search

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
793 stars 190 forks source link

Offline usage of -GetPrereqs Timed out after 0 seconds #191

Closed ndex11 closed 2 months ago

ndex11 commented 2 months ago

I have installed Atomics and Invoke-atomicred on the online machine. Then run command Invoke-AtomicTest All -GetPrereqs and prereqs were downloaded and installed. I have copied whole AtomicsRed directory to the same location on the offline machine. When I try to run command Invoke-AtomicTest All -GetPrereqs on the offline machine I am getting error Process Timed out after 0 seconds, use '-TimeoutSeconds' to specify a different timeout This error is generated for every test and no prereqs have being installed into the system.

Example: Attempting to satisfy prereq: Computer must have python 3 installed VERBOSE: Replacing inputArgs with user specified values, or default values if none provided VERBOSE: Replacing inputArgs with user specified values, or default values if none provided VERBOSE: Invoking Atomic Tests using defined executor VERBOSE: Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_Process'. VERBOSE: Operation 'Enumerate CimInstances' complete. Process Timed out after 0 seconds, use '-TimeoutSeconds' to specify a different timeout VERBOSE: Invoking Atomic Tests using defined executor VERBOSE: Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_Process'. VERBOSE: Operation 'Enumerate CimInstances' complete. VERBOSE: Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_Process'. VERBOSE: Operation 'Enumerate CimInstances' complete. VERBOSE: Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_Process'. VERBOSE: Operation 'Enumerate CimInstances' complete. Process Timed out after 0 seconds, use '-TimeoutSeconds' to specify a different timeout VERBOSE: Invoking Atomic Tests using defined executor VERBOSE: Perform operation 'Enumerate CimInstances' with following parameters, ''namespaceName' = root\cimv2,'className' = Win32_Process'. VERBOSE: Operation 'Enumerate CimInstances' complete. Process Timed out after 0 seconds, use '-TimeoutSeconds' to specify a different timeout Failed to meet prereq: Computer must have python 3 installed

ndex11 commented 2 months ago

There is no check, If installer already exists in ExternalPayloads directory, in get_prereq_command in yaml file. Would be great to check if installer exists and then skip Invoke-WebRequest which is causing timeout error in my opinion.

Jake151 commented 2 months ago

Hi @ndex11 - This bug should be fixed in #190. You'll need to redownload invoke-atomicredteam from the repo for this to work.

ndex11 commented 2 months ago

Problem solved, thank you...

cyberbuff commented 2 months ago

Appreciate your help @Jake151 Thank you :)