Tylous
commented
1 year ago Does this happen when a beacon comes or after it’s established?
Closed javvylx closed 10 months ago
Tylous
commented
1 year ago Does this happen when a beacon comes or after it’s established?
Hello, i am getting an http-get.client.metadata error.
Invalid session id [-] A Malleable C2 attempt to recover data from a '.http-get.client.metadata' transaction failed. This could be due to a bug in the profile, a change made to the profile after this Beacon was run, or a change made to the transaction by some device between your target and your Cobalt Strike controller. The following information will (hopefully) help narrow down what happened.
Error
From '15.158.36.55' URI '/safebrowsing/8ijb3/793g0INlUAzvUkU'**
Headers
'REMOTE_ADDRESS' = '/xx.xx.xx.xx' 'Accept' = 'text/html,application/xhtml+xml,application/xml;q=0.9,/l;q=0.8' 'CloudFront-Viewer-Country' = 'XX' 'CloudFront-Is-Tablet-Viewer' = 'false' 'CloudFront-Forwarded-Proto' = 'https' 'User-Agent' = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.10; rv:75.0) Gecko/20100101 Firefox/75.0' 'Connection' = 'Keep-Alive' 'Referer' = 'http://www.google.test' 'CloudFront-Is-Mobile-Viewer' = 'false' 'CloudFront-Is-SmartTV-Viewer' = 'false' 'Host' = 'd2mhkyo3wllxj8.cloudfront.net' 'Pragma' = 'no-cache' 'Via' = '1.1 xx.cloudfront.net (CloudFront)' 'Cache-Control' = 'no-cache' 'X-Amz-Cf-Id' = 'rQYhM_G34ARassaddsasdsadssadasadsddasdsadssadgK6lISasHqmV9xVCxxasxQ==' 'X-Forwarded-For' = 'x.x.x.x' 'CloudFront-Viewer-ASN' = '4657' 'CloudFront-Is-Desktop-Viewer' = 'true'
This is my command to generate the sourcepoint profile
./SourcePoint -Outfile test2.profile -Host xxx.cloudfront.net -Injector NtMapViewOfSection -Profile 5 -Password abcd! -Keystore a123.abc.cf.storeAnyone has experience in troubleshooting this as i have been trying to troubleshoot this but to no avail ):
Thanks in advance!