Multiple possible bugs. Exception: string argument without an encoding

[whmacmac]

Empire Version

[Version] 3.0.4 BC-Security Fork | [Web] https://github.com/BC-SECURITY/Empire

OS Information (Linux flavor, Python version)

Linux parrot 5.4.0-2parrot1-amd64 #1 SMP Parrot 5.4.8-2parrot1 (2020-01-12) x86_64 GNU/Linux

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

I have obtained a reverse shell on a windows machine using multi/launcher payload from empire. The error that i have is in the moment i am using the empire's module powerup allchecks:
[!] Exception: string argument without an encoding

Screenshot of error, embedded text output, or Pastebin link to the error

(Empire: HB3ZNDWP) > usemodule privesc/powerup/allchecks
(Empire: powershell/privesc/powerup/allchecks) > info

              Name: Invoke-AllChecks
            Module: powershell/privesc/powerup/allchecks
        NeedsAdmin: False
         OpsecSafe: True
          Language: powershell
MinLanguageVersion: 2
        Background: True
   OutputExtension: None

Options:

  Name  Required    Value                     Description
  ----  --------    -------                   -----------
  Agent True        HB3ZNDWP                  Agent to run module on.                 

(Empire: powershell/privesc/powerup/allchecks) > execute
powerup checks
[!] Exception: string argument without an encoding

[*] Active agents:

 Name     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener
 ----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------
 HB3ZNDWP ps 0.0.0.0         RESOLUTE          MEGABANK\melanie        powershell         3320   5/0.0    2020-01-20 13:12:22  HTB

[whmacmac]

Other error is when trying to execute the sysinfo command from the agent menu:

(Empire: HB3ZNDWP) > sysinfo
[*] Tasked HB3ZNDWP to run TASK_SYSINFO
[*] Agent HB3ZNDWP tasked with task ID 3
(Empire: HB3ZNDWP) > [!] Invalid sysinfo response from HB3ZNDWP

PS: other errors observed during my time using empire:
Trying to use the shell comand "sysinfo" as an alternative to agent sysinfo, i obtain the following error:

error running command: Cannot index into a null array.

Trying to use a basic command like ls or dir results in other error:

error running command: Method invocation failed because [System.IO.FileInfo] does not contain a method named 'op_Addition'.

(Empire: HB3ZNDWP) > shell sysinfo
[*] Tasked HB3ZNDWP to run TASK_SHELL
[*] Agent HB3ZNDWP tasked with task ID 5
(Empire: HB3ZNDWP) > 
error running command: Cannot index into a null array.

(Empire: HB3ZNDWP) > shell ls
[*] Tasked HB3ZNDWP to run TASK_SHELL
[*] Agent HB3ZNDWP tasked with task ID 6
(Empire: HB3ZNDWP) > 
(Empire: HB3ZNDWP) > 
error running command: Method invocation failed because [System.IO.FileInfo] does not contain a method named 'op_Addition'.

[Cx01N]

@Sa1riil Invoke-allchecks should be working again on the dev branch since it was addressed in #64. I recommend checking it out to make sure it is working for you.

As for the issues with sysinfo and ls, what version of windows are you running and updates installed? There may have been an update released that changed some of the ways Powershell is handled. I was testing this out on the most recent windev VM release and was not able to recreate it.

[whmacmac]

@Sa1riil Invoke-allchecks should be working again on the dev branch since it was addressed in #64. I recommend checking it out to make sure it is working for you.

As for the issues with sysinfo and ls, what version of windows are you running and updates installed? There may have been an update released that changed some of the ways Powershell is handled. I was testing this out on the most recent windev VM release and was not able to recreate it.

Hi Cx01N,
The target is a machine from a CTF, as soon as i get root on it, i will check it because for the moment i can not. Also about the dev branch, i have cloned it from https://github.com/BC-SECURITY/Empire.git. So it is possible to have the powerup error because of that if the dev branch was not merged with the default one.
Thank you for the explanation and if it is possible, please do not close it cus i want to check the windows version of the target machine as soon as i get root on it.
Thank you,

[Hubbl3]

@Sa1riil If this is a CTF machine there is no way for us to validate the issues you are encountering as coming from Empire.

It's entirely possible that there is some setting enabled that is causing the issue or even intentionally broken services on the machine.

[whmacmac]

@Sa1riil If this is a CTF machine there is no way for us to validate the issues you are encountering as coming from Empire.

It's entirely possible that there is some setting enabled that is causing the issue or even intentionally broken services on the machine.

I have understood, if it is oki to let me 2 more days to obtain additional data otherwise i will close it as resolved.
Thank you for all your effort.

[Cx01N]

Closing for now since the issue appears to be resolved. Please feel free to reopen if you need to.