Error executing modules

[sno0ose]

Just saw these errors come across my sessions - TypeError: 'NoneType' object is not subscriptable it is affecting modules powershell/situational_awareness/network/powerview/get_group_member, powershell/situational_awareness/network/powerview/find_localadmin_access

Using Empire Version 2.4 DeathStar latest commit 17a618d

Errors seen below: Agent: 7FBR3X7P => Error executing module 'powershell/situational_awareness/network/powerview/get_group_member': {'error': 'invalid module option'} Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "./DeathStar.py", line 58, in run self.run_backup() File "/usr/lib/python3.6/threading.py", line 864, in run self._target(*self._args, **self._kwargs) File "./DeathStar.py", line 570, in pwn_the_shit_out_of_everything recon(agent_name) File "./DeathStar.py", line 494, in recon for member in get_group_member(agent_name, group_sid=domain_sid + '-512'): File "./DeathStar.py", line 222, in get_group_member results = execute_module_with_results('powershell/situational_awareness/network/powerview/get_group_member', agent_name, module_options) File "./DeathStar.py", line 179, in execute_module_with_results if entry['taskID'] == r['taskID']: TypeError: 'NoneType' object is not subscriptable

[-] Agent: 1XTU19F7 => Error executing module 'powershell/situational_awareness/network/powerview/find_localadmin_access': {'error': 'invalid module option'} Exception in thread Thread-4: Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "./DeathStar.py", line 58, in run self.run_backup() File "/usr/lib/python3.6/threading.py", line 864, in run self._target(*self._args, **self._kwargs) File "./DeathStar.py", line 531, in spread for box in find_localadmin_access(agent_name, no_ping=True, threads=args.threads): File "./DeathStar.py", line 292, in find_localadmin_access results = execute_module_with_results('powershell/situational_awareness/network/powerview/find_localadmin_access', agent_name, module_options) File "./DeathStar.py", line 179, in execute_module_with_results if entry['taskID'] == r['taskID']: TypeError: 'NoneType' object is not subscriptable

It just hangs after this. Wondering if any others have seen it or it is just my issue.

[BornBrazen]

I am also getting a similar error

[sigilli]

It turns out that these modules inside Empire no longer have a few options. For example: the "Threads" option has been removed. So when DeathStar passes some of those removed properties, error. I'm editing Deathstar.py right now to see if I can create a workaround.

[BornBrazen]

That is great - thank you!

[sigilli]

Ive pretty much given up for now, tbh.

[BornBrazen]

NOOOO! Totally understand though....

[sigilli]

If you comment the whole thing like module_options {

things1

    #things2

} it stops giving you an error, then the next module does the same. If you go repeating the process you'll end eventually somewhere. BUT since many things actually depend on user_hunter and get_group_name, you're toast

[BornBrazen]

That sucks... I will also take a look later when I get some time to see if there is a possible solution...

[sigilli]

A few of them only return error because they use Threads and NoPing, which are no longer available on Empire. Those will work if you comment both module_options lines. I think "find_localadmin_access" is an example.

I'm pretty sure the Red Line saying something wrong with the Agent and not finding many things on those scans are both a cause of my comments.

Then again, I'm only testing.

[sigilli]

Confirmed that the modules that return most of the user and group names are not working thanks to my comments. That's why a good part of the enumeration doesn't find anything. But GroupName = group_name absolutely does not work. Or anything similar.

I can investigate those modules and check how they manage the IDs and names, but oh boy.

[BornBrazen]

I guess Empire changed a lot of crap Thank you for taken the time though

[sigilli]

Just want to report that today I did some testing Deathstar doesn't find any domain admin (my shell is a domain admin) then it runs mimikatz and finds the very account I'm using then it says it can't find domain admins then it runs mimikatz and finds the very account I'm using

oh you get it. Eternal-agent-making-loop =) that module is broken, or just our parameters.

[BornBrazen]

I haven't had a chance to look yet but hopefully I can over the weekend and see if I can figure anything out

[DanMcInerney]

I've been working on this all day. Fixing the module options is easy and I've deleted the nonexistant module options and replaced them with the right ones. At this point, it seems to be a parsing issue of module output. Like get_domain_sid returns only "Job started xxx" output for some reason.

[DanMcInerney]

I have fixed everything I think. I found more bugs in Empire than I did in DeathStar...

Check my fork or just wait til byt3bl33d3r accepts the PR which I think he'll do pretty quickly.

[byt3bl33d3r]

50 should have resolved this, if not comment below. Thanks again @DanMcInerney !