There was an error during an Agent StatusCheckIn: invalid job type, sending ServerOK - Githubissues

Ne0nd0g / merlin

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

GNU General Public License v3.0

5k stars 796 forks source link

There was an error during an Agent StatusCheckIn: invalid job type, sending ServerOK #69

Closed fmirahmadi closed 4 years ago

fmirahmadi commented 5 years ago

Prerequisite

[ ] I have read the README
[ ] I have search the opened & closed issues
[ ] I have search the WIKI and its FAQ page
Environment Data
Merlin Version:
Merlin Build:
Go Version:
GOPATH Environment Variable:
GOROOT Environment Variable:
Operating System: when I run any of merlin modules, I see this error!! "There was an error during an Agent StatusCheckIn: invalid job type, sending ServerOK"

Merlin» agent list

+--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | AGENT GUID | PLATFORM | USER | HOST | TRANSPORT | STATUS | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | windows/amd64 | WIN-F7I54C7428A\mahdi | WIN-F7I54C7428A | HTTP/2 (h2) | Active | | ffba5858-9d51-4e2b-8747-cc54b7c0360d | linux/amd64 | mahdi | ubuntu | HTTP/2 (h2) | Active | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+

Merlin» use module windows/x64/powershell/powersploit/Invoke-Mimikatz Merlin[module][Invoke-Mimikatz]» show options

Agent: 00000000-0000-0000-0000-000000000000

Module options(Invoke-Mimikatz)

  NAME     |                VALUE                 | REQUIRED |          DESCRIPTION

+--------------+--------------------------------------+----------+--------------------------------+ Agent | 00000000-0000-0000-0000-000000000000 | true | Agent on which to run module
| | | Invoke-Mimikatz
DumpCreds | true | false | [Switch]Use mimikatz to dump
| | | credentials out of LSASS.
DumpCerts | | false | [Switch]Use mimikatz to export
| | | all private certificates
| | | (even if they are marked
| | | non-exportable).
Command | | false | Supply mimikatz a custom
| | | command line. This works
| | | exactly the same as running
| | | the mimikatz executable
| | | like this: mimikatz
| | | "privilege::debug exit" as an
| | | example.
ComputerName | | false | Optional, an array of
| | | computernames to run the
| | | script on.
Merlin[module][Invoke-Mimikatz]» set Agent 5adafe61-0827-49cc-a56b-fb83e1c4e803 [+]agent set to 5adafe61-0827-49cc-a56b-fb83e1c4e803 Merlin[module][Invoke-Mimikatz]» show options

Agent: 5adafe61-0827-49cc-a56b-fb83e1c4e803

Module options(Invoke-Mimikatz)

  NAME     |                VALUE                 | REQUIRED |          DESCRIPTION

+--------------+--------------------------------------+----------+--------------------------------+ Agent | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | true | Agent on which to run module
| | | Invoke-Mimikatz
DumpCreds | true | false | [Switch]Use mimikatz to dump
| | | credentials out of LSASS.
DumpCerts | | false | [Switch]Use mimikatz to export
| | | all private certificates
| | | (even if they are marked
| | | non-exportable).
Command | | false | Supply mimikatz a custom
| | | command line. This works
| | | exactly the same as running
| | | the mimikatz executable
| | | like this: mimikatz
| | | "privilege::debug exit" as an
| | | example.
ComputerName | | false | Optional, an array of
| | | computernames to run the
| | | script on.
Merlin[module][Invoke-Mimikatz]» run [-]Created job GgVSoTEoZE for agent 5adafe61-0827-49cc-a56b-fb83e1c4e803 at 2019-04-17T05:11:22Z Merlin[module][Invoke-Mimikatz]» [!]There was an error during an Agent StatusCheckIn: invalid job type, sending ServerOK

please help me

C-Sto commented 5 years ago

Is there a reason you are trying to run a windows module on a linux agent?

fmirahmadi commented 5 years ago

5adafe61-0827-49cc-a56b-fb83e1c4e803 is a windows agent. you can see it in the agent list Merlin» agent list

+--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | AGENT GUID | PLATFORM | USER | HOST | TRANSPORT | STATUS | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+ | 5adafe61-0827-49cc-a56b-fb83e1c4e803 | windows/amd64 | WIN-F7I54C7428A\mahdi | WIN-F7I54C7428A | HTTP/2 (h2) | Active | | ffba5858-9d51-4e2b-8747-cc54b7c0360d | linux/amd64 | mahdi | ubuntu | HTTP/2 (h2) | Active | +--------------------------------------+---------------+-----------------------+-----------------+-------------+--------+

C-Sto commented 5 years ago

ah I see, it's pretty hard to decipher the way you've posted it, try using code tags.

I've confirmed this on my side, I'll dig into it in a bit.

fmirahmadi commented 5 years ago

Thank you I run merlin Server in kali linux and I have two agents. one win7 and another ubuntu.

C-Sto commented 5 years ago

Looks like the module json file (https://github.com/Ne0nd0g/merlin/blob/master/data/modules/windows/x64/powershell/powersploit/Invoke-Mimikatz.json) is missing some info for the powersploit entries. If it's urgent, you can fix it by adding the line:

"type": "standard",

Immediately after the line

"base": {

I'll submit a PR to dev sometime in the next few days if nobody gets to it first

fmirahmadi commented 5 years ago

I cant understand! how should i do this?

Ne0nd0g commented 5 years ago

Look at https://github.com/Ne0nd0g/merlin/blob/master/data/modules/windows/x64/powershell/detection/Get-InjectedThread.json#L3

I'll push a fix to dev in a couple of hours.