Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Long running modules lock up agents #16

Closed
Invoke-Mimikatz opened this issue Nov 11, 2019 · 4 comments
Closed

Long running modules lock up agents #16

Invoke-Mimikatz opened this issue Nov 11, 2019 · 4 comments
Assignees
Labels

Comments

@Invoke-Mimikatz
Copy link

@Invoke-Mimikatz Invoke-Mimikatz commented Nov 11, 2019

Empire Version

[Version] 2.5 BC-Security Fork

OS Information (Linux flavor, Python version)

Python 2.7.16, Kali GNU/Linux, version 2019.2

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

Expected behaviour: An agent runs a long running job. The agent continues to beacon back to C2 server, and the agent can run other jobs while the first job runs in the background.

Actual behaviour: The agent starts a long running job. The agent no longer beacons back to the C2 server, and an operator can no longer interact with the agent.

Screenshot of error, embedded text output, or Pastebin link to the error

No screenshot, but tested a few long running modules, including inveigh_relay, process_killer, keylogger, and a reverse_socks_proxy module I've been working on. All of these modules that run like a job should be run in the background, should be able to be viewed by running jobs and should be able to be killed with jobs kill JOB_ID. All agents die after the start of any of these long running jobs.

Any additional information

Agent running on Windows 10, PSversion 5.1

@Cx01N Cx01N added the bug label Nov 11, 2019
@Cx01N

This comment has been minimized.

Copy link

@Cx01N Cx01N commented Nov 11, 2019

I can confirm that this issue is present on the current 2.5 build and the new dev build.

image

image

@Hubbl3

This comment has been minimized.

Copy link

@Hubbl3 Hubbl3 commented Dec 24, 2019

Been spending some time trying to isolate the issue. The Empire 2.5 master branch runs without locking up the agent but this bug is also present in the Empire 2.5 Dev branch. That also coincides with some updates to agent.

My best guess right now is that an update broke the multi threading as the agents continue to run through the module logic loops. They just become unresponsive both on the compromised host and to the C2 server

@Hubbl3 Hubbl3 added the confirmed label Dec 25, 2019
@Hubbl3

This comment has been minimized.

Copy link

@Hubbl3 Hubbl3 commented Dec 26, 2019

@Invoke-Mimikatz I just pushed a commit that should have fixed this issue. Let me know if it still persists.

@Cx01N Cx01N closed this Dec 27, 2019
@Invoke-Mimikatz

This comment has been minimized.

Copy link
Author

@Invoke-Mimikatz Invoke-Mimikatz commented Dec 29, 2019

Tested this out with keylogger and it seems to run correctly as a background job now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.