New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to Login to KingPhisher. Not sure what has changed in the past week? #293
Comments
It looks like your missing a couple of lines after the server log. Can you please include more of the data from the logs? |
I just restarted KP and failed Login at the client GUI again. Here's the server logs. root@kali2:/opt/king-phisher# ./KingPhisherServer -f -L DEBUG server_config.yml |
I'm still not seeing the |
Also please include the client logs and the server logs from the same execution. All lines from when you start them to after you get the exception saying you can't login. |
Sorry, stepped away from my PC for another meeting. Here's the KP Server logs. root@kali2:/opt/king-phisher# ./KingPhisherServer -f -L DEBUG server_config.yml ====================================== Here's the client logs. root@kali2:/opt/king-phisher# ./KingPhisher ===================================== Error Type: advancedhttpserver.RPCError Thread Information: Stack Trace: |
I see that KP 1.11.0 was released 10 days ago. Maybe I should upgrade from 1.10 to 1.11? |
Yes, you should always update. Also it looks like you're logging in a second time is that correct? The server logs are showing that a previously authenticated session is being invalidated. This would occur if you authenticated using the same account a second time while the first was still active which you can't do. |
I did try to reauthenticate because I was not successful the first time. |
I don't think upgrading is going to fix your issue but if you fall to far behind we won't help you. Go ahead and upgrade when you get a chance and if you don't we'll just ask that you do so before we help out on your next issue. We have instructions on how to upgrade in the wiki. So if you weren't successful in authenticating the first time what was the error, do you get the same error both times? From the server logs it looks like root logged in once, everything loaded just fine then root logged in a second time while the first client was still connected. When this happened the next time the first instance of root contacted the server, it got that ugly 401 Unauthenticated error. |
Ok, I upgraded to KP 1.11.0 following the wiki instructions. Ran the verify-config check for server_config.yml with no errors. Looks good!
WARNING it is not necessary to run the king phisher client as root
DEBUG 127.0.0.1 tid: 0x7f52e2bb8700 running http request handler I just noticed in the background that KP GUI client crashed! Thread Information: Stack Trace: ===================== ERROR failed to connect to the server event socket |
When you run the client can you please specify It looks like this error has something to do with the websocket failing to connect. Can you also please send me the output of the command: |
Also what are your Server, HTTP SSL and HTTP Port options all set to on the login dialog? |
root@kali2:/opt/king-phisher# python3 -c "import advancedhttpserver; print(advancedhttpserver.file + ' v' + advancedhttpserver.version)" ======================================== root@kali2:/opt/king-phisher# ./KingPhisher -L DEBUG ====================================== ===================== |
Just got another Error... like earlier... Thread Information: Stack Trace: |
That makes sense and let me guess, there was about a 5 minute delay in between when the login failed and you got that exception right? So I'm 99% sure that what's happening is that the web socket (also referred to as the event socket) is failing to connect which is causing the login to be aborted. |
I'm working on figuring out why the event socket isn't connecting which is why I asked about the connection details. |
Let me know if I can provide any additional logs... strange, this was running fine for 2 weeks and then this happened. Weird. |
Ok I can not figure out what's causing the web socket to fail. I'm still pretty sure that's the problem but I can't reproduce it. I've pushed up a change to our development branch that add some more logging that was apparently missing in that area. Can you please opt into beta testing and try again? Also when you run it can you add the This should hopefully include exception information that will help me diagnose why the websocket is failing. |
Ok, I clicked on the "opt in beta testing" link above but I didn't see if I needed to fill in any additional info. Followed the instructions for installing dev branch. I did install pysimplesoap but not sure why it keeps thinking it's not installed. Notice the error at the end of the logs below. ============================
./install.sh: line 426: 17671 Segmentation fault python3 -m pip install -I -r requirements.txt |
As long as you ran the git commands you should be fine to just continue. It's not necessary or advisable to re-run the install script. |
root@kali2:/opt/king-phisher# ./KingPhisher --logger "" -L DEBUG DEBUG dashboard refresh frequency set to 300 seconds |
Now we're getting somewhere! Thanks for that info, it confirms my suspicion. Do you have an |
Bingo! removing the http_proxy and https_proxy variables resolved the issue! Looks like KP is working again. Sorry to waste your time today on this. Maybe add notes to your wiki to warn others? I had to add the proxy variables to update other modules earlier. |
Thanks again for your help today!!! |
Well since we open a port forward for the websocket it should never connect with a proxy, so this is really a bug. I'll get a patch pushed up to |
Alright, bug has been fixed in commit 93431bc which is live in the dev branch. This change effectively makes the client's web socket connection ignore any http(s)_proxy environment variables that may be set. Proxies won't be used but at least now setting them won't prevent you from logging in. Thanks for reporting this issue and being so responsive, it wasn't an easy one to troubleshoot. |
Issue Description
Unable to Login to KingPhisher. I rebooted my Kali Linux and launched ./KingPhisher. The client GUI popped up and I tried to login. Logs showed this.
EBUG 127.0.0.1 tid: 0x7f1ed37fe700 running http request handler
DEBUG calling RPC method rpc_version()
INFO 127.0.0.1 "RPC /version HTTP/1.1" 200 -
DEBUG 127.0.0.1 tid: 0x7f1ed37fe700 running http request handler
DEBUG sent request with sequence number 0 and action 'authenticate'
DEBUG received request with sequence number 0 and action 'authenticate'
DEBUG pam returned code: 0 reason: 'Success' for user root after 0.03 seconds
DEBUG sent response with sequence number 0
DEBUG received response with sequence number 0
INFO user root has successfully authenticated
INFO successful login request from 127.0.0.1 for user root
However, the client GUI showed Login Failed. Why the discrepancy?
Then, I got this error below.
rror Type: advancedhttpserver.RPCError
Error Details: RPCError(message='Unauthorized', status=401, remote_exception=False)
Error UID: 94c43c84-e7b0-46ec-902e-142f1cd813de
RPC Error: N/A (Not a remote RPC error)
King Phisher Version: 1.10.0 (rev: 63aaf47)
Platform Version: Linux: Kali kali-rolling kali-rolling
Python Version: 3.6.5
Gtk Version: 3.22.29
Timezone: America/Los_Angeles
Thread Information:
=> MainThread (alive=True daemon=False)
Stack Trace:
Traceback (most recent call last):
File "/opt/king-phisher/king_phisher/client/client_rpc.py", line 421, in ping
return self.call('ping')
File "/usr/local/lib/python3.6/dist-packages/advancedhttpserver.py", line 601, in call
raise RPCError(resp.reason, resp.status)
advancedhttpserver.RPCError: the server responded with 401 'Unauthorized'
Reproduction Steps
Environment Details
Host OS: Kali2 2018.1
King Phisher Version: installed
Error Details / Stack Trace
The text was updated successfully, but these errors were encountered: