listener and agent on reset or overwrite

[rossiV1]

Empire Version

3.0.1 BC-Security Fork

OS Information (Linux flavor, Python version)

Ubuntu 18.04, Python 3.6.9

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

Fresh install or overwrite of new version of empire will generate error below if same setup of listener is configured

Screenshot of error, embedded text output, or Pastebin link to the error

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/opt/Empire//lib/listeners/http.py", line 1035, in handle_get
clientIP)
File "/opt/Empire/lib/common/agents.py", line 1533, in handle_agent_data
routingPacket = packets.parse_routing_packet(stagingKey, routingPacket)
File "/opt/Empire/lib/common/packets.py", line 281, in parse_routing_packet
sessionID = routingPacket[0:8].decode('UTF-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xdb in position 0: invalid continuation byte
[2020-01-03 15:46:19,312] ERROR in app: Exception on /c/msdownload/update/others/2013/11/9946821_f5082b842c8abc5c47cfc68f98340ec384b69fa9.cab [GET]
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/opt/Empire//lib/listeners/http.py", line 1035, in handle_get
clientIP)
File "/opt/Empire/lib/common/agents.py", line 1533, in handle_agent_data
routingPacket = packets.parse_routing_packet(stagingKey, routingPacket)
File "/opt/Empire/lib/common/packets.py", line 281, in parse_routing_packet
sessionID = routingPacket[0:8].decode('UTF-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x84 in position 0: invalid start byte
[2020-01-03 15:46:26,979] ERROR in app: Exception on /c/msdownload/update/software/ftpk/2013/11/ie-spelling-nl_3576e6450352dfc0c0892bf62384e75a56d780a7.msu [GET]
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "/opt/Empire//lib/listeners/http.py", line 1035, in handle_get
clientIP)
File "/opt/Empire/lib/common/agents.py", line 1533, in handle_agent_data
routingPacket = packets.parse_routing_packet(stagingKey, routingPacket)
File "/opt/Empire/lib/common/packets.py", line 281, in parse_routing_packet
sessionID = routingPacket[0:8].decode('UTF-8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf2 in position 0: invalid continuation byte

Any additional information

The error above only shows when you overwrite previous empire install or reset the previous empire with agents connected and setup the same listener settings.

the error is resolve when a new agent in connected.

Not sure if it is a bug or anything, just posting this up coz it happened to me.

[Hubbl3]

@rossiV1 it is a bug. There is an issue in the handling of "unknown" agents (I.e agents that belong to a different empire server.)

[Hubbl3]

@rossiV1 I have fixed the error but an old agent will still cause continuous checkins as the server and agent can't properly talk to each other since they are using different keys.