Closed Aledangelo closed 1 year ago
elegantmoose
commented
2 years ago @Aledangelo Did you confirm the plugin were recursively cloned as well?
Also sometimes plugins will not get installed correctly if there requirements are not installed with a specific 'pip install -r
Aledangelo
commented
2 years ago I think so. For the caldera installation I just installed golang and the python modules described in the requirements.txt file. For the EMU plugin I ran the download_payloads.sh script. Did I miss any steps for the correct installation of the plugin?
Aledangelo
commented
2 years ago I have installed the dependencies described in all 'requirements.txt' file of this project, but this error still appear
christophert
commented
2 years ago What OS are you on? Have you installed the OS-level dependencies required in mitre/emu?
Ubuntu: apt-get install zlib1g
MacOS: homebrew install zlibI'm using Kali Linux, I've tried to install zlib1g and its output says that I have the most recent version already installed
github-actions[bot]
commented
1 year ago This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days
elegantmoose
commented
1 year ago @Aledangelo any luck?
Aledangelo
commented
1 year ago @elegantmoose I deleted and reinstalled Caldera and this error never appeared again
How can I solve this? I'm using Python 3.10.7 This is part of logs when I start Caldera:
OSError: error opening mimikatz.exe
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/home/ale/caldera/plugins/emu/data/adversary-emulation-plans/carbanak/Resources/utilities/crypt_executables.py", line 149, in
main()
File "/home/ale/caldera/plugins/emu/data/adversary-emulation-plans/carbanak/Resources/utilities/crypt_executables.py", line 137, in main
zip_decrypt_file(file, password)
File "/home/ale/caldera/plugins/emu/data/adversary-emulation-plans/carbanak/Resources/utilities/crypt_executables.py", line 78, in zip_decrypt_file
pyminizip.uncompress(file_to_decrypt, password, dst_directory, 0)
SystemError: returned a result with an exception set
2022-09-20 15:38:16 - ERROR (emu_svc.py:62 decrypt_payloads) None
2022-09-20 15:38:16 - ERROR (c_plugin.py:70 enable) Error enabling plugin=emu, Command '['/usr/bin/python3', 'plugins/emu/data/adversary-emulation-plans/carbanak/Resources/utilities/crypt_executables.py', '-i', 'plugins/emu/data/adversary-emulation-plans/carbanak/Resources', '-p', 'malware', '--decrypt']' returned non-zero exit status 1.
And later I have a lot of warning for missing payload (of emu plugin) like these:
2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in 4b1748e5-532c-453c-b195-557ce5550fef but not found: psexec.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: m.exe 2022-09-20 15:38:21 - WARNING (data_svc.py:447 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1 .....