You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Operating System: Kali 2019.4 & Ubuntu 18.04 || Agent Running on Windows 10 10.0.14393 Build 14393
Expected Behavior
Agent should connect to server - Arch shouldn't change JWT validation
Actual Behavior
Compiled 64bit agent runs fine with no issues connecting to server. I've also build a 32 bit version of the agent with: GOARCH=386 GOOS=windows go build -o merlinAgentx32.exe cmd/merlinagent/main.go
Testing this on 32bit (and 64) versions of Windows10 about 40% of the time the agent fails to fully enroll with server when validating the JWT due to a expired token. When the Agent goes to check in again it attempts to start the OPAQUE Registration and the server replies that the agent is already registered however the agent is listed as dead and will never fully complete the registration with the server.
Agent Error: (debug)
Server Error: (verbose mode on)
Steps to Reproduce Behavior
Compile 32 bit agent: GOARCH=386 GOOS=windows go build -o merlinAgentx32.exe cmd/merlinagent/main.go
Run on Windows10 32bit or 64 bit with this command: .\merlinAgentx32.exe -url https://192.168.56.106:443 -psk test -v -debug
Roughly 40% of the time the agent fails the JWT validation due to timing issues.
Misc Information
I've tested this by running the server on virtual and non-virtual machines including Kali 2019.4 and Ubuntu 18.04. I've also tested the agent on 32&64 bit Windows 10 machines both virtual and non-virtual. Validated that the time was set correctly in all instances due to mention in this issue (#85)
I haven't seen any reference to testing 32bit binaries however I did see reference in the go module code so I believe it is still supported. If not please let me know and we can close this issue.
The text was updated successfully, but these errors were encountered:
Thanks for reporting this issue with a lot of good detail @backcountryinfosec . I've taken a look and I'm not able to reproduce the finding on my own. I ran the agent about 20 times. I suspect this is still due to a timing thing. To the best of my knowledge, there is no difference in the source code between x86 and x64.
@Ne0nd0g thanks for the quick response! I forgot that I had wanted to look for that wait time in the code, thanks for pointing that out. I adjusted and recompiled as you suggested and I've had no errors so far in testing. I'll probably start working backward from 60s to see how close I can get to the original 10s. Thanks again.
Prerequisite
Environment Data
Expected Behavior
Agent should connect to server - Arch shouldn't change JWT validation
Actual Behavior
Compiled 64bit agent runs fine with no issues connecting to server. I've also build a 32 bit version of the agent with:
GOARCH=386 GOOS=windows go build -o merlinAgentx32.exe cmd/merlinagent/main.go
Testing this on 32bit (and 64) versions of Windows10 about 40% of the time the agent fails to fully enroll with server when validating the JWT due to a expired token. When the Agent goes to check in again it attempts to start the OPAQUE Registration and the server replies that the agent is already registered however the agent is listed as dead and will never fully complete the registration with the server.
Agent Error: (debug)
Server Error: (verbose mode on)
Steps to Reproduce Behavior
Compile 32 bit agent:
GOARCH=386 GOOS=windows go build -o merlinAgentx32.exe cmd/merlinagent/main.go
Run on Windows10 32bit or 64 bit with this command:
.\merlinAgentx32.exe -url https://192.168.56.106:443 -psk test -v -debug
Roughly 40% of the time the agent fails the JWT validation due to timing issues.
Misc Information
I've tested this by running the server on virtual and non-virtual machines including Kali 2019.4 and Ubuntu 18.04. I've also tested the agent on 32&64 bit Windows 10 machines both virtual and non-virtual. Validated that the time was set correctly in all instances due to mention in this issue (#85)
I haven't seen any reference to testing 32bit binaries however I did see reference in the go module code so I believe it is still supported. If not please let me know and we can close this issue.
The text was updated successfully, but these errors were encountered: