt.o build/temp.linux-aarch64-cpython-311/format.o build/temp.linux-aarch64-cpython-311/hash.o build/temp.linux-aarch64-cpython-311/loader/clib.o lib/aplib64.a -Llib -L/usr/local/lib -o build/lib.linux-aarch64-cpython-311/donut.cpython-311-aarch64-linux-gnu.so
13.15       /usr/bin/ld: lib/aplib64.a(elfstubs.o): Relocations in generic ELF (EM: 62)
13.15       /usr/bin/ld: lib/aplib64.a: error adding symbols: file in wrong format
13.15       collect2: error: ld returned 1 exit status
13.15       error: command '/usr/bin/gcc' failed with exit code 1
13.15       [end of output]
13.15
13.15   note: This error originates from a subprocess, and is likely not a problem with pip.
13.15   ERROR: Failed building wheel for donut-shellcode
13.16 ERROR: Could not build wheels for donut-shellcode, which is required to install pyproject.toml-based projects
13.16 Failed to build donut-shellcode
13.26
13.26 [notice] A new release of pip is available: 23.1.2 -> 24.0
13.26 [notice] To update, run: pip install --upgrade pip
------
failed to solve: process "/bin/sh -c python3 -m pip install donut-shellcode" did not complete successfully: exit code: 1
2024/05/08 11:07:36 [+] Successfully installed service
2024/05/08 11:07:36 [+] Successfully installed c2
2024/05/08 11:07:36 [*] Processing Documentation for apollo
its-a-feature commented 1 month ago

Yup, you're exactly right. This is because donut doesn't support the arm architecture (https://github.com/TheWover/donut/issues/139). Because of this, unfortunately, Apollo cannot currently be installed on a Mythic instance on an ARM host