iknowjason / AutomatedEmulation

An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed.
MIT License
161 stars 34 forks source link

caldera agent port issue #1

Open pravingit opened 5 months ago

pravingit commented 5 months ago

hi, we tried to install the agent however getting below error-

Exception calling "DownloadData" with "1" argument(s): "The underlying connection was closed: An unexpected error occurred on a send." At line:1 char:178

iknowjason commented 5 months ago

Hi @pravingit

Where are you seeing this error?

The Caldera sandcat agent should automatically register using the powershell script here:

files/windows/caldera.ps1.tpl

After the Windows system boots up, can you share with me the output from the file:

C:\Terraform\caldera_log.log
pravingit commented 4 months ago

hi @iknowjason , actually I am installing the agent file on one of the win server i.e. Win2k19, during the agent execution getting attached error. there is no any logs I can find to trace.

agent port (8888) is reachable from the server.

can you please suggest here on priority. caldera error

iknowjason commented 4 months ago

Ok let me rephrase the question. Is the win server you are trying to install the agent included with the range automatically or are you trying to install on a different server?

It looks like a completely different windows system. I can't see what command you are trying to use to install the agent. Can you share that? The easiest way to install is go into the agents area of caldera console and copy and paste the windows powershell command into an admin pwsh session.

pravingit commented 4 months ago

Hi @iknowjason Yes it is different windows server 2019. below is the command copy from agent of caldera console and paste in windows server 2019 Powershell terminal. sharing attached command which I had run on terminal.. caldera error_1

Do I need to run this command as a administrator in powershell terminal because getting error when tried to run as normal user account?

iknowjason commented 4 months ago

So you are able to access port 8888 from the windows server. Ok if you copy and paste that command, show me the actual error. The first error showed it trying to run from c:\bas.exe but caldera console shows it running from public directory. So something is different there? If you get the error that the system can't find the file, check if the file exists? Can you show me the error from it running from that public directory? Next is to make sure an EDR or endpoint security is not blocking or preventing it from running. Completely disable all AV and endpoint security.

This works on the windows system that builds in my projects range. You are installing this on a different system, could be one of several issues. I don't have access to your system, but it works on my project. You might also want to open up a ticket with caldera project to see if they know. This is outside of an issue related to my project.

iknowjason commented 4 months ago

Oh yes!!! You need to run as administrator powershell session! That could be it. Sorry I missed that on your last.

pravingit commented 4 months ago

Thanks @iknowjason let me run with admin PWSH mode the given command and will come back on Monday.

iknowjason commented 4 months ago

Hi @pravingit Did you confirm that this works now?

pravingit commented 4 months ago

Hi @pravingit Did you confirm that this works now?

HI @iknowjason Nope. same issue. I tried to execute the script from the whitelisted directory using admin in PSH session but the issue remains same. PFB snap for your reference. I can able to connect/telnet to caldera management IP on port 8888. is there possibility of EDR blocking the request because as per EDR team they have allowed in detection mode.. disabled prevent/quarantined policy for the folder where the scripts are running.

caldera error_2

iknowjason commented 4 months ago

Hi @pravingit I"m sorry for the delayed response. Yes, I think the EDR or something is still blocking this. Looking at your screen shot above, there is an error indicating that the C:\bas\bas.exe system path can't be found. That is a clue. Can you look in that directory and see if the file exists? If not, that is a clue. Why can't the file be downloaded?