Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Python agent, no command output in Empire #858

Closed
6a7070 opened this issue Dec 10, 2017 · 5 comments
Closed

Python agent, no command output in Empire #858

6a7070 opened this issue Dec 10, 2017 · 5 comments
Assignees
@xorrior

Comments

@6a7070
Copy link

6a7070 commented Dec 10, 2017
edited
Loading

Empire Version

2.3 - release version (python agent w/ http listener + HTTPS)

Empire Server OS Information

Ubuntu 16.04.3 LTS, python 2.7.12

Agent OS Information (Linux flavor, Python version)

Red Hat 6.8, python 2.6.6

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

Empire agent runs successfully on target system and agent instance added successfully to empire server. The problem arises when empire operator interacts with the new agent instance, no output is displayed to the empire operator's screen. For example, running this command, "shell ls", from empire does not produce any results.

Further testing revealed that the agent on the target system did receive the operator's command because this command, "shell echo test > /tmp/test-output.txt", did create a file with contents of "test" on the target system.

It seems that either the results of commands are not being sent back to the empire server or the empire server is not displaying the results from the agent.

After enabling debugging on the empire server, I received this information:

----------------------------------------
2017-12-10 :44 Agents : [*] Tasked agent1 to run TASK_SHELL
2017-12-10 :46 listeners/http : [*] GET request for [server]:[port]/admin/get.php from [targetIP]
2017-12-10 :46 listeners/http : [*] GET cookie value from [targetIP] : session=[cookie]
2017-12-10 :46 Agents : [*] handle_agent_data(): sessionID agent1 issued a TASKING_REQUEST
2017-12-10 :46 listeners/http : [*] Agent from [targetIP] retrieved taskings
----------------------------------------
2017-12-10 :51 listeners/http : [*] GET request for [server]:[port]/news.php from [targetIP]
2017-12-10 :51 listeners/http : [*] GET cookie value from [targetIP] : session=[cookie]
2017-12-10 :51 Agents : [*] handle_agent_data(): sessionID agent1 issued a TASKING_REQUEST
----------------------------------------
REPEAT last 3 lines...

Is it possible to enable debugging the agent as well? Do you know why this might happen? Is there a good place to start troubleshooting?
@xorrior
Copy link
Contributor

xorrior commented Dec 10, 2017

@6a7070 There hasn't been extensive testing for anything below Python 2.7. Do any of the modules return output? Have you tried any other commands? On the agent side the best place to debug is to just add a print statement here: https://github.com/EmpireProject/Empire/blob/master/data/agent/agent.py#L260 . Print out the value of resultData for shell commands. I'll see if I can get a python 2.6 environment setup and test.
Thanks.

@6a7070
Copy link
Author

6a7070 commented Dec 11, 2017

Thank you @xorrior for the help! It made it much easier to figure out a solution!

I figured out that the encode() function in Python 2.6.6 cannot include any keyword arguments like "errors". The command output from the agent never gets sent to the Empire server because the agent errors out. Specifically line 136 (https://github.com/EmpireProject/Empire/blob/master/data/agent/agent.py#L136) causes the error:

    packetData = base64.b64encode(packetData.decode('utf-8').encode('utf-8',errors='ignore'))
TypeError: encode() takes no keyword arguments

If line 136 is replaced with the following code, then the agent can encode the packetData and send it to the Empire server and display it to the operator.
packetData = base64.b64encode(packetData.decode('utf-8').encode('utf-8','ignore'))

I did further research into the differences between Python 2.6 and 2.7. Turns out that Python 2.7 added support for "keyword" arguments to the the encode function. https://docs.python.org/release/2.7.5/library/stdtypes.html?highlight=encode#str.encode

I tested the modified line 136 with agents running Python 2.6.6 and 2.7.5, both worked.

I don't think the original code meant to use the keyword argument of 'errors', because it isn't necessary to ignore errors during encoding. The modified code should successfully ignore any issues. https://docs.python.org/2/howto/unicode.html

It seems to be safe to make this change to the Python agent and it will support both 2.7 and 2.6.

Is this a change you would be willing to add to Empire?

@xorrior
Copy link
Contributor

xorrior commented Dec 12, 2017

@6a7070 Sure, would you mind creating a PR for this? :)

@xorrior xorrior self-assigned this Dec 12, 2017
xorrior added a commit that referenced this issue Dec 29, 2017
@xorrior
Fix for #858
4162d54
@xorrior
Copy link
Contributor

xorrior commented Dec 29, 2017

@6a7070 fixed in the dev branch. Sorry for the wait.

@xorrior xorrior closed this as completed Dec 29, 2017
@6a7070
Copy link
Author

6a7070 commented Dec 29, 2017

Thank you for making this change and keep track of it!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@xorrior xorrior

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xorrior @6a7070