search

t3l3machus / Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Other
3.73k stars 602 forks source link

odd behaviour on new joins (Arch linux) #22

Closed oldkingcone closed 1 year ago

oldkingcone commented 1 year ago

When attempting to add new bots to the session handler, it appears as though there is an odd error:

Exception occurred during processing of request from ('10.129.228.117', 53058)
Traceback (most recent call last):
  File "/usr/lib/python3.10/socketserver.py", line 316, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib/python3.10/socketserver.py", line 347, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python3.10/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.10/socketserver.py", line 747, in __init__
    self.handle()
  File "/usr/lib/python3.10/http/server.py", line 432, in handle
    self.handle_one_request()
  File "/usr/lib/python3.10/http/server.py", line 420, in handle_one_request
    method()
  File "/home/user/clones/villan/Core/villain_core.py", line 910, in do_POST
    Sessions_manager.active_sessions[session_id]['last_received'] = timestamp
KeyError: 'b46f147a-1bf3b0f8-fb09af4e'
----------------------------------------

Attempting to nest the function on line 910 in a try except statement appears to correct the error, but introduces a new one:

Traceback (most recent call last):
  File "/usr/lib/python3.10/socketserver.py", line 316, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib/python3.10/socketserver.py", line 347, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python3.10/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.10/socketserver.py", line 747, in __init__
    self.handle()
  File "/usr/lib/python3.10/http/server.py", line 432, in handle
    self.handle_one_request()
  File "/usr/lib/python3.10/http/server.py", line 420, in handle_one_request
    method()
  File "/home/user/clones/villan/Core/villain_core.py", line 911, in do_POST
    Sessions_manager.active_sessions[session_id]['last_received'] = timestamp
TypeError: 'str' object does not support item assignment
----------------------------------------

When trying to add new bots to the framework, the error message will repeat until the application/C2 is closed.

Also to note, when trying to use this with custom tunnel device names, it does not catch reverse shells, for example if the tunnel name is htb_tun, it will not pick it up as a valid interface. Will future editions include command line options to specify the interface?(I have been editing the settings.py script with the right ip/interface address, but this appears cumbersome)

t3l3machus commented 1 year ago

I'll check it out and get back to you soon, thanks

oldkingcone commented 1 year ago

no problem

dolt0n commented 1 year ago

same issue with windows machines

ll3N1GmAll commented 1 year ago

I am seeing this when trying to launch a session on a Windows server 2012 R2 box. Tried encoded from CMD and obfuscated from PSH. Both respond the same as above.

oldkingcone commented 1 year ago

I havent seen anything yet that can fix this issue. Im going to poke around the code a bit more, kinda shelved this myself. If i find a fix ill post it here.

oldkingcone commented 1 year ago

Going to close this, looks like this specific issue is fixed.