sliver icon indicating copy to clipboard operation
sliver copied to clipboard
verified publisher icon BishopFox

winrm extension issue with WSL

Open m3rcer opened this issue 1 year ago • 1 comments

winrm extension issue with WSL

After importing WSL Ubuntu from an exported .tar file and launching sliver on it, the winrm extension fails with the error - Error: Could not load extension: rpc error: code = Unknown desc = Error building import table: Error loading module: The specified module could not be found.

Note that this works on WSL Ubuntu's mastercopy but not it's exported images, could be an WSL issue.

To Reproduce

  1. Link to Ubuntu.tar VM: https://drive.google.com/file/d/1WKmWxH9OVoN-DERqcKKh4xoxxLX_pyA1/view Sliver version used: [*] Server v1.5.41 - f2a3915c79b31ab31c0c2f0428bbd53d9e93c54b - linux/amd64 Compiled at 2023-07-11 14:31:10 -0700 PDT

  2. Import the Ubuntu.tar using WSL: wsl --import Ubuntu C:\Ubuntu Ubuntu.tar

  3. Run Sliver server in an Ubuntu WSL terminal and attempt to run the winrm extension.

Output

[server] sliver (dcorp-vm1_https) > winrm -- -i dcorp-vm2 -u studentX -p password -c whoami 
[!] Could not load extension: rpc error: code = Unknown desc = Error building import table: Error loading module: The specified module could not be found.

Expected behavior

[server] sliver (dcorp-vm1_https) > winrm -- -i dcorp-vm2 -u studentX -p password -c whoami 
[*] Successfully executed winrm 
[*] Got output: 
[+] Arguments processed hostname: dcorp-vm2
command: whoami 
username: studentX 
password: password
dcorp\studentX

Remediations attempted

  1. Tried uninstalling and reinstalling the winrm extension from an offline build (https://github.com/sliverarmory/winrmdll-sliver) using the extensions command.

  2. Removed .sliver* folders from /root and reinstalled Sliver assets along with the winrm extension

m3rcer avatar Mar 13 '24 12:03 m3rcer

Hello :) This also happens on a Ubuntu 22 VM

lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.5 LTS
Release:	22.04
Codename:	jammy

Have tried the above steps but had idential outcome. Session is x64 on Win Server 2022.

version

[*] Client v1.5.42 - 85b0e870d05ec47184958dbcb871ddee2eb9e3df - linux/amd64
    Compiled at 2024-02-28 19:46:53 +0000 UTC
    Compiled with go version go1.20.7 linux/amd64


[*] Server v1.5.42 - 85b0e870d05ec47184958dbcb871ddee2eb9e3df - linux/amd64
    Compiled at 2024-02-28 19:46:53 +0000 UTC

BaffledJimmy avatar Dec 08 '24 16:12 BaffledJimmy