Cannot get past login page

[googlier325]

Describe the bug Unable to login using default login on port 8888

To Reproduce Steps to reproduce the behavior:

1. Entered red:admin, admin:admin, blue:admin
2. Tried passwords on local.yml also

Expected behavior Log into the first screen

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows, Ubuntu 20.04 LTS
• Browser Edge, Chrome, Firefox
• Version latest version

Additional context after launching main.py with debugging, insecure, build

2024-02-25 06:11:36 WARNING --insecure flag set. Caldera will use the default user accounts in default.yml config file. server.py:216 INFO Using main config from conf/default.yml server.py:225 DEBUG Loaded 2 parsers learning_svc.py:20 2024-02-25 06:11:37 INFO Building VueJS front-end. server.py:261

up to date, audited 1071 packages in 2s

153 packages are looking for funding run npm fund for details

1 moderate severity vulnerability

To address all issues (including breaking changes), run: npm audit fix --force

Run npm audit for details.

magma@0.0.0 build node prebundle.js && vite build

Copying all plugin GUI source files to magma Copying over "access" files... Copying over "atomic" files... Copying over "builder" files... Copying over "compass" files... Copying over "debrief" files... Copying over "emu" files... Copying over "gameboard" files... Copying over "human" files... Copying over "manx" files... Copying over "response" files... Copying over "sandcat" files... Copying over "ssl" files... Copying over "stockpile" files... Copying over "training" files... Plugin GUI source files copied! vite v2.9.17 building for production... ✓ 1481 modules transformed. dist/assets/favicon.cc1c341b.ico 69.07 KiB dist/assets/caldera-logo.6a24b35b.png 16.51 KiB dist/assets/caldera-logo-mtn.88f0ff8a.png 36.07 KiB dist/assets/darwin-icon-privileged.ffa7a1c2.svg 0.68 KiB dist/assets/darwin-icon.95280721.svg 0.67 KiB dist/assets/linux-icon-privileged.d1ede01c.svg 3.66 KiB dist/assets/linux-icon.df96f069.svg 3.65 KiB dist/assets/windows-icon-privileged.e4e076e8.svg 0.39 KiB dist/assets/windows-icon.2e7338a5.svg 0.37 KiB dist/index.html 0.46 KiB dist/assets/access.a0a503d9.js 12.71 KiB / gzip: 3.97 KiB dist/assets/atomic.67a3e273.js 1.05 KiB / gzip: 0.62 KiB dist/assets/builder.7f422b3e.js 1.08 KiB / gzip: 0.63 KiB dist/assets/compass.ad30b927.js 5.22 KiB / gzip: 2.22 KiB dist/assets/debrief.166c248a.js 27.75 KiB / gzip: 7.22 KiB dist/assets/emu.40c251f3.js 1.56 KiB / gzip: 0.70 KiB dist/assets/gameboard.01aa0461.js 21.79 KiB / gzip: 6.09 KiB dist/assets/sandcat.e3e90fa8.js 0.68 KiB / gzip: 0.44 KiB dist/assets/human.615d442d.js 11.80 KiB / gzip: 3.46 KiB dist/assets/response.4fea73b3.js 1.60 KiB / gzip: 0.83 KiB dist/assets/manx.d044addc.js 6.11 KiB / gzip: 2.27 KiB dist/assets/stockpile.730486f7.js 1.61 KiB / gzip: 0.76 KiB dist/assets/gameboard.430857df.css 2.01 KiB / gzip: 0.68 KiB dist/assets/compass.4b402f52.css 0.12 KiB / gzip: 0.12 KiB dist/assets/debrief.854158fe.css 0.79 KiB / gzip: 0.34 KiB dist/assets/human.d7b43e12.css 2.31 KiB / gzip: 0.78 KiB dist/assets/response.9692d0ec.css 0.20 KiB / gzip: 0.13 KiB dist/assets/training.9d43ffbb.css 3.86 KiB / gzip: 1.06 KiB dist/assets/manx.fdacbfd3.css 3.11 KiB / gzip: 1.51 KiB dist/assets/training.35b91e34.js 8.51 KiB / gzip: 3.33 KiB dist/assets/access.b689ce59.css 0.32 KiB / gzip: 0.20 KiB dist/assets/ssl.363b7b54.js 0.98 KiB / gzip: 0.62 KiB dist/assets/index.ad437303.css 248.24 KiB / gzip: 33.79 KiB dist/assets/index.b6169022.js 1665.65 KiB / gzip: 535.85 KiB

(!) Some chunks are larger than 500 KiB after minification. Consider:

• Using dynamic import() to code-split the application
• Use build.rollupOptions.output.manualChunks to improve chunking: https://rollupjs.org/guide/en/#outputmanualchunks

• Adjust chunk size limit for this warning via build.chunkSizeWarningLimit. 2024-02-25 06:11:51 INFO VueJS front-end build complete. server.py:264 2024-02-25 06:11:52 DEBUG Collision in ability name detected for 5e3512c73a461c17ddcb1cc0bbdbeef9 and 52928f462ea8f5fa617aa8c815f5598b (WinPwn - PowerSharpPack - Kerberoasting Using Rubeus). Modifying name of the second ability to WinPwn - c_ability.py:103 PowerSharpPack - Kerberoasting Using Rubeus (2)... DEBUG Collision in ability name detected for 9bd17863cd45f82002a6f011de139363 and ab44803d5a9c299258efff185b0f70b5 (rc.common). Modifying name of the second ability to rc.common (2)... c_ability.py:103 DEBUG Collision in ability name detected for 5ac7f6ec1898d8d408f9cdc687262cc7 and 7db784562afbea0265fcafc4243b66de (Exfiltration Over Alternative Protocol - SSH). Modifying name of the second ability to Exfiltration Over Alternative c_ability.py:103 Protocol - SSH (2)... DEBUG Collision in ability name detected for 26d3702887944abcc64b406baf8f8e43 and 68a0a328719faa26fff5b92e18108b3f (Enumerate users and groups). Modifying name of the second ability to Enumerate users and groups (2)... c_ability.py:103 DEBUG Collision in ability name detected for c84a57391dbc724dc51436deb3e0ca00 and e0c75b4cc32124ef4c61508694fd0808 (Get-DomainUser with PowerView). Modifying name of the second ability to Get-DomainUser with PowerView (2)... c_ability.py:103 DEBUG Collision in ability name detected for 44705da4b28c8fa57fc2a2940b34565a and b73d58b20bcb138a26175f240cca9de2 (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)... c_ability.py:103 DEBUG Collision in ability name detected for dca8b042fcdffcc1f5cddcff4122c434 and b73d58b20bcb138a26175f240cca9de2 (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)... c_ability.py:103 DEBUG Collision in ability name detected for 4370001012f5f0df001269627b4737e9 and 942316dc6a362e44b248a872e5f42c92 (System Owner/User Discovery). Modifying name of the second ability to System Owner/User Discovery (2)... c_ability.py:103 DEBUG Collision in ability name detected for 3bfd3a51f3c7352d7c6c6c785d01e5f7 and 9bd1997d793d0ac5b1aea4888c75c932 (Loadable Kernel Module based Rootkit). Modifying name of the second ability to Loadable Kernel Module based Rootkit c_ability.py:103 (2)... DEBUG Collision in ability name detected for 4d4b29abb6b1e580e33c0035c1fc37ad and f674301b84ea3344f119270bf7bb97cd (rm -rf). Modifying name of the second ability to rm -rf (2)... c_ability.py:103 DEBUG Collision in ability name detected for 2488245e-bcbd-405d-920e-2de27db882b3 and 1d3cb1429f530cb89f41c65e57f03db4 (Query Registry). Modifying name of the second ability to Query Registry (2)... c_ability.py:103 DEBUG Collision in ability name detected for fcf71ee3-d1a9-4136-b919-9e5f6da43608 and 3838447b079b302fe75b700a70163815 (Clear Logs). Modifying name of the second ability to Clear Logs (2)... c_ability.py:103 DEBUG Collision in ability name detected for b1d41972-3ad9-4aa1-8f7f-05f049a2980e and 10a9d979-e342-418a-a9b0-002c483e0fa6 (Start 54ndc47). Modifying name of the second ability to Start 54ndc47 (2)... c_ability.py:103 DEBUG Restored data from persistent storage data_svc.py:116 DEBUG There are 0 jobs in the scheduler data_svc.py:117 DEBUG Restored data from persistent storage base_knowledge_svc.py:308 DEBUG Registered contact: html contact_svc.py:38 DEBUG Registered contact: gist contact_svc.py:38 DEBUG Registered contact: dns contact_svc.py:38 DEBUG Registered contact: websocket contact_svc.py:38 DEBUG Registered contact: udp contact_svc.py:38 DEBUG Registered contact: tcp contact_svc.py:38 DEBUG Registered contact: slack contact_svc.py:38 DEBUG Registered contact: ftp contact_svc.py:38 DEBUG Registered contact: http contact_svc.py:38 DEBUG Registered contact tunnel: ssh_tunneling contact_svc.py:53 INFO Invalid Github Gist personal API token provided. Gist C2 contact will not be started. contact_gist.py:70 INFO Generating temporary SSH private key. Was unable to use provided SSH private key tunnel_ssh.py:26 DEBUG Configuration (agents) update, setting deployments=['0ab383be-b819-41bf-91b9-1bd4404d83bf', '1837b43e-4fff-46b2-a604-a602f7540469', '356d1722-7784-40c4-822b-0cf864b0b36d', '2f34977d-9558-4c12-abad-349716777c6b'] base_world.py:46 INFO Enabled plugin: response app_svc.py:116 INFO Enabled plugin: training app_svc.py:116 INFO Enabled plugin: atomic app_svc.py:116 ERROR Error importing plugin=builder, No module named 'docker' c_plugin.py:91 ERROR Error loading plugin=builder, 'NoneType' object has no attribute 'description' c_plugin.py:59 INFO Enabled plugin: manx app_svc.py:116 INFO Enabled plugin: access app_svc.py:116 INFO Enabled plugin: compass app_svc.py:116 INFO Enabled plugin: debrief app_svc.py:116 INFO Enabled plugin: fieldmanual app_svc.py:116 INFO Enabled plugin: stockpile app_svc.py:116 DEBUG Loaded gocat extension module: donut sand_svc.py:94 DEBUG Loaded gocat extension module: proxy_http sand_svc.py:94 DEBUG Loaded gocat extension module: shared sand_svc.py:94 DEBUG Loaded gocat extension module: slack sand_svc.py:94 2024-02-25 06:11:53 DEBUG Loaded gocat extension module: dns_tunneling sand_svc.py:94 DEBUG Loaded gocat extension module: native sand_svc.py:94 DEBUG Loaded gocat extension module: shellcode sand_svc.py:94 DEBUG Loaded gocat extension module: shells sand_svc.py:94 INFO Enabled plugin: sandcat app_svc.py:116 INFO Creating SSH listener on 0.0.0.0, port 8022 logging.py:92 INFO serving on 0.0.0.0:2222 server.py:741 WARNING Unable to properly load .donut for payload plugins.stockpile.app.donut.donut_handler due to failed import data_svc.py:436 WARNING upx does not meet the minimum version of 0.0.0. Upx is an optional dependency which adds more functionality. app_svc.py:171 2024-02-25 06:11:59 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ff78708e0e18d31c0be7a2be295158ec c_adversary.py:90 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 6fdc9037290299164d52b65219d628ef c_adversary.py:90 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ae21aefd2d9933df45a4e55485fbc333 c_adversary.py:90 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: d8f4e4e10f4d6da1b174bb18cb859e6c c_adversary.py:90 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 86ab6d7ecc05b7dabc7699a9e6a0a173 c_adversary.py:90 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 5c922d92f383656401d5633ca23db497 c_adversary.py:90 WARNING Objective referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: c495a9828-cab1-44dd-a0ca-66e58177d8c. Setting default objective. c_adversary.py:95 2024-02-25 06:12:00 INFO Docs built successfully. hook.py:58 DEBUG Using default login handler. auth_svc.py:209 DEBUG Created authentication group: blue auth_svc.py:72 DEBUG Created authentication group: red auth_svc.py:72 DEBUG = connection is CONNECTING protocol.py:255 DEBUG > GET /system/ready HTTP/1.1 client.py:115 DEBUG > Host: 0.0.0.0:7012 client.py:117 DEBUG > Upgrade: websocket client.py:117 DEBUG > Connection: Upgrade client.py:117 DEBUG > Sec-WebSocket-Key: XW9AJqYM66vHUKndR95Y4A== client.py:117 DEBUG > Sec-WebSocket-Version: 13 client.py:117 DEBUG > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits client.py:117 DEBUG > User-Agent: Python/3.8 websockets/11.0.3 client.py:117 DEBUG < HTTP/1.1 101 Switching Protocols client.py:148 DEBUG < Upgrade: websocket client.py:150 DEBUG < Connection: Upgrade client.py:150 DEBUG < Sec-WebSocket-Accept: xzmuoWNPsdPanDCo/AmBgQq9y9s= client.py:150 DEBUG < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12 client.py:150 DEBUG < Date: Sun, 25 Feb 2024 06:12:00 GMT client.py:150 DEBUG < Server: Python/3.8 websockets/11.0.3 client.py:150 DEBUG = connection is OPEN protocol.py:356 DEBUG < CLOSE 1000 (OK) [2 bytes] protocol.py:1168 DEBUG = connection is CLOSING protocol.py:1223 DEBUG > CLOSE 1000 (OK) [2 bytes] protocol.py:1174 DEBUG = connection is CLOSED protocol.py:1494 INFO All systems ready. server.py:101

  ██████╗ █████╗ ██╗ ██████╗ ███████╗██████╗ █████╗ ██╔════╝██╔══██╗██║ ██╔══██╗██╔════╝██╔══██╗██╔══██╗ ██║ ███████║██║ ██║ ██║█████╗ ██████╔╝███████║ ██║ ██╔══██║██║ ██║ ██║██╔══╝ ██╔══██╗██╔══██║ ╚██████╗██║ ██║███████╗██████╔╝███████╗██║ ██║██║ ██║ ╚═════╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝

              INFO     None                                                                                                                                                                                                                                  server.py:102

  2024-02-25 06:12:14 DEBUG Using login handler "Default Login Handler" for login auth_svc.py:101 DEBUG admin logging in auth_svc.py:155

[github-actions[bot]]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[googlier325]

2024-02-25 14:22:04 INFO new connection from 10.0.4.14:54112 server.py:888 2024-02-25 14:22:07 ERROR dispatcher caught exception server.py:964 ╭────────────────────────────────────────────────────────────────────────────────────── Traceback (most recent call last) ───────────────────────────────────────────────────────────────────────────────────────╮ │ /usr/local/lib/python3.8/dist-packages/aioftp/server.py:936 in dispatcher │ │ │ │ 933 │ │ │ │ connection.extra_workers -= done │ │ 934 │ │ │ │ for task in done: │ │ 935 │ │ │ │ │ try: │ │ ❱ 936 │ │ │ │ │ │ result = task.result() │ │ 937 │ │ │ │ │ except errors.PathIOError: │ │ 938 │ │ │ │ │ │ connection.response("451", "file system error") │ │ 939 │ │ │ │ │ │ continue │ │ │ │ /usr/local/lib/python3.8/dist-packages/aioftp/server.py:847 in parsecommand │ │ │ │ 844 │ │ """ │ │ 845 │ │ line = await stream.readline() │ │ 846 │ │ if not line: │ │ ❱ 847 │ │ │ raise ConnectionResetError │ │ 848 │ │ s = line.decode(encoding=self.encoding).rstrip() │ │ 849 │ │ cmd, , rest = s.partition(" ") │ │ 850 │ ╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ ConnectionResetError INFO closing connection from 10.0.4.14:54112

[elegantmoose]

Just confirming, you pulled down Master branch with --recursive flag (to pick up more recent plugins/magma submodule) ?

[nizzy714]

I had the same issue when pulling with --recursive flag and specifying --branch 5.0.0. However, when omitting a specific branch it worked as intended. Hope this helps.

[elegantmoose]

Master branch is what is getting the patches. Including this fix - https://github.com/mitre/caldera/issues/2881

[edenqyb]

hey, I have the same problem. I pulled master branch(using --recursive) and tried using Safari, Chrome and firefox but still can't login.(the server is on Ubuntu machine and I'm using it remotely using the ip)

[aut0exec]

Experiencing the same issue with a fresh pull of caldera this morning. Used git clone --recursive https://github.com/mitre/caldera.git. Ran though the build instructions in the readme. Get to the login page but typing in any credentials and submitting them results in nothing occurring. I've tried Chrome and Safari from a Mac via Caldera server's IP (Caldera is running on Devuan 5, npm version 9.2.0, golang 1.19).

[aut0exec]

Working now. Looks like I was running into this issue: https://github.com/mitre/caldera/issues/2885#issuecomment-1949646936

Here's what fixed it. 1) cp plugins/magma/.env.template plugins/magma/.env 2) Modified the VITE_CALDERA_URL to reflect the IP and protocol for my setup in plugins/magma/.env. Since I'm using the TLS (SSL) plugin, not running as root, and wanting port 443, I changed the line to VITE_CALDERA_URL=https://<CALDERA_IP> (some iptables things going on in the background to redirect 443 -> 8443) 3) python3 server.py --build

Is there a way to simply use a wildcard here rather than a hardcoded IP? I tried the typical 0.0.0.0 as the but it didn't work.

@edenqyb Sounds like it'll probably be the same issue you're running into from your setup's description.

--- EDIT ---- Looks like you can wildcard it. ReplacedVITE_CALDERA_URL=https://<CALDERA_IP> with simplyVITE_CALDERA_URL=https://. Then rebuilt withpython3 server.py --build and any IP seems to be able to connect to the Web UI now. Not sure if this is intended but it does work!

[googlier325]

Yep, @elegantmoose can confirm that I am pulling from the master branch

@aut0exec copy and edit the .env file to my actual ip address worked

[fitz003]

@aut0exec thanks for posting this, I had to make this change as well!

[morpheuslord]

hey, even I am facing this issue: and it is occurring in both Brave and Chrome:

https://github.com/mitre/caldera/assets/70637311/9a6d28ab-d424-41ee-88f4-f31c29087458

[ghismo89]

Me too and i have tryed everything written here

[morpheuslord]

Here's the inspect console view:

https://github.com/mitre/caldera/assets/70637311/81c5e2e6-8c6f-4f46-b69a-1e807837c79e

[ghismo89]

Same goes for me, even if i tryed everything that is said here

[alketshabani]

Not sure how you are trying but if it is with --insecure flag the default creds should not work. You should look for the creds that are generated in conf/local.yml

[morpheuslord]

Not sure how you are trying but if it is with --insecure flag the default creds should not work. You should look for the creds that are generated in conf/local.yml

I tried with both and none worked.

[chrisytharp]

has anyone got this working?

[morpheuslord]

I got fed up and am using a previous version of the tool.

[chrisytharp]

i figured out my issue: i ran

1. npm audit fix --force
2. cp plugins/magma/.env.template plugins/magma/.env
3. Modified the VITE_CALDERA_URL to reflect the IP and protocol for my setup in plugins/magma/.env. Since I'm using the TLS (SSL) plugin, not running as root, and wanting port 443, I changed the line to VITE_CALDERA_URL=https:// (some iptables things going on in the background to redirect 443 -> 8443)
4. python3 server.py --build --insecure

[codddddddd]

1. python3 server.py --insecure for access the server >>
2. Reached the caldera sign-in page as a localhost:8888
3. sign-in as a admin : admin

It's works for me.....

[elegantmoose]

@codddddddd @chrisytharp @morpheuslord @ghismo89 @alketshabani @fitz003 @googlier325 @aut0exec @nizzy714 We believe we fixed this issue with https://github.com/mitre/caldera/pull/2977. And we will now look at dockerfile for any required updates.

We really appreciate the active feedback and user testing.

And of course, reopen issue if still having it.

[morpheuslord]

Sure will check and get back if I find it still persist.

[KINGP1N]

@elegantmoose Unfortunately, the fix you are referring to didn't do it for me. The issue is still present because of the specified host and port values in default.yml ; which appear to be used during the build process (--build) of the frontend components. It basically overwrites the value of VITE_CALDERA_URL in plugins/magma/.env. Specifically here:

filename: server.py

If you keep 0.0.0.0 as your host value in default.yml, after initiating, building and launching Caldera, you end up with client-side callbacks that point to: https://0.0.0.0:8888/api/...

This becomes a problem when Caldera is behind a reverse proxy and you have to resort to domain names, commenting out the following line in server.py temporarily fixed it:

273 configure_magma_env_file()

Just make sure to define VITE_CALDERA_URL=https://{example-domain}:{port} correctly in plugins/magma/.env.

[abhra101]

Fix!

People are trying to access on http://localhost:8888, just type http://0.0.0.0:8888 and it will work.

[morpheuslord]

Fix!

People are trying to access http://localhost:8888, just type http://0.0.0.0:8888 and it will work.

I guess not,

I am trying to find out what is the issue but am not able to determine anything specific. I also tried this:

Just make sure to define VITE_CALDERA_URL=https://{example-domain}:{port} correctly in plugins/magma/.env.

Still no luck

[abhra101]

Fix! People are trying to access http://localhost:8888, just type http://0.0.0.0:8888 and it will work.

I guess not,

I am trying to find out what is the issue but am not able to determine anything specific. I also tried this:

Just make sure to define VITE_CALDERA_URL=https://{example-domain}:{port} correctly in plugins/magma/.env.

Still no luck

stop using chrome use firefox

[morpheuslord]

Fix! People are trying to access http://localhost:8888, just type http://0.0.0.0:8888 and it will work.

I guess not, I am trying to find out what is the issue but am not able to determine anything specific. I also tried this:

Just make sure to define VITE_CALDERA_URL=https://{example-domain}:{port} correctly in plugins/magma/.env.

Still no luck

stop using chrome use firefox

Am I missing out on something here:

For better scope, I tried it with both localhost, 127.0.0.1 (just in case) and 0.0.0.0 but they did not work.

[solidshadw]

@morpheuslord Did you ever figure out what the issue was? I'm experiencing this with the docker build

[morpheuslord]

@morpheuslord Did you ever figure out what the issue was? I'm experiencing this with the docker build

Na man I am using an older release for my tests .

Still working on it though, but no leads.

[ghismo89]

you have tried with the admin admin credentials? and the other without the insecure or build flag

[morpheuslord]

you have tried with the admin admin credentials? and the other without the insecure or build flag

Yes, I have tried all possible combinations with and without clearing cache and cookies.

[njammy]

http://0.0.0.0:8888

this work for me, thank guy

[solidshadw]

I can't use the 0.0.0.0 or localhost, because I'm accessing the GUI from another computer. I'm changing the IP in the conf/default.yml and its still not working and it breaks. Not sure if the there's a different work around?

[morpheuslord]

can you document your env that we can try recreate

[abhra101]

bro morpheus when you run caldera server are u running insecure build or normal? if you are using insecure build, try running without the insecure build option then open locals.yml, use login for red username and passwork as mentioned for red user.

On Tue, 11 Jun 2024 at 9:25 PM, morpheuslord @.***> wrote:

can you document your env that we can try recreate

— Reply to this email directly, view it on GitHub https://github.com/mitre/caldera/issues/2901#issuecomment-2161106629, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMCX75TGTL7Y4Q4U4B7HQJLZG4MWBAVCNFSM6AAAAABDYTOWMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRRGEYDMNRSHE . You are receiving this because you commented.Message ID: @.***>

[morpheuslord]

bro morpheus when you run caldera server are u running insecure build or normal? if you are using insecure build, try running without the insecure build option then open locals.yml, use login for red username and passwork as mentioned for red user. … On Tue, 11 Jun 2024 at 9:25 PM, morpheuslord @.> wrote: can you document your env that we can try recreate — Reply to this email directly, view it on GitHub <#2901 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMCX75TGTL7Y4Q4U4B7HQJLZG4MWBAVCNFSM6AAAAABDYTOWMOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRRGEYDMNRSHE . You are receiving this because you commented.Message ID: @.>

well I did that but still nothing worked.

[Asif644]

@morpheuslord Did you ever figure out what the issue was? I'm experiencing this with the docker build

Na man I am using an older release for my tests .

Still working on it though, but no leads.

@morpheuslord can you mention which release you are using now?

[morpheuslord]

@morpheuslord Did you ever figure out what the issue was? I'm experiencing this with the docker build

Na man I am using an older release for my tests . Still working on it though, but no leads.

@morpheuslord can you mention which release you are using now?

I am using 4.2.0

[cyberjack256]

Im experiencing the same issue same version. Accessing from a separate virtual machine than the install. For reference, I'm accessing via http://ip.of.the.host:8888 on the distant VM.

[mdarri]

I can get 4.2.0 to work without issue, 5.0.0 does not, I get to the log on and enter red/admin and nothing, yes, I did build insecure... this is so frustrating that none of the suggestions work

[elegantmoose]

Use Master not v5.0.0, it's buggy

[decyphertek-io]

Solution Using Python Method:

I ran into a similar issue and decided to provide some more detail on how to solve the problem.

• --insecure flag uses default.yml
• Not using --insecure will autogenerate a local.yml

  
  # first setup nodejs , golang , & git caldera:
  cd caldera
  python3 server.py --build 
  # This will autogenerate a local.yml
  # Once finished, then exit
  ctrl + c

npm audit fix --force vim /caldera/conf/local.yml

app.contact.http: http://SERVER-IP:8888 app.frontend.api_base_url: http://SERVER-IP:8888

vim /caldera/plugins/magma/.env VITE_CALDERA_URL=http://SERVER-IP:8888

python3 server.py --build --fresh

cat /caldera/conf/local.yml

find passwords to login.

* If you are having issues, you can delete caldera directory and git clone caldera again.
* If you made many changes, sometimes there can be build errors. This will solve that. 
*  I found changing all the 0.0.0.0 and localhost in local.yml breaks things. For example 7010 & 2222

[balu0000000]

run this in your caldera folder

find . -type f -exec grep -l "http://localhost:8888/" {} \; | xargs -I {} sed -i "s/http:\/\/localhost:8888/http:\/\/FILLYOURIPADDRESS:8888/g" {}

[D47K-0v3771D3]

run this in your caldera folder

find . -type f -exec grep -l "http://localhost:8888/" {} ; | xargs -I {} sed -i "s/http://localhost:8888/http://FILLYOURIPADDRESS:8888/g" {}

This worked for me...Thanks homie

[brahian035]

I had the same problem to solve it I did the following -->

If you installed Mitre Caldera with Docker when you run the following command from the documentation add it -E default With this option you will define the default configuration of the default file the command it would look like this: docker run -p 8888:8888 caldera:latest -E default If you run the command like this you will be able to log in to http://localhost:8888/ without any problems