View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006623Kali LinuxKali Package Bugpublic2020-08-06 02:412020-12-01 10:48
ReporterOS-74160 Assigned Tosbrun  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2020.2 
Summary0006623: powershell-empire basic functionality broken in Kali-packaged version
Description

Basic http listener is broken when windows/launcher_bat stager connects. The agent is unable to be created. The error is "unable to open the database file". Traceback is this:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/share/powershell-empire//lib/listeners/http.py", line 1086, in handle_get
stage = self.generate_stager(language=language, listenerOptions=listenerOptions,
File "/usr/share/powershell-empire//lib/listeners/http.py", line 581, in generate_stager
stager = helpers.keyword_obfuscation(stager)
File "/usr/share/powershell-empire/lib/common/helpers.py", line 274, in keyword_obfuscation
conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
sqlite3.OperationalError: unable to open database file

Steps To Reproduce
  1. In a brand new Kali 2020.2a VMware image downloaded fresh from the OffSec website, run "apt update" and "apt install powershell-empire"
  2. Run powershell empire as the kali user and use the workaround for first-time run mentioned in this bug report (still not fixed): https://bugs.kali.org/view.php?id=6449
  3. "listeners", "uselistener http", set the Host and Port, and "execute"
  4. "back", "usestager windows/launch_bat", set the Listener to http, and "execute"
  5. transfer the stager to the target and run it
  6. Observe the error noted above in powershell-empire
Additional Information

This can be fixed by modifying line 274 in /usr/share/powershell-empire/lib/common/helpers.py like this:

############
#conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
conn = sqlite3.connect(os.path.expanduser("~/.local/powershell-empire/empire.db"), check_same_thread=False)
############

so that it matches up with lines 26-40 in /usr/share/powershell-empire/empire and also similar to how it was handled on line 322 of /usr/share/powershell-empire/lib/commonempire.py:

############
self.conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'),
############

Activities

sbrun

sbrun

2020-08-06 09:21

manager   ~0013208

Thanks for the report.
The issue will be fixed in version 3.3.1-0kali2

BTW you also said that you had the same issue as mentioned in https://bugs.kali.org/view.php?id=6449
even if you had a fresh installation.
This problem should only appear after the update from an older version than 3.2.3. I don't reproduce it on a fresh install.
It won't be fixed, it's not considered as a bug by upstream:
https://github.com/BC-SECURITY/Empire/issues/227
OS-74160

OS-74160

2020-08-06 09:40

reporter   ~0013209

Thank you for your response. With regard to the "other" bug id I thought was 6449, It looks like I mis-identified it, and I'll need to open another bug for it. It's a minor one and only results in SyntaxWarnings at install time.
sbrun

sbrun

2020-08-06 09:50

manager   ~0013210

OK.
Yes if you still have the information about the other issue, please open a new bug report.
Thanks!

Issue History

Date Modified Username Field Change
2020-08-06 02:41 OS-74160 New Issue
2020-08-06 06:29 sbrun Assigned To => sbrun
2020-08-06 06:29 sbrun Status new => assigned
2020-08-06 09:21 sbrun Status assigned => feedback
2020-08-06 09:21 sbrun Note Added: 0013208
2020-08-06 09:40 OS-74160 Note Added: 0013209
2020-08-06 09:40 OS-74160 Status feedback => assigned
2020-08-06 09:50 sbrun Note Added: 0013210
2020-08-06 09:51 sbrun Status assigned => resolved
2020-08-06 09:51 sbrun Resolution open => fixed
2020-12-01 10:48 g0tmi1k Priority immediate => normal