Closed eibrandr closed 4 years ago
khyberspache
commented
4 years ago An ability failing shouldn't impact an agent's ability to continue. This might be an unrelated issued in the current compiled version as we did not see similar issues in our dynamically compiled agents.
privateducky
commented
4 years ago agreed. we've since updated our pre-compiled agents. @eibrandr I would give this another shot, with a fresh clone, to see if the newly compile agents solve this. If not, we can dive deeper.
eibrandr
commented
4 years ago Great - thanks guys, I'll give a shot tomorrow and let you know.
R
On Wed, 13 Nov 2019 at 23:34, david notifications@github.com wrote:
agreed. we've since updated our pre-compiled agents. @eibrandr https://github.com/eibrandr I would give this another shot, with a fresh clone, to see if the newly compile agents solve this. If not, we can dive deeper.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mitre/caldera/issues/763?email_source=notifications&email_token=AA4YL6X4BTSITJMLCM7TZCTQTSFHDA5CNFSM4JM2FDM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEABPJQ#issuecomment-553654182, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4YL6RZO5HWB63UUC6IUB3QTSFHDANCNFSM4JM2FDMQ .
eibrandr
commented
4 years ago Hi,
Reporting back - same again after pulling another fresh clone (see below) - happy to provide more info or test something else if you'd like me to.
[image: image.png]
On Thu, 14 Nov 2019 at 00:26, Richard Eibrand eibrandr@gmail.com wrote:
Great - thanks guys, I'll give a shot tomorrow and let you know.
R
On Wed, 13 Nov 2019 at 23:34, david notifications@github.com wrote:
agreed. we've since updated our pre-compiled agents. @eibrandr https://github.com/eibrandr I would give this another shot, with a fresh clone, to see if the newly compile agents solve this. If not, we can dive deeper.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mitre/caldera/issues/763?email_source=notifications&email_token=AA4YL6X4BTSITJMLCM7TZCTQTSFHDA5CNFSM4JM2FDM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEABPJQ#issuecomment-553654182, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4YL6RZO5HWB63UUC6IUB3QTSFHDANCNFSM4JM2FDMQ .
khyberspache
commented
4 years ago @eibrandr I was able to replicate it. Working on it now...
khyberspache
commented
4 years ago @eibrandr Fixed it and submitted a PR for sandcat. Once it's merged that issue should be resolved.
khyberspache
commented
4 years ago PR has been merged and this is fixed (based on my testing). If you continue to have issues, please open a new issue.
Hi,
It appears that when running the credential dumping ability - "Run Powekatz" (attack_id T1003) - the powershell sandcat agent fails.
The payload download (of invoke-mimikatz.ps1) gets blocked by the AV on the machine, but it looks like the sandcat agent is not able to handle this and fails with the following message;
`[*] Running instruction 324262-6 panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x0 pc=0x656ab2]
goroutine 39 [running]: /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute.runShellExecutor(0xc000126d37, 0x3, 0x6ed92b, 0x7, 0xc000256160, 0x14b, 0xf, 0x0, 0x0, 0xc000119dc0, ...) /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute/execute.go:140 +0x152 /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute.Execute(0xc000256160, 0x14b, 0xc000126d37, 0x3, 0x6ed92b, 0x7, 0x0, 0x0, 0x18a301, 0x9e00000000000007, ...) /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute/execute.go:60 +0x109 /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute.RunCommand(0xc000254000, 0x1bc, 0x0, 0x0, 0x0, 0x6ed92b, 0x7, 0xc000126d37, 0x3, 0xc000005cb0, ...) /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/execute/execute.go:35 +0x12f /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/contact.API.RunInstruction(0xc0001c2270, 0xc00005ebd0, 0x0, 0x0, 0x0) /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/contact/api.go:71 +0x1c1 created by main.runAgent /Users/davidhunt/Desktop/toolbox/caldera/plugins/sandcat/gocat/sandcat.go:45 +0x3b4`