Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Invoke-PSRemoting block current agent #359

Closed
mpgn opened this issue Oct 17, 2020 · 3 comments · Fixed by #361
Closed

[BUG] Invoke-PSRemoting block current agent #359

mpgn opened this issue Oct 17, 2020 · 3 comments · Fixed by #361
Labels
bug Something isn't working

Comments

@mpgn
Copy link

mpgn commented Oct 17, 2020
edited
Loading

Empire Version

  • Empire 3.5.1

OS Information (Linux flavor, Python version)

  • OS: linux
  • Python: 3.8

Describe the bug

Maybe not a bug, maybe yes.
When running Invoke-PSRemoting, a new agent pop and it's working fine. But the current agent is blocked and cannot be used unless the new agent is killed.
Is there any workaround for this so the first agent is not blocked waiting for the Invoke-PSRemoting to finish ?

To Reproduce

From agent 1 run Invoke-PSRemoting

Expected behavior

Agent should not be blocked, maybe the Invoke-PSRemoting should be run as a job.

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.
@mpgn mpgn added the bug Something isn't working label Oct 17, 2020
@Cx01N
Copy link

Cx01N commented Oct 17, 2020

You need to be running empire in Python 3.
Also, can you please provide more information (Empire version, Listener, Stager, what lateral settings and target info)?

@mpgn
Copy link
Author

mpgn commented Oct 17, 2020

  • http listener
  • hta stagers

The agent is running on a windows 10 latest version. The module does work, but the inital agent is no responding after that.

The log show this when running the module

image

@mpgn
Copy link
Author

mpgn commented Oct 17, 2020
edited
Loading

I think I understand why.

I had one agent (agent 1) and wanted to pop another agent so I did in the console Start-Job { powershell xxxx }
From the new agent (agent 2) I run the Invoke-PSRemoting and maybe this is why it failed

I simplify the poc

  1. I start a listener
  2. I create a HTA stager
  3. Agent connect to Empire
  4. I run the module Invoke-PSRemoting with proxy settings configured
  5. New agent pop
  6. the inital agent is stuck, if I exit the new agent, the initial agent is back to life again

@mjokic mjokic mentioned this issue Oct 19, 2020
Merged
@Cx01N Cx01N linked a pull request Oct 21, 2020 that will close this issue
Fix for issue #359 #361
Merged
Cx01N added a commit that referenced this issue Oct 22, 2020
@mjokic @Cx01N
Fix for issue #359 (#361)
fbee28b 
* Fix for issue 359, Invoke-PSRemoting blocks current agent

* Update invoke_psremoting.py

* Update invoke_psremoting.py

Co-authored-by: Anthony Rose <anthony.rose@bc-security.org>
@Hubbl3 Hubbl3 closed this as completed Oct 22, 2020
@Cx01N Cx01N mentioned this issue Oct 22, 2020
Merged
vinnybod pushed a commit that referenced this issue Jun 15, 2022
@X0RW3LL
Added -UseBasicParsing to iwr (#359)
55aaaec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for issue #359 mjokic/Empire
3 participants
@mpgn @Cx01N @Hubbl3