Closed ghost closed 3 years ago
Sorry this is happening, is this for custom profiles, and how are you defining the specific URI via Yaml or command line. There should be a check to make sure a / is added if none is provided so I wondering where this bug is occuring?
i just used project to create profile with minimal inputs. I didnt define any uri (I think). looked like it just created a random string.
quick glance at code maybe a fix at https://github.com/Tylous/SourcePoint/blob/2933bb33c55ac67b076a70d62b5d978799ec7061/Utils/Utils.go#L107
cant say for sure . Ill try it tomorrow. if it works ill submit a pull
I'll do some testing tonight to make it more user input aware.
found the cmdline i used in histroy ./SourcePoint -Outfile out -Host {SECRET.IP} -Injector NtMapViewOfSection
when i tried to add the '/' char to Utils.go on line 170 it worked as desired. ill do pull
I will test tonight to make sure it is good before merging.
Unfortunately, your PR doesn't work as hoped.
It turns out the issue is actually rooted in the URI related to the profile when a profile is not specified. I have addressed this and will be pushing the code out shortly.
Update: I will be pushing an update tomorrow to address this.
Issue addressed in patch 1.3
Closing issue as it was addressed in patch 1.3 please feel to re-open if the issue persists.
The project (when i used it) creates a valid c2 profile execpt that the http.get and http.post sections for the uri forget a '/' char and add a space at the end(which is not a bug just odd)
for example:
Example Currently being generated by profile:
uri "sdfghjk "
Example of what I did to fix it on the test generated profile:
uri "/sdfghjk"
this causes beacon to never check in properly with the coded http c2 method for the profile i generated. This can be observed in the web log