Lock up on campaign launch

alecisec commented 5 years ago

Currently running 7,1 release, all seems OK until I launch the campaign, I did have to manually create the users table in the DB and suspect it may be related to that. This is using AWS 'serverless' RDS (MySQL compatible)

172.17.0.4 - - [01/Aug/2019:03:42:54 +0000] "POST /api/campaigns/?api_key=1976819f2281a5f5e54e8e74718d9c62c301fee14e5a9c30a49b4efba488a3 HTTP/1.0" 201 1310 "https://gophish.t2sjthqs75.ap-southeast-2.elasticbeanstalk.com:3333/campaigns" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"

03:42:54 panic: runtime error: index out of range

03:42:54 goroutine 1165 [running]:

03:42:54 github.com/gophish/gophish/mailer.(*MailWorker).Start.func1(0xb5a180, 0xc420210140, 0x107d5d0, 0x0, 0x0)

03:42:54 /go/src/github.com/gophish/gophish/mailer/mailer.go:86 +0xe3

03:42:54 created by github.com/gophish/gophish/mailer.(*MailWorker).Start

03:42:54 /go/src/github.com/gophish/gophish/mailer/mailer.go:85 +0x81

alecisec commented 5 years ago

The users table looks like this:

mysql> describe users; +----------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | username | varchar(100) | NO | UNI | NULL | | | hash | varchar(100) | YES | | NULL | | | api_key | varchar(100) | NO | UNI | NULL | | +----------+--------------+------+-----+---------+----------------+ 4 rows in set (0.00 sec)

jordan-wright commented 5 years ago

I did have to manually create the users table in the DB and suspect it may be related to that.

That indicates to me that something is wrong with the database connection being used. The error you posted roughly suggests that the mailer received a campaign that had no recipients, which is very odd indeed.

My best recommendation at this point would be to see if the problem occurs with a traditional MySQL instance. If it does, then we can get more information about the campaign your launching to continue troubleshooting.

alecisec commented 5 years ago

Works fine on a normal MySQL DB

This is now the AWS DB looks

mysql> describe mail_logs; +--------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | campaign_id | int(11) | YES | | NULL | | | user_id | int(11) | YES | | NULL | | | send_date | datetime | YES | | NULL | | | send_attempt | int(11) | YES | | NULL | | | r_id | varchar(255) | YES | | NULL | | | processing | tinyint(1) | YES | | NULL | | +--------------+--------------+------+-----+---------+----------------+ 7 rows in set (0.00 sec)

alecisec commented 5 years ago

I've tried starting from scratch with a new database and the 7.1 release - I'm now getting an error

time="2019-08-05T06:04:49Z" level=warning msg="No contact address has been configured." time="2019-08-05T06:04:49Z" level=warning msg="Please consider adding a contact_address entry in your config.json" time="2019-08-05T06:04:49Z" level=info msg="Background Worker Started Successfully - Waiting for Campaigns" goose: migrating db environment 'production', current version: 0, target: 20180830215615 2019/08/05 06:04:49 FAIL 20160118194630_init.sql (Error 1071: Specified key was too long; max key length is 767 bytes), quitting migration.

Is gophish not compatible with mysql 5.6.x ?

toniopelo commented 2 years ago

I do have the same problem, and I am using AWS Aurora as well (but compatible with mysql 8.0.23)

gophish_1          | panic: runtime error: index out of range [0] with length 0
gophish_1          | 
gophish_1          | goroutine 206 [running]:
gophish_1          | github.com/gophish/gophish/mailer.(*MailWorker).Start.func1(0xcdc820, 0xc0000aa010, 0x117d7d8, 0x0, 0x0)
gophish_1          |    /go/src/github.com/gophish/gophish/mailer/mailer.go:85 +0xe5
gophish_1          | created by github.com/gophish/gophish/mailer.(*MailWorker).Start
gophish_1          |    /go/src/github.com/gophish/gophish/mailer/mailer.go:84 +0x85

I'll try to investigate further and come back here if I find something useful. Did you solve your problem @alecisec ?

toniopelo commented 2 years ago

My best recommendation at this point would be to see if the problem occurs with a traditional MySQL instance. If it does, then we can get more information about the campaign your launching to continue troubleshooting.

@jordan-wright It happens even on a traditional MySQL instance (using mysql latest docker hub image)

toniopelo commented 2 years ago

Ok, I finally found the problem here.

Probelm

When a campaign is supposed to be sent immediately, it goes through PostCampaign here
The campaign model is then created and persisted in database along with rows in the mail_logs table that represent each mail that should be sent with the send_date.
Then, because the campaign should start immediately, it goes through LaunchCampaign here where we directly fetch the rows from the mail_logs and send what should be sent instead of waiting the next time the worker will poll the database to send them (every minutes).
The problem is here inside LaunchCampaign. Because we fetched the mail_logs and we are most probably in the same second than the time we inserted it, and because on mysql the send_date field is set to DATETIME which doesn't take milliseconds into account, we can end up with a send_date a few milliseconds later than current time because mysql will round the DATETIME up to the upper second if milliseconds are > 500ms. That will cause the mailEntries array to be empty and will then fail in the worker when trying to access mailEntries[0] and bring gophish down.

Soluce

Update mysql schema to accept milliseconds, you can use the following statement :

ALTER TABLE `gophish`.`mail_logs` MODIFY send_date DATETIME(3);

glennzw commented 2 years ago

Hi @toniopelo - this is some great detective work, very nicely done!

Would you be able to test this on a later version? The docker image is a little old.

Also, could you help me reproduce the steps to cause this crash

glennzw commented 1 year ago

I've updated the docker images so you can test on the latest

toniopelo commented 1 year ago

@glennzw Sorry for the delay! My investigations were made on the latest version at the time of writing. I did fix the Dockerfile for that and I was going to open a PR about it but you did it already so that's fine now :).

gophish / gophish

Lock up on campaign launch #1528

Probelm

Soluce