Sandcat panics and crashes if launched on a docker container in Azure on a non-public network

[cventour]

Describe the bug I am deploying Caldera in Azure Containers using a Private network (no public IP address assigned). The ENTRYPOINT in the docker image points to a bash file that launches the server, then builds and runs the sandcat agent on the same container.

What I notice is that the execution of sandcat crashes with the following error

panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6d6fb9]

goroutine 1 [running]: github.com/grandcat/zeroconf.(Resolver).Browse(0x0, 0x819040, 0xc000070800, 0x7a47d6, 0xf, 0x7a1ca8, 0x6, 0xc000072120,0xa424a0, 0x7f748e746d98) /root/go/pkg/mod/github.com/grandcat/zeroconf@v1.0.0/client.go:92 +0xc9 github.com/mitre/gocat/agent.(Agent).DiscoverPeers(0xc0000be500) /usr/src/app/plugins/sandcat/gocat/agent/agent.go:530 +0x19d github.com/mitre/gocat/agent.(*Agent).Initialize(0xc0000be500, 0x7fff25cc37ca, 0x18, 0x7fff25cc37ea, 0x3, 0xc000077200, 0x787f00, 0x0, 0x0, 0x0, ...) /usr/src/app/plugins/sandcat/gocat/agent/agent.go:123 +0x42d github.com/mitre/gocat/agent.AgentFactory(0x7fff25cc37ca, 0x18, 0x7fff25cc37ea, 0x3, 0xc000077200, 0xc00007ce00, 0x0, 0x0, 0x0, 0x0, ...) /usr/src/app/plugins/sandcat/gocat/agent/agent_factory.go:7 +0xc5 github.com/mitre/gocat/core.initializeCore(0x7fff25cc37ca, 0x18, 0x7fff25cc37ea, 0x3, 0xc000077200, 0x7f748e746d00, 0x0,0x4caf00, 0x0, 0x0, ...) /usr/src/app/plugins/sandcat/gocat/core/core.go:22 +0xbd github.com/mitre/gocat/core.Core(0x7fff25cc37ca, 0x18, 0x7fff25cc37ea, 0x3, 0x0, 0xc000077200, 0xc000090000, 0x0, 0x0, 0x0) /usr/src/app/plugins/sandcat/gocat/core/core.go:27 +0xc0 main.main() /usr/src/app/plugins/sandcat/gocat/sandcat.go:45 +0x60e

This error does not occur when I launch the same container with a Publicly assigned IP address.

To Reproduce Steps to reproduce the behavior:

1. Prepare a Docker image from the latest caldera release
2. Add the following launch script on the image launch copy.txt (rename it as launch.sh)
3. Modify the Dockerfile ENTRYPOINT to look like : ENTRYPOINT ["/bin/bash", "launch.sh"]
4. build the image on your local docker
5. push the image to Azure on your Azure registry of choice
6. Deploy an instance of your image and Select "Private" on the networking step in the deployment wizard
7. Watch the logs of the instance

Expected behavior The sandcat client should launch without panicking. This does not happen when a publicly assigned IP is configured in the contianer.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information): Irrelevant of Desktop setup. Deployment is on Azure.

Additional context I am preparing an automated lab where caldera auto deploys in Docker and the same instance also has a sandcat client that I can immediately use to run operations.

[alexanderkent]

Thank you very much for taking the time to report this issue and the detailed instructions. We were able to identify areas of improvements and will be furnishing a stability PR shortly.

[cventour]

Hello, are there any updates to the PR ?

[alexanderkent]

Yes, we are looking to merge shortly. Meanwhile, you could try the stability_improvements branch which should prevent the agent from crashing.

https://github.com/mitre/gocat/pull/58

[alexanderkent]

The PR has been merged into the main branch. Thank you for your patience.