Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Onedrive Listener typeError Exception #40

Closed
dsturge01 opened this issue Dec 28, 2019 · 2 comments · Fixed by #130
Closed

Onedrive Listener typeError Exception #40

dsturge01 opened this issue Dec 28, 2019 · 2 comments · Fixed by #130
Labels
bug Something isn't working confirmed

Comments

@dsturge01
Copy link

dsturge01 commented Dec 28, 2019
edited
Loading

Empire Version

3.0.3

OS Information (Linux flavor, Python version)

5.3.0-kali3-amd64 #1 SMP Debian 5.3.15-1kali1 (2019-12-09) x86_64 GNU/Linux
Error observed on 2, 2.7, 3, 3.7

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

Set ClientID, ClientSecret, Authcode, and execute. The listener runs, but then throws the below exception

Screenshot of error, embedded text output, or Pastebin link to the error

(Empire: listeners/onedrive) > execute
[] Starting listener 'onedrive'
[] Got new auth token
[] empire folder already exists
[] empire/staging already exists
[] empire/taskings already exists
[] empire/results already exists
[+] Listener successfully started!
(Empire: listeners/onedrive) > Exception in thread Thread-2:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 926, in _bootstrap_inner
self.run()
File "/root/WD_Hacking/Empire/lib/common/helpers.py", line 983, in __run
self.__run_backup()
File "/usr/lib/python3.7/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "/root/WD_Hacking/Empire//lib/listeners/onedrive.py", line 628, in start_server
upload_stager()
File "/root/WD_Hacking/Empire//lib/listeners/onedrive.py", line 564, in upload_stager
ps_stager = self.generate_stager(listenerOptions=listener_options, language='powershell', token=token['access_token'])
File "/root/WD_Hacking/Empire//lib/listeners/onedrive.py", line 312, in generate_stager
return RC4IV + encryption.rc4(RC4IV+staging_key, randomized_stager)
TypeError: can't concat str to bytes
@Cx01N Cx01N added the bug Something isn't working label Dec 28, 2019
@Cx01N Cx01N added the help wanted Extra attention is needed label Feb 1, 2020
@dsturge01
Copy link
Author

@Cx01N
I was able to get around the issue by editing/adding the following lines to onedrive.py:

staging_key = staging_key.encode('UTF-8')

return RC4IV + encryption.rc4(RC4IV+staging_key, randomized_stager.encode('UTF-8'))

This caused the listener to run without incident, however I do not know if this will mess up encryption/communication with the agent.

Now when I run the agent, I get the following error:
[!] handle_agent_request(): sessionID b'YRS18TNE' not present

This error is thrown about every 5 seconds, for 5 minutes.

Then, after about 5 minutes, the error changes to:
[+] Initial agent YRS18TNE from 0.0.0.0 now active (Slack)
[!] Could not handle agent staging for listener onedrive, continuing
[!] handle_agent_request(): sessionID b'YRS18TNE' not present

I do not know if these are symptoms the of changes I made to onedrive.py, or if these are separate issues that needs to be opened.

@Cx01N Cx01N linked a pull request Mar 15, 2020 that will close this issue
Fix for Onedrive listener #130
Merged
@Cx01N Cx01N added confirmed and removed help wanted Extra attention is needed labels Mar 18, 2020
@Cx01N
Copy link

Cx01N commented Mar 23, 2020

Added fix into Empire v3.1.3

@Cx01N Cx01N closed this as completed Mar 23, 2020
vinnybod pushed a commit that referenced this issue Apr 8, 2021
@Cx01N
Integrated Empire CLI (#40)
b352234 
* removed old submodules

* readded profile submodule

* added cli files to empire
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working confirmed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for Onedrive listener BC-SECURITY/Empire
2 participants
@Cx01N @dsturge01