doublepulsar-detection-script icon indicating copy to clipboard operation
doublepulsar-detection-script copied to clipboard

Published 20 hours ago verified publisher icon WithSecureLabs

error when running

Open italy2010 opened this issue 8 years ago • 7 comments

C:\Users\dodo>C:\Users\dodo\Downloads\Compressed\doublepulsar-detection-script-master_2\doublepulsar-detection-script-master\detect_doublepulsar_smb.py --ip xxxxxxxxxx Traceback (most recent call last): File "C:\Users\dodo\Downloads\Compressed\doublepulsar-detection-script-master_2\doublepulsar-detection-script-master\detect_doublepulsar_smb.py", line 155, in check_ip(ip) File "C:\Users\dodo\Downloads\Compressed\doublepulsar-detection-script-master_2\doublepulsar-detection-script-master\detect_doublepulsar_smb.py", line 98, in check_ip modified_trans2_session_setup[28] = tree_id[0] IndexError: string index out of range

italy2010 avatar Apr 26 '17 01:04 italy2010

Yep, same here.

EpicLPer avatar Apr 26 '17 09:04 EpicLPer

Yup, same error https://abload.de/img/erwdwk1g.jpg

MichalPlays avatar Apr 26 '17 09:04 MichalPlays

I have the same error running under Debian 8.6

SaiGonSeamus avatar Apr 26 '17 17:04 SaiGonSeamus

I haven't seen that specific error before and it's very difficult to know exactly what is happening without at least a PCAP of the network traffic to look at.

However, the OS versions I have seen fail to get all the way through the protocol sequence have been ones that the implant itself cannot communicate with successfully either so the likelihood is that they won't be infected if so. For example, windows 10 and 2012 both fail but then I had the same with issue with the implant itself on those OS versions.

countercept avatar Apr 27 '17 10:04 countercept

I got the same problem here CentOs 7 It hangs if the command is run agains a list of IPs defined in a file

python detect_doublepulsar_smp.py --file smb.lst

if I run the command with a single IP python detect_doublepulsar_smp.py --ip 192.168.9.10

I get: Traceback (most recent call last): File "./detect_doublepulsar_smb.py", line 169, in check_ip(ip) File "./detect_doublepulsar_smb.py", line 94, in check_ip modified_tree_connect_request[32] = user_id[0] IndexError: string index out of range

This is happening at line 81 session_setup_response = s.recv(1024) --> return nothing so it fails at the next statement modified_tree_connect_request[32] = user_id[0]

Not sure why this is happening at the network traffic level. I just added a simple control to avoid the hanging if run the command against a list of IPs defined in a file

session_setup_response = s.recv(1024) if session_setup_response == "": print "No Response from the socket" sys.exit()

marcellogiannoni avatar Apr 28 '17 01:04 marcellogiannoni

I've tried using the built in Bash shell in Windows 10 Anniversary Edition and on my notebook running Linux-Mint. I get the same error on both.

NJC2 avatar Apr 28 '17 23:04 NJC2

screen shot 2017-05-12 at 23 59 01 Its working great without VPN, but when I enable VPN it start throwing errors.

g33xter avatar May 13 '17 07:05 g33xter