Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mythic create new callback issue #11

Closed
who1smrrobot opened this issue Feb 7, 2022 · 1 comment · Fixed by #12
Closed

Mythic create new callback issue #11

who1smrrobot opened this issue Feb 7, 2022 · 1 comment · Fixed by #12

Comments

@who1smrrobot
Copy link

Hi,

when spawning a new linux payload (python3), the active callback cannot be created as the username field is empty:

image

Failed to create new callback null value in column "user" of relation "callback" violates not-null constraint
DETAIL:  Failing row contains (1, e11d1b05-1279-445e-af89-7cdf6a829c8f, 2022-02-06 08:56:10.628592, 2022-02-06 08:56:10.628595, null, WEB50, 35668, 172.10.10.50, 172.10.10.50, , First linux-python-payload, 1, t, 1, 2, f, null, 1, null, null, null, Linux 5.11.0-49-generic, x64, , null, , , null).

It seems as the os.getlogin() function causes the trouble, so I decided to replace it with getpass.getuser() which is also supported according to this article: https://stackoverflow.com/questions/47444178/difference-between-os-getlogin-and-os-environ-for-getting-username

Medusa/Payload_Type/medusa/agent_code/base_agent/base_agent.py3

Line 15 in 9266936

try: return os.getlogin()

@who1smrrobot who1smrrobot mentioned this issue Feb 7, 2022
Merged
@gelosecurity
Copy link

I was having this same exact issue, in particular i had this error pop up when running a medusa payload:

Traceback (most recent call last):
  File "/tmp/run.py", line 1072, in <module>
    medusa = medusa()
  File "/tmp/run.py", line 1058, in __init__
    self.checkIn()
  File "/tmp/run.py", line 364, in checkIn
    UUID = json.loads(decoded_data.replace(self.agent_config["PayloadUUID"],""))["id"]
KeyError: 'id'

My friend traced down the error using pdb:

(Pdb) print(decoded_data.replace(self.agent_config["PayloadUUID"],""))["id"]
{"status":"error","error":"Failed to create callback: null value in column \"user\" of relation \"callback\" violates not-null constraint\nDETAIL:  Failing row contains (105, 04a25b5f-d237-4c5b-8e40-711f3358eaed, 2022-10-13 03:08:58.843399, 2022-10-13 03:08:58.843403, null, EEDED8995C94, 3055, 172.17.0.3, 23.240.244.100, , no xor, 1, t, 15, 2, f, null, 1, null, null, null, Linux 5.10.104-linuxkit, x64, , null, , , null).\n"}
*** TypeError: 'NoneType' object is not subscriptable

A temporary solution (as this pull request hasn't been acepted) is to create a non-root user and run the payload as that user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bug fix issue on os.getlogin() who1smrrobot/Medusa
2 participants
@who1smrrobot @gelosecurity