search

nettitude / PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
BSD 3-Clause "New" or "Revised" License
1.8k stars 326 forks source link

Database Issues #93

Closed RustyBower closed 4 years ago

RustyBower commented 4 years ago

Looks like we're seeing issues when the DB gets too large/active.

Exception happened during processing of request from ('10.0.0.1', 38322)
Traceback (most recent call last):
  File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.8/socketserver.py", line 720, in __init__
    self.handle()
  File "/usr/lib/python3.8/http/server.py", line 426, in handle
    self.handle_one_request()
  File "/usr/lib/python3.8/http/server.py", line 414, in handle_one_request
    method()
  File "/opt/PoshC2/poshc2/server/C2Server.py", line 90, in do_GET
    new_task = newTask(self.path)
  File "/opt/PoshC2/poshc2/server/Tasks.py", line 111, in newTask
    DB.update_implant_lastseen(now.strftime("%d/%m/%Y %H:%M:%S"), RandomURI)
  File "/opt/PoshC2/poshc2/server/database/DBSQLite.py", line 357, in update_implant_lastseen
    c.execute("UPDATE Implants SET LastSeen=? WHERE RandomURI=?", (time, randomuri))
sqlite3.OperationalError: database is locked

This seems to happen when there's greater than 500 active callbacks

benpturner commented 4 years ago

Hi Rusty, thanks for raising this. We’ve seen this a few time over the past month but can’t seem to work out where the problem stems from. We’ve tried a few approaches and its appeared again, assuming you are on the latest release? You also mentioned 500 active callbacks, how did you get that figure?

RustyBower commented 4 years ago

So after tinkering it with it a little bit more, this definitely is an issue when you have a ton of implants in the database, and you have a ton of tasks for those implants.

image

This was the yesterday's adventure with callbacks, so we had > 1000, but as soon as we tasked more than 100 or so at a time, it would trigger the db issues.

riskydissonance commented 4 years ago

Hey @RustyBower , we've made some changes to the DB stuff, if you still have issues let us know.

We've also added support for Postgres for more intense cases like this, with so many implants a SQLite database can't really cope. Check out the config.yml for instructions on setting up Postgres or there's a release & blog post coming soon.

b4b857f6ee commented 3 years ago

Hello, i got this error in PoshC2 2.7 on Ubuntu 18.04 I forget the infection in my attack scenario and i just saw more than 200 implant.... but th databse was saying it's lock... How can i close all of this in the sqlite so i can start the poschC2 without rebuild all the payload etc :(...? I have error like this : image Or this image

image