search

mitre / caldera

Automated Adversary Emulation Platform
https://caldera.mitre.org
Apache License 2.0
5.34k stars 1.03k forks source link

Missing payloads in the EMU plugin when starting server.py #2702

Closed EmmaMel closed 1 year ago

EmmaMel commented 1 year ago

Hi,

I'm attempting to configure Caldera 4.1.0 on Ubuntu 22.04. I am encountering the following error after enabling the EMU plugin:

2022-12-04 09:08:57 - INFO  (server.py:124 <module>) Using main config from conf/local.yml
2022-12-04 09:08:58 - WARNING (warnings.py:109 _showwarnmsg) /home/caldera/caldera/server.py:55: DeprecationWarning: There is no current event loop
  loop = asyncio.get_event_loop()

2022-12-04 09:08:58 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2022-12-04 09:08:58 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2022-12-04 09:08:58 - INFO  (app_svc.py:116 load) Enabled plugin: mock
2022-12-04 09:08:58 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2022-12-04 09:08:58 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2022-12-04 09:08:58 - INFO  (app_svc.py:116 load) Enabled plugin: response
2022-12-04 09:08:58 - INFO  (app_svc.py:116 load) Enabled plugin: ssl
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2022-12-04 09:08:59 - ERROR (human_svc.py:52 _load_workflow_module) Error loading extension=plugins.human.pyhuman.app.workflows.open_office_writer, 'DISPLAY'
2022-12-04 09:08:59 - ERROR (human_svc.py:52 _load_workflow_module) Error loading extension=plugins.human.pyhuman.app.workflows.open_office_calc, 'DISPLAY'
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: human
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: access
2022-12-04 09:08:59 - ERROR (c_plugin.py:70 enable) Error enabling plugin=builder, ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: builder
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: training
2022-12-04 09:08:59 - INFO  (app_svc.py:116 load) Enabled plugin: gameboard
2022-12-04 09:09:00 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload nbtscan.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:00 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload rubeus.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:00 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload secretsdump.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:00 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload adfind.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload tcping.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload PsExec.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload dumpWebBrowserCreds.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload wmiexec.vbs within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload putty.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload netsess.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload OutlookScraper.dll within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload psexec_sandworm.py within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload wce.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload ryuk.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload dnscat2.ps1 within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - WARNING (emu_svc.py:279 _store_required_payloads) Could not find payload psexec.exe within plugins/emu/data/adversary-emulation-plans.
2022-12-04 09:09:01 - INFO  (app_svc.py:116 load) Enabled plugin: emu
2022-12-04 09:09:01 - INFO  (logging.py:92 log) Creating SSH listener on 0.0.0.0, port 8022
2022-12-04 09:09:01 - INFO  (server.py:741 start) serving on 0.0.0.0:2222
2022-12-04 09:09:04 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b8ad9654-80a1-4fde-b2d4-c0de7648621c but not found: ryuk.exe
2022-12-04 09:09:04 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b80ca347-2d2a-4e33-8683-1975cda6664f but not found: OutlookScraper.dll
2022-12-04 09:09:04 - WARNING (data_svc.py:456 _verify_abilities) Missing required field in ability 690e889f-5844-473e-98c5-c90c9f1772dc: description
2022-12-04 09:09:04 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a438a2a-c95b-4fd2-a29f-8b1250fc3adc but not found: dumpWebBrowserCreds.exe
2022-12-04 09:09:06 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 3de63509-4171-488f-8938-ce346677a5a6 but not found: rubeus.exe
2022-12-04 09:09:06 - INFO  (hook.py:58 build_docs) Docs built successfully.
2022-12-04 09:09:06 - WARNING (hook.py:29 _check_using_default_cert) Insecure SSL private key and certificate in use. Consider generating and using your own to improve security. Please see documentation.
2022-12-04 09:09:06 - INFO  (server.py:72 run_tasks) All systems ready.

All steps provided in the documentation were followed to configure the py server. I have also run the download_payloads.sh script prior to starting the server, in addition to deleting and reinstalling this version multiple times but am still encountering the same issue every time.

Any comments are most welcome! Many thanks :)

elegantmoose commented 1 year ago

@EmmaMel What did the output of download_payloads.sh look like?

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days