Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Carbanak]: Without a Database Connected that Payload UUID Tracking will not work #150

Open
1 task done
SauravChittal opened this issue Oct 17, 2023 · 4 comments
Open
1 task done

[Carbanak]: Without a Database Connected that Payload UUID Tracking will not work #150

SauravChittal opened this issue Oct 17, 2023 · 4 comments

Comments

@SauravChittal
Copy link

Contribution Description

I was recently trying to emulate the carbanak attacks using different VMs, and I was able to get everything working up until step 8.
I was able to create and vbs script and was able to make it run during startup too, and it is able to connect with my attack platform too, however, on the meterpreter, it gives me the following error:
https://192.168.0.4:80 handling request from <cfo_ip>; (UUID: wmjrrk) Without a Database Connected that Payload UUID Tracking will not work!

When I start and connect msfconsole to postgresql, I get the new following error:

https://192.168.0.4:80 handling request from <cfo_ip>; (UUID: wmjrrk) Redirecting stageless connection from <a huge bunch of gibberish> with UA 'Mozilla/5.0 (Windows NT 6.1; Trident 7.0; rv:11.0) Like Gecko'

How would you solve these errors?

Supporting files or evidence

No response

Where did you find this information?

No response

Operating System

Linux

Code of Conduct
@archcloudlabs
Copy link
Contributor

The error you're describing appears to be a known issue with the Metasploit framework that was fixed in 2021.

This issue appears to have popped up in 2018 in this thread here but fixed in 2021 with this PR.

Per the provided output in PR 15546, it looks similar to what you have provided above, but the output in the PR shows that a session is created.

msf6 exploit(multi/handler) > 
[*] Started HTTPS reverse handler on https://192.168.140.1:8443
[*] Handler is ignoring unknown payloads
[*] https://192.168.140.1:8443 handling request from 192.168.140.132; (UUID: ayeihldr) Redirecting stageless connection from /LCTedX-MufPS_NP9s-FRfA2vRchyXXGhGnMpOBvZ_dEN4zYA-To1Yi8Ap5B with UA 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko'
[*] https://192.168.140.1:8443 handling request from 192.168.140.132; (UUID: ayeihldr) Attaching orphaned/stageless session...
[*] Meterpreter session 1 opened (192.168.140.1:8443 -> 127.0.0.1) at 2021-08-18 17:02:42 -0500

By chance are you using an older version of Metasploit that does not have this patch?
Are you obtaining a Meterpreter session even with this additional output?

@SauravChittal
Copy link
Author

I checked my metasploit version, and confirmed that it was 6.3.31-dev, so I don't think it was because my Metasploit doesn't have the patch since it's a very recent version.

When I actually restart the CFO, this is what happens in my msf screen:
image

and it just keeps scrolling with these specific error messages.

@archcloudlabs
Copy link
Contributor

By chance have you executed the setup.sh script prior to running the emulation?

@SauravChittal
Copy link
Author

Admittedly I hadn't, I did all the steps that were labelled in the attack, which might've cause this specific issue. However, now that I ran setup.sh, after replacing all the IP and hostnames as needed, I don't get the error about the databases, however, I still get this error:

image

Again, it just keeps going on, and as fast as I can tell, I see no meterpreter session

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@archcloudlabs @SauravChittal