search

Tylous / SourcePoint

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
1.01k stars 150 forks source link

error when generating profile #22

Closed superuser5 closed 9 months ago

superuser5 commented 9 months ago

Hi, great project! When i generate profile, i get errors some of the times and other times profile generated successfully:

installing SourcePoint:

    git clone https://github.com/Tylous/SourcePoint
    cd SourcePoint
    go get gopkg.in/yaml.v2
    go build SourcePoint.go

golang

sudo snap install go --classic
go version go1.21.4 linux/amd64

creating profile

root@c2:/opt# cat /opt/sourcepoint.yml
Outfile: "random.profile"
Host: "fixme.cloudfront.net"
Stage: False
Injector: "VirtualAllocEx"
Forwarder: True
Useragent: "Win10"
Syscall: "Direct"

generating profile - 2 attempts failed and successful 3rd

cd /opt SourcePoint/SourcePoint -Yaml /opt/sourcepoint.yml

   _____                            ____        _       __ 
  / ___/____  __  _______________  / __ \____  (_)___  / /_
  \__ \/ __ \/ / / / ___/ ___/ _ \/ /_/ / __ \/ / __ \/ __/
 ___/ / /_/ / /_/ / /  / /__/  __/ ____/ /_/ / / / / / /_  
/____/\____/\__,_/_/   \___/\___/_/    \____/_/_/ /_/\__/  
                        (@Tyl0us)

[*] Preparing Varibles... panic: runtime error: index out of range [44] with length 36

goroutine 1 [running]: github.com/Tylous/SourcePoint/Utils.GenerateSingleValue(0x2) /opt/SourcePoint/Utils/Utils.go:94 +0x8b github.com/Tylous/SourcePoint/Loader.GeneratePE({0x0, 0x0}, {0x0, 0x0}) /opt/SourcePoint/Loader/Loader.go:350 +0x30f github.com/Tylous/SourcePoint/Loader.GenerateOptions({, }, {, }, {, }, {, }, {0x0, 0x0}, ...) /opt/SourcePoint/Loader/Loader.go:86 +0x3eb main.main() /opt/SourcePoint/SourcePoint.go:269 +0xdd3

root@c2:/opt# SourcePoint/SourcePoint -Yaml /opt/sourcepoint.yml

   _____                            ____        _       __ 
  / ___/____  __  _______________  / __ \____  (_)___  / /_
  \__ \/ __ \/ / / / ___/ ___/ _ \/ /_/ / __ \/ / __ \/ __/
 ___/ / /_/ / /_/ / /  / /__/  __/ ____/ /_/ / / / / / /_  
/____/\____/\__,_/_/   \___/\___/_/    \____/_/_/ /_/\__/  
                        (@Tyl0us)

[*] Preparing Varibles... panic: runtime error: index out of range [41] with length 36

goroutine 1 [running]: github.com/Tylous/SourcePoint/Utils.GenerateSingleValue(0x2) /opt/SourcePoint/Utils/Utils.go:94 +0x8b github.com/Tylous/SourcePoint/Loader.GeneratePE({0x0, 0x0}, {0x0, 0x0}) /opt/SourcePoint/Loader/Loader.go:350 +0x30f github.com/Tylous/SourcePoint/Loader.GenerateOptions({, }, {, }, {, }, {, }, {0x0, 0x0}, ...) /opt/SourcePoint/Loader/Loader.go:86 +0x3eb main.main() /opt/SourcePoint/SourcePoint.go:269 +0xdd3

root@c2:/opt# SourcePoint/SourcePoint -Yaml /opt/sourcepoint.yml

   _____                            ____        _       __ 
  / ___/____  __  _______________  / __ \____  (_)___  / /_
  \__ \/ __ \/ / / / ___/ ___/ _ \/ /_/ / __ \/ / __ \/ __/
 ___/ / /_/ / /_/ / /  / /__/  __/ ____/ /_/ / / / / / /_  
/____/\____/\__,_/_/   \___/\___/_/    \____/_/_/ /_/\__/  
                        (@Tyl0us)

[] Preparing Varibles... [] Building Profile... [!] Host Staging Is Disabled - Staged Payloads Are Not Available But Your Beacon Payload Is Not Available To Anyone That Connects [] Beacon DLL Spoofed To: BingMaps.dll [] Post-Ex Process Name: dtdump.exe [!] Beacon Shellcode Will Obfuscate Beacon in Memory Prior to Sleeping [!] syscall method selected [*] Seleted Profile: [+] Profile Generated: random.profile [+] Happy Hacking

Tylous commented 9 months ago

Ah I see the problem image

I am iterating through the wrong const. Ill update it shortly.

Tylous commented 9 months ago

just pushed a new update to address this.

superuser5 commented 9 months ago

thank you for fixing so fast, still getting error:

I have modified sample config with other values and sometimes i am not sure which settings causes error.

Sample:

https://raw.githubusercontent.com/Tylous/SourcePoint/main/Sample.yaml

my config that causes error:

Stage: "False"
Host: "domain.com"
Keystore: 
Password: 
Metadata: "netbios"
Injector: "VirtualAllocEx"
Outfile: "/opt/my.profile"
PE_Clone: 1
Profile: 1
Allocation: 5312
Jitter: 1
Debug: true
Sleep: 1
Uri: 1
Useragent:  "Win10Chrome"
Post-EX Processname: 18
Datajitter: 1
Keylogger: "SetWindowsHookEx"
Customuri: 
CDN:
CDN_Value: 
ProfilePath:
Syscall_method: Indirect
Httplib: 
ThreadSpoof: True
Customuri: 
CustomuriGET: 
CustomuriPOST:
Forwarder: True
TasksMaxSize: 
TasksProxyMaxSize:
TasksDnsProxyMaxSize:

Error:

# ./SourcePoint -Yaml /opt/sourcepoint.yml

       _____                            ____        _       __ 
      / ___/____  __  _______________  / __ \____  (_)___  / /_
      \__ \/ __ \/ / / / ___/ ___/ _ \/ /_/ / __ \/ / __ \/ __/
     ___/ / /_/ / /_/ / /  / /__/  __/ ____/ /_/ / / / / / /_  
    /____/\____/\__,_/_/   \___/\___/_/    \____/_/_/ /_/\__/  
                            (@Tyl0us)

[*] Preparing Varibles...
panic: runtime error: index out of range [17] with length 15

goroutine 1 [running]:
github.com/Tylous/SourcePoint/Loader.GeneratePostProcessName({0xc000012770, 0x2}, {0xc0000127a0, 0x10}, 0x1)
    /opt/SourcePoint/Loader/Loader.go:218 +0x3df
github.com/Tylous/SourcePoint/Loader.GenerateOptions({_, _}, {_, _}, {_, _}, {_, _}, {0x6d6808, 0x1}, ...)
    /opt/SourcePoint/Loader/Loader.go:84 +0x29b
main.main()
    /opt/SourcePoint/SourcePoint.go:269 +0xdd3
root@cc:/opt/SourcePoint#
Tylous commented 9 months ago

Just pushed a fix for this.

superuser5 commented 9 months ago

thanks, this fixed.