Exfiltration with curl on linux returns 500 #2786
Comments
|
Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/ |
|
Also I need your help with locating log files, because when the issue appeared I couldn't find any log file XD. The only log source was server.py output. |
|
Hi, have you tried running the exact same command manually without using CALDERA? Does it work for you? I am no expert in this topic so I tried something else that worked. Try the following command (taken from Concerning log files, I do not think CALDERA stores logs anywhere - at least I never encountered them. Best regards, |
|
@L015H4CK Hi, Thank you for your reply. Yeah, I tried running the same command without using CALDEFA, it doesn't work, returns the same error. I got this command from ability, you mentioned. It failed each time I've tried. So after some time I found out this issue (#613 (comment)) and modified my command accordingly. The thing is that I modified app/service/file_svc and disabled the next snippet: async def create_exfil_operation_directory(self, dir_name, agent_name):
print("create_exfil_operation_directory"+ str(self.data_svc.ram['operations']))
op_list = self.data_svc.ram['operations']
print("create_exfil_operation_directory - op list:" + str(op_list))
op_list_filtered = [x for x in op_list if x.state not in x.get_finished_states()]
print("create_exfil_operation_directory - op list filtered:" + str(op_list_filtered))
special_chars = {ord(c): '_' for c in r':<>"/\|?*'}
agent_opid = [(x.name.translate(special_chars), '_', x.start.strftime("%Y-%m-%d_%H%M%SZ"))
for x in op_list_filtered if agent_name in [y.paw for y in x.agents]]
#print("create_exfil_operation_directory - agent_opid:" + str(agent_opid[0]))
#path = os.path.join((dir_name), ''.join(agent_opid[0]))
path = os.path.join((dir_name), ''.join(agent_opid))
print("create_exfil_operation_directory - path: " + path)
if not os.path.exists(path):
print("create_exfil_operation_directory - creating path")
os.makedirs(path)After those steps exfil works fine with the same command , that caused this issue. |
|
Oh man thank you for fixing this! |
|
@buratinoo0 were you doing this outside a Caldera operation? Seems like Caldera was trying to construct the exfil directory name based on operation ID but there wasnt one. |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days |
|
reopen if still have issue. |
|
I have this issue |
After staging a directory I try to exfiltrate it to Caldera server, but it returns 500 error code.
Steps to reproduce the behavior:
Expected behavior
Successful POST request and staged directory exfiltrated to caldera server.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Also tried execute i from Calder server itself and get same response. Tried to apply some flags and found out that execurion fails here:
As you can see operation start, the directory on C2 creates with success, but nothing is send from agent.
The text was updated successfully, but these errors were encountered: