[Caldera 5.0.0] 500 Error code - Internal Server Error

[Pandoome]

Hello !

Describe the bug I am trying to run Caldera 5.0.0 on Ubuntu 20.04, but I encounter a 500 Internal Server Error when accessing localhost:8888.

To Reproduce Steps to reproduce the behavior: I followed the documentation here => https://caldera.readthedocs.io/en/latest/Installing-Caldera.html#step-by-step-explanation. Using Python 3.10 and Docker deployment, I experienced the same issue.

Screenshots When I try to curl the localhost:8888, I get a 500 error code :

Logs of the Caldera build Here are the logs from the Python build:

python3 server.py --build
2024-10-01 14:36:39 - INFO  (config_generator.py:55 ensure_local_config) Creating new secure config in conf/local.yml
2024-10-01 14:36:39 - INFO  (config_generator.py:30 log_config_message) 
Log into Caldera with the following admin credentials:
    Red:
        USERNAME: red
        PASSWORD: 
        API_TOKEN: 
    Blue:
        USERNAME: blue
        PASSWORD: 
        API_TOKEN: 
To modify these values, edit the conf/local.yml file.
2024-10-01 14:36:39 - INFO  (server.py:211 <module>) Using main config from conf/local.yml
2024-10-01 14:36:40 - INFO  (server.py:247 <module>) Building VueJS front-end.
npm warn deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.

added 767 packages, and audited 768 packages in 49s

100 packages are looking for funding
  run `npm fund` for details

16 vulnerabilities (8 moderate, 7 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

> magma@0.0.0 build
> node prebundle.js && vite build

Copying all plugin GUI source files to magma
Copying over "access" files...
Copying over "atomic" files...
Copying over "builder" files...
Copying over "compass" files...
Copying over "debrief" files...
Copying over "emu" files...
Copying over "gameboard" files...
Copying over "human" files...
Copying over "manx" files...
Copying over "response" files...
Copying over "sandcat" files...
Copying over "ssl" files...
Copying over "stockpile" files...
Copying over "training" files...
Plugin GUI source files copied!
vite v2.9.15 building for production...
✓ 1479 modules transformed.
dist/assets/favicon.cc1c341b.ico                   69.07 KiB
dist/assets/caldera-logo.6a24b35b.png              16.51 KiB
dist/assets/caldera-logo-mtn.88f0ff8a.png          36.07 KiB
dist/assets/darwin-icon-privileged.ffa7a1c2.svg    0.68 KiB
dist/assets/darwin-icon.95280721.svg               0.67 KiB
dist/assets/linux-icon-privileged.d1ede01c.svg     3.66 KiB
dist/assets/linux-icon.df96f069.svg                3.65 KiB
dist/assets/windows-icon-privileged.e4e076e8.svg   0.39 KiB
dist/assets/windows-icon.2e7338a5.svg              0.37 KiB
dist/index.html                                    0.46 KiB
dist/assets/access.b5689433.js                     12.71 KiB / gzip: 3.98 KiB
dist/assets/atomic.44bede15.js                     1.05 KiB / gzip: 0.62 KiB
dist/assets/builder.16f8d393.js                    1.08 KiB / gzip: 0.63 KiB
dist/assets/emu.e13f9335.js                        1.56 KiB / gzip: 0.70 KiB
dist/assets/compass.8eddc28b.js                    5.22 KiB / gzip: 2.22 KiB
dist/assets/manx.328b8e5b.js                       6.54 KiB / gzip: 2.46 KiB
dist/assets/human.c935c553.js                      11.80 KiB / gzip: 3.47 KiB
dist/assets/debrief.34b8c22c.js                    28.20 KiB / gzip: 7.45 KiB
dist/assets/response.79b02f0b.js                   1.60 KiB / gzip: 0.84 KiB
dist/assets/sandcat.5efef337.js                    0.68 KiB / gzip: 0.44 KiB
dist/assets/stockpile.8668fbbb.js                  1.61 KiB / gzip: 0.76 KiB
dist/assets/ssl.65e6351b.js                        0.98 KiB / gzip: 0.62 KiB
dist/assets/access.b689ce59.css                    0.32 KiB / gzip: 0.20 KiB
dist/assets/training.cf27525e.js                   8.96 KiB / gzip: 3.55 KiB
dist/assets/human.d7b43e12.css                     2.31 KiB / gzip: 0.77 KiB
dist/assets/compass.4b402f52.css                   0.12 KiB / gzip: 0.12 KiB
dist/assets/debrief.854158fe.css                   0.79 KiB / gzip: 0.34 KiB
dist/assets/manx.fdacbfd3.css                      3.11 KiB / gzip: 1.52 KiB
dist/assets/response.9692d0ec.css                  0.20 KiB / gzip: 0.13 KiB
dist/assets/gameboard.430857df.css                 2.01 KiB / gzip: 0.68 KiB
dist/assets/gameboard.820d7508.js                  21.79 KiB / gzip: 6.11 KiB
dist/assets/training.9d43ffbb.css                  3.86 KiB / gzip: 1.05 KiB
dist/assets/index.0f757c1d.css                     248.24 KiB / gzip: 33.80 KiB
dist/assets/index.8e461eb0.js                      1639.23 KiB / gzip: 528.91 KiB

(!) Some chunks are larger than 500 KiB after minification. Consider:
- Using dynamic import() to code-split the application
- Use build.rollupOptions.output.manualChunks to improve chunking: https://rollupjs.org/guide/en/#outputmanualchunks
- Adjust chunk size limit for this warning via build.chunkSizeWarningLimit.
2024-10-01 14:37:56 - INFO  (server.py:250 <module>) VueJS front-end build complete.
2024-10-01 14:37:57 - WARNING (warnings.py:109 _showwarnmsg) /usr/local/lib/python3.10/dist-packages/asyncssh/crypto/cipher.py:29: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4

2024-10-01 14:37:57 - WARNING (warnings.py:109 _showwarnmsg) /usr/local/lib/python3.10/dist-packages/asyncssh/crypto/cipher.py:30: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
  from cryptography.hazmat.primitives.ciphers.algorithms import TripleDES

2024-10-01 14:37:57 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2024-10-01 14:37:57 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: access
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: response
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: training
2024-10-01 14:39:41 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2024-10-01 14:39:41 - ERROR (c_plugin.py:91 _load_module) Error importing plugin=builder, No module named 'docker'
2024-10-01 14:39:41 - ERROR (c_plugin.py:59 load_plugin) Error loading plugin=builder, 'NoneType' object has no attribute 'description'
2024-10-01 14:39:42 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2024-10-01 14:39:42 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2024-10-01 14:39:42 - INFO  (logging.py:92 log) Creating SSH listener on 0.0.0.0, port 8022
2024-10-01 14:39:42 - INFO  (server.py:741 start) serving on 0.0.0.0:2222
2024-10-01 14:39:42 - WARNING (data_svc.py:436 _apply_special_extension_hooks) Unable to properly load .donut for payload plugins.stockpile.app.donut.donut_handler due to failed import
2024-10-01 14:39:42 - WARNING (app_svc.py:171 validate_requirement) upx does not meet the minimum version of 0.0.0. Upx is an optional dependency which adds more functionality. 
2024-10-01 14:39:50 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ff78708e0e18d31c0be7a2be295158ec
2024-10-01 14:39:50 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 6fdc9037290299164d52b65219d628ef
2024-10-01 14:39:50 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ae21aefd2d9933df45a4e55485fbc333
2024-10-01 14:39:50 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: d8f4e4e10f4d6da1b174bb18cb859e6c
2024-10-01 14:39:50 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 86ab6d7ecc05b7dabc7699a9e6a0a173
2024-10-01 14:39:51 - WARNING (c_adversary.py:90 verify) Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 5c922d92f383656401d5633ca23db497
2024-10-01 14:39:51 - WARNING (c_adversary.py:95 verify) Objective referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: c495a9828-cab1-44dd-a0ca-66e58177d8c. Setting default objective.
2024-10-01 14:39:51 - INFO  (server.py:90 run_tasks) All systems ready.
2024-10-01 14:39:51 - INFO  (server.py:91 run_tasks) 
 ██████╗ █████╗ ██╗     ██████╗ ███████╗██████╗  █████╗
██╔════╝██╔══██╗██║     ██╔══██╗██╔════╝██╔══██╗██╔══██╗
██║     ███████║██║     ██║  ██║█████╗  ██████╔╝███████║
██║     ██╔══██║██║     ██║  ██║██╔══╝  ██╔══██╗██╔══██║
╚██████╗██║  ██║███████╗██████╔╝███████╗██║  ██║██║  ██║
 ╚═════╝╚═╝  ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝

2024-10-01 14:40:06 - INFO  (hook.py:56 build_docs) Docs built successfully with the following warnings
/opt///caldera/plugins/fieldmanual/sphinx-docs/The-REST-API.md:3: WARNING: 'myst' cross-reference target not found: '/api/docs' [myst.xref_missing]

Thanks for your help !

[github-actions[bot]]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[b1tst0rm]

Seems related to or duplicate of https://github.com/mitre/caldera/issues/3061

[Pandoome]

Thank you for the fix, working for my part !