[BUG] [ERROR]: Exception in agents.handle_agent_staging() for HAKE19F4 : Invalid ciphertext received.

[SpringTec3D]

Is there an existing issue for this?

• I have searched the existing issues

Empire Version

5.4.2-0kali5

Python Version

3.11.2

Operating System

Kali Linux

Database

MariaDB

Current Behavior

occasionally throws
File "/usr/share/powershell-empire/empire/server/common/encryption.py", line 204, in aes_decrypt_and_verify raise Exception("Invalid ciphertext received.")
when an agent tries to connect to the listener. haven't been able to narrow down the cause of this issue. seems to occur at random.

Expected Behavior

it is expected to set up a connection between agent and listener

Steps To Reproduce

Victim:

OS Name: Microsoft Windows 11 Enterprise Evaluation
OS Version: 10.0.22621 N/A Build 22621
running in VirtualBox 7.0.8 r156879 on a Windows 10 Host System

Attacker:

Description: Kali GNU/Linux Rolling
Release: 2023.2
Codename: kali-rolling
running in VirtualBox 7.0.8 r156879 on a Windows 10 Host System

Steps to Reproduce:

attacker:

• sudo powershell-empire server

• in the Obfuscation tab of the Starkill Interface enable global obfuscation for powershell and preobfuscate all modules with Token\All\1

• set up "http_com" type listener

• create windows_launcher_bat stager for the listener
  - language: powershell
  - delete: off
  - obfuscate: on with Token\All\1

• download the stager and move to victim pc

victim pc:
(I tried this both with windows firewall and windows defender turned off as well as turned on, doesn't make a difference)

• run the the launcher.bat file
• powershell window closes

attacker (powershell-empire console ouput):

[INFO]: Agent YEFT1CS4 from 192.168.2.116 posted public key 
[INFO]: Agent YEFT1CS4 from 192.168.2.116 posted valid PowerShell RSA key 
[INFO]: New agent YEFT1CS4 checked in 
[ERROR]: Exception in agents.handle_agent_staging() for YEFT1CS4 : Invalid ciphertext received. 
Traceback (most recent call last):
  File "/usr/share/powershell-empire/empire/server/common/agents.py", line 956, in handle_agent_staging
    message = encryption.aes_decrypt_and_verify(session_key, encData)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/powershell-empire/empire/server/common/encryption.py", line 204, in aes_decrypt_and_verify
    raise Exception("Invalid ciphertext received.")
Exception: Invalid ciphertext received.
[INFO]: Agent YEFT1CS4 deleted

the error seems to occur completely randomly and sometimes the agent won't even connect to the listener

Anything else?

if I need to provide any more information to fix this, please let me know. any help narrowing down the root of this problem is appreciated, thanks

[Cx01N]

Can you try version 5.11 and see if that issue is still there? Otherwise, you will need to request that Kali update their repo.
https://gitlab.com/kalilinux/packages/powershell-empire

[SpringTec3D]

same error with Empire v 5.10.3
also get a second error occasionally (don't know if this is related somehow)

[INFO]: Agent FG76BELZ from 192.168.2.116 posted public key 
[INFO]: Agent FG76BELZ from 192.168.2.116 posted valid PowerShell RSA key 
[ERROR]: Exception in agents.handle_agent_staging() for FG76BELZ : 'FG76BELZ' 
Traceback (most recent call last):
  File "/home/kali/Empire/empire/server/common/agents.py", line 960, in handle_agent_staging
    session_key = self.agents[sessionID]["sessionKey"]
                  ~~~~~~~~~~~^^^^^^^^^^^
KeyError: 'FG76BELZ'
[INFO]: New agent FG76BELZ checked in 
[INFO]: Agent FG76BELZ deleted 
[ERROR]: http_com: Error returned for results by 192.168.2.116 : b"Error: Exception in agents.handle_agent_staging() for FG76BELZ : 'FG76BELZ'" 

and then there are cases where it does finish staging, but closes the powershell window on the victim computer afterwards

[INFO]: Agent NFYRAWVU from 192.168.2.116 posted public key 
[INFO]: Agent NFYRAWVU from 192.168.2.116 posted valid PowerShell RSA key 
[INFO]: New agent NFYRAWVU checked in 
[INFO]: Initial agent NFYRAWVU from 192.168.2.116 now active (Slack) 

staging does work fully sometimes (including powershell staying open) but it is very rare

[SpringTec3D]

I got more information from adding some output to the verify_hmac function in encryption.py

verify_hmac:

def verify_hmac(key, data):
    """
    Verify the HMAC supplied in the data with the given key.
    """
    if isinstance(key, str):
        key = bytes(key, "latin-1")

    if len(data) > 20:

        log.debug(f"verify_hmac: orig data {data}")

        mac = data[-10:]       
        data = data[:-10]     
        expected = hmac.new(key, data, digestmod=hashlib.sha256).digest()[0:10]

        log.debug(f"verfiy_hmac: mac       {mac}")
        log.debug(f"verify_hmac: key       {key}")
        log.debug(f"verify_hmac: data      {data}")
        log.debug(f"verify_hmac: expected  {expected}")
        log.debug(f"verify_hmac: value a   {hmac.new(key, expected, digestmod=hashlib.sha256).digest()}")
        log.debug(f"verify_hmac: value b   {hmac.new(key, mac, digestmod=hashlib.sha256).digest()}")

        # Double HMAC to prevent timing attacks. hmac.compare_digest() is
        # preferable, but only available since Python 2.7.7.
        return (
            hmac.new(key, expected, digestmod=hashlib.sha256).digest()
            == hmac.new(key, mac, digestmod=hashlib.sha256).digest()                                 <--- returns false
        )
    else:
        return False

it seems the mac and the expected value don't match, which causes the function to return false. don't know what might cause this:

failure:

2024-07-16 16:06:30,683 [encryption.py:184] [DEBUG]: verify_hmac: orig data b"@\xa4,hc\xd3jn%\x90\xa5\xd7\xe2:\x91\xd5\xdc\x80\x02]P$c\xae{{\x16}\xf1\x9f\xc3\xf6^u%o\xa3^^\xbd\xfd\x13\xe4\x89WmG\x81n\xda\x0e\xe1/\x1d\x91$\x08M\xcf\x9d@'\x13\xd3L\x8aC9{\x022\xc4\xe2\x9b%\xea\x9d\x108?\x16\x92s?:jF\x9e\xb4\x99\xf8&J\x0c\xbb\x0bdVF\xdfd\t\xf9\xfca\xe1C[\t\xcf1\xe7dw\xcfE\x11\xad\\\xbb\xf0\xc5%\x86:\x14\xe0\xa3\xd0\xbb.jV\x04\xd1I\xb7\xe6\xb6\x17\xaa\xed\x84i\xd2vO\x03>\x1fV\xe4\xe0\x8f~\xa4\xcb\xf8\xdf\x960\xb3\xa9-\xde,QT\xb0FGt0\xf5\xa1y\x9aSZ\xf2\t9\x14jz\xf7" 
2024-07-16 16:06:30,683 [encryption.py:190] [DEBUG]: verfiy_hmac: mac       b'\x9aSZ\xf2\t9\x14jz\xf7' 
2024-07-16 16:06:30,683 [encryption.py:191] [DEBUG]: verify_hmac: key       b'VOBqP^<;DY:-Z7`o(\\znm6QK.S/uCF9X' 
2024-07-16 16:06:30,683 [encryption.py:192] [DEBUG]: verify_hmac: data      b"@\xa4,hc\xd3jn%\x90\xa5\xd7\xe2:\x91\xd5\xdc\x80\x02]P$c\xae{{\x16}\xf1\x9f\xc3\xf6^u%o\xa3^^\xbd\xfd\x13\xe4\x89WmG\x81n\xda\x0e\xe1/\x1d\x91$\x08M\xcf\x9d@'\x13\xd3L\x8aC9{\x022\xc4\xe2\x9b%\xea\x9d\x108?\x16\x92s?:jF\x9e\xb4\x99\xf8&J\x0c\xbb\x0bdVF\xdfd\t\xf9\xfca\xe1C[\t\xcf1\xe7dw\xcfE\x11\xad\\\xbb\xf0\xc5%\x86:\x14\xe0\xa3\xd0\xbb.jV\x04\xd1I\xb7\xe6\xb6\x17\xaa\xed\x84i\xd2vO\x03>\x1fV\xe4\xe0\x8f~\xa4\xcb\xf8\xdf\x960\xb3\xa9-\xde,QT\xb0FGt0\xf5\xa1y" 
2024-07-16 16:06:30,683 [encryption.py:193] [DEBUG]: verify_hmac: expected  b'\x8b\xcd|\xdck\x86\xad&\x1d\xf6' 
2024-07-16 16:06:30,683 [encryption.py:194] [DEBUG]: verify_hmac: value a   b'\x18\xb9Q\xb7\x08\xf9\x82`\x1eJ%\x8d-&8\x16\t/#u\xf3_\x10\xb5\xe1O0R0V\xeb|' 
2024-07-16 16:06:30,683 [encryption.py:195] [DEBUG]: verify_hmac: value b   b',eO\xc2\xad\x1c\xedV\xfc\xa9]Ye\xbe\xf2\xdcv?\xd9rS\x17d\x8e\xa0\xc9,\x19zw\xbf\xd2'

success:

2024-07-16 16:06:29,573 [encryption.py:184] [DEBUG]: verify_hmac: orig data b'~YF\x03JU\x8a\xa7T/\x90zE3+\x94\xdb\x15rD4\xe6j\x11Ny\xc7\xbf\xa5ns\xcaW\x96W0\x03\xaa\xb5\xb5\xf2\xb8\xfb\n\xca\xdf\x1f\xa0\x0b\xee85"\xdd\x89\x07\xd0wTj>\xfb\x06pw\x8f\xb4\xe2\x9f\xcf\xdb\xd9\xec\xd8\xfd@\xc3\xd9|@x\x91s\xd2\xb3\x0bX\x87\xc1}\x85&H\xcf\'~K\xe9(\x1c\xaf\x17\xb0\x8a\xad\xa5SrJc\x92zX \x82\xbbl@b\xcf\xa5p[\xd8v\x97\xb1\xee\xdcj\x06\x8a]\xf5\x9c\x94\xa8&\xe2\xfe@\x9d\x9f\xe0x\x04\xafO.8\xfb\x8f\xd0x\xbdr\x82\x05\x853\xfb!\x93{v\x8b~\x84\x14f\xf4\x84\x8f\xeb"\xbf\xaaqH\xfe\x08\xef\x9d\x82\x04<\x01}\x98\x03]o*0\xcb\xceIN\xa5\xff{O~V\x97s\xb0TI\xe8\x03O\x11\x90\x8b\x8f\xb5[\'5\x82\xaa\xe4q\xb3\x06pE\x02\xb5\xdb_\xd5~\nUqNQSg\xd9\xbc\x87\x9c\xde\xec\x82\x7f\x17\x98\xf1\x04\xc69\x897\n\xb3\xb4BO\xdai\xb7Q\xe23f0\xef\x11\xd3\xf5\xaa\x88I\xd7\x85\xf2h\xc9=\xdaH\xc7\xf1\xa8\n\x03#\x9b\xe6\x7f!\x8b\x82\xff\x01\xd4\xde\xafB\xb1\x8e\xd5\x97PV\x9d\xfe\xa2p\xf9E\x02\x9b{9]\xf3\xc2u\x8c\xff\xdddL5L\xb4\x08a6\x9b=\xb4\x80Hr\x8d\xeb\x8e\xfc\x08+\xec:o?\x90\x91\x899\xd7\xe9\xd8\xd65F\xc8=\x17<n;\xb1n\x99\xf1$\x95%W\xe3\n\xc2p\xda\xbb<r\xfb^\xc7\xe3\xa1,\xb7\xb0W\xa1`\xfb)\xe7\x8d^\xee\n\x10\xce_\xe5\xe7\xbbn\xb0\x9by\xae\xe1@\x8dR\xe4J\xa5Z\xccx37\xb4\x19D\xe1HT\xed"\xaf\xed\xcd\xcb>\x11o\x1b7\t\xf9' 
2024-07-16 16:06:29,573 [encryption.py:190] [DEBUG]: verfiy_hmac: mac       b'\xed\xcd\xcb>\x11o\x1b7\t\xf9' 
2024-07-16 16:06:29,573 [encryption.py:191] [DEBUG]: verify_hmac: key       b'dY.k82hos>q&azAw5U0m)FGDZ_:4E-n*' 
2024-07-16 16:06:29,574 [encryption.py:192] [DEBUG]: verify_hmac: data      b'~YF\x03JU\x8a\xa7T/\x90zE3+\x94\xdb\x15rD4\xe6j\x11Ny\xc7\xbf\xa5ns\xcaW\x96W0\x03\xaa\xb5\xb5\xf2\xb8\xfb\n\xca\xdf\x1f\xa0\x0b\xee85"\xdd\x89\x07\xd0wTj>\xfb\x06pw\x8f\xb4\xe2\x9f\xcf\xdb\xd9\xec\xd8\xfd@\xc3\xd9|@x\x91s\xd2\xb3\x0bX\x87\xc1}\x85&H\xcf\'~K\xe9(\x1c\xaf\x17\xb0\x8a\xad\xa5SrJc\x92zX \x82\xbbl@b\xcf\xa5p[\xd8v\x97\xb1\xee\xdcj\x06\x8a]\xf5\x9c\x94\xa8&\xe2\xfe@\x9d\x9f\xe0x\x04\xafO.8\xfb\x8f\xd0x\xbdr\x82\x05\x853\xfb!\x93{v\x8b~\x84\x14f\xf4\x84\x8f\xeb"\xbf\xaaqH\xfe\x08\xef\x9d\x82\x04<\x01}\x98\x03]o*0\xcb\xceIN\xa5\xff{O~V\x97s\xb0TI\xe8\x03O\x11\x90\x8b\x8f\xb5[\'5\x82\xaa\xe4q\xb3\x06pE\x02\xb5\xdb_\xd5~\nUqNQSg\xd9\xbc\x87\x9c\xde\xec\x82\x7f\x17\x98\xf1\x04\xc69\x897\n\xb3\xb4BO\xdai\xb7Q\xe23f0\xef\x11\xd3\xf5\xaa\x88I\xd7\x85\xf2h\xc9=\xdaH\xc7\xf1\xa8\n\x03#\x9b\xe6\x7f!\x8b\x82\xff\x01\xd4\xde\xafB\xb1\x8e\xd5\x97PV\x9d\xfe\xa2p\xf9E\x02\x9b{9]\xf3\xc2u\x8c\xff\xdddL5L\xb4\x08a6\x9b=\xb4\x80Hr\x8d\xeb\x8e\xfc\x08+\xec:o?\x90\x91\x899\xd7\xe9\xd8\xd65F\xc8=\x17<n;\xb1n\x99\xf1$\x95%W\xe3\n\xc2p\xda\xbb<r\xfb^\xc7\xe3\xa1,\xb7\xb0W\xa1`\xfb)\xe7\x8d^\xee\n\x10\xce_\xe5\xe7\xbbn\xb0\x9by\xae\xe1@\x8dR\xe4J\xa5Z\xccx37\xb4\x19D\xe1HT\xed"\xaf' 
2024-07-16 16:06:29,574 [encryption.py:193] [DEBUG]: verify_hmac: expected  b'\xed\xcd\xcb>\x11o\x1b7\t\xf9' 
2024-07-16 16:06:29,574 [encryption.py:194] [DEBUG]: verify_hmac: value a   b'\xadb\xa4a\t\xe2\x9fJ\x8f\xeb`\x1c\x1f\x12\x033\x9a\xf5\x19B|\x9bU\xbfW\x17\x11)\xde\xccg]' 
2024-07-16 16:06:29,574 [encryption.py:195] [DEBUG]: verify_hmac: value b   b'\xadb\xa4a\t\xe2\x9fJ\x8f\xeb`\x1c\x1f\x12\x033\x9a\xf5\x19B|\x9bU\xbfW\x17\x11)\xde\xccg]' 
```

[Cx01N]

Thanks for following up with this information; I really appreciate it. Unfortunately, I am having no luck recreating it. If you want to jump into our Discord and @ me, I'd love to help in realtime and hopefully figure out what is wrong.