powershell/persistence/elevated/rid_hijack.py line 95: invalid syntax

r4wd3r / RID-Hijacking

Windows RID Hijacking persistence technique

164 stars 43 forks source link

powershell/persistence/elevated/rid_hijack.py line 95: invalid syntax #2

Closed blshkv closed 4 years ago

blshkv commented 4 years ago

https://github.com/byt3bl33d3r/CrackMapExec/issues/345

https://github.com/r4wd3r/RID-Hijacking/blob/d044de2738d7eb6bcfab80eea1a74a1e5e756c8a/modules/empire/lib/modules/powershell/persistence/elevated/rid_hijack.py#L95

The latest git version shows the following error during installation:

/cme/data/RID-Hijacking/modules/empire/lib/modules/powershell/persistence/elevated/rid_hijack.py", line 95
    print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
                ^
SyntaxError: invalid syntax

r4wd3r commented 4 years ago

Hey @blshkv! Thanks for reporting this. Now with this implementation I have modified the extension of the Empire module that is causing the issue. Could you please try again and install the bleeding edge CME version so I can confirm this was fixed?

blshkv commented 4 years ago

still there,

  File "/usr/lib64/python3.6/site-packages/cme/data/RID-Hijacking/modules/empire/lib/modules/powershell/persistence/elevated/rid_hijack.py", line 95
    print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
                ^
SyntaxError: invalid syntax

r4wd3r commented 4 years ago

I think you are using the same version of the CME you downloaded and installed previously. And since you installed it into the python3.6 folder it is not being updated with the latest modification I did to the file.

Hence, considering that this file is not related to CME, you can go ahead and delete it.

Please let me know if re-installing or deleting this file works well for you :)

blshkv commented 4 years ago

No, CME pulls the latest everytime here. So it is really not fixed for me.

running install_egg_info
running egg_info
writing crackmapexec.egg-info/PKG-INFO
writing dependency_links to crackmapexec.egg-info/dependency_links.txt
writing entry points to crackmapexec.egg-info/entry_points.txt
writing requirements to crackmapexec.egg-info/requires.txt
writing top-level names to crackmapexec.egg-info/top_level.txt
reading manifest template 'MANIFEST.in'
/usr/lib/python3.7/site-packages/setuptools/dist.py:476: UserWarning: Normalizing '5.0.1dev' to '5.0.1.dev0'
  normalized_version,
  File "/usr/lib/python3.7/site-packages/cme/data/RID-Hijacking/modules/empire/lib/modules/powershell/persistence/elevated/rid_hijack.py", line 95
    print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
                ^
SyntaxError: invalid syntax

blshkv commented 4 years ago

hm.. I think I'm wrong. CME is linked to RID-Hijacking @ d044de2

   repository:               https://github.com/r4wd3r/RID-Hijacking.git
   at the commit:            d044de2738d7eb6bcfab80eea1a74a1e5e756c8a

blshkv commented 4 years ago

Please keep this bug open for a bit longer, I'm unable to test CME's fix due to other issue.

blshkv commented 4 years ago

ok, fixed. Thanks a lot!