Havoc icon indicating copy to clipboard operation
Havoc copied to clipboard
verified publisher icon HavocFramework

[Teamserver-Client--Bug]: Running the download command will result in downloading a file with 0 B in it.

Open raf181 opened this issue 3 years ago • 4 comments

Contact Details

[email protected]

What happened?

Running the download command will result in downloading a file with 0 B in it. Running Havok server and client on the latest Debian 11, target machine windows 11 Preview.

I have tried it with a bunch of different file formats and tried it in different file directories also tried it with defender Off

The possible cause for the bug may be running windows 11 preview ( also it detects it as windows 10 )

Did You Do a Pull First?

Latest (You performed a pull first)

Relevant log output

24/10/2022 14:18:59 [######] Demon » dir
[*] [6A32D7F8] Tasked demon to list current directory
[+] Send Task to Agent [26 bytes]
[*] List Directory: C:\Users\######\OneDrive\Documentos

 Size         Type     Last Modified         Name    
 ----         ----     -------------------   ----    
 59.90 kB     file     24/10/2022 27:54:10   demon.exe
 418 B        file     24/10/2022 48:35:10   desktop.ini
              dir      24/10/2022 43:45:10   Downloads
              dir      24/10/2022 43:45:10   GitHub  
 76.04 kB     file     21/10/2022 17:45:10   logo.png
              dir      24/10/2022 43:45:10   Setup   
 11 B         file     21/10/2022 54:20:11   test.txt


24/10/2022 14:19:33 [######] Demon » download text.txt
[*] [B1FDC352] Tasked demon to download a file text.txt
[+] Send Task to Agent [40 bytes]
[*] Downloaded file: text.txt (0)

Did You Read Over Your Issue First?

  • [X] I declare I made an effort and provided the necessary information for replication of the issue.

raf181 avatar Oct 24 '22 18:10 raf181

I also experienced this issue. However for me it also created a secondary file at the target node via the demon. For example, for testing purposes I created a flag in the documents of the target VM and when attempting to retrieve said flag.txt file it both downloaded an empty file and created an empty binary in the documents titled "flag". I then tried "flag.txt" and it created the weird looking binary you see at the bottom of the list.

Lab7Defensive avatar Oct 24 '22 23:10 Lab7Defensive

Screenshot 2022-10-24 165642

Lab7Defensive avatar Oct 24 '22 23:10 Lab7Defensive

yes, I also experienced these issues, but the second file on the target machine will not always happen. Also, these bugs will react differently on the Education version of windows, I'm trying to get an iso copy of the system for more testing. since I do not have admin privileges on the machine I have available

raf181 avatar Oct 25 '22 07:10 raf181

@raf181 @Lab7Defensive thanks you both for reporting it to me. Can you get the latest commit and retest it? It should be resolved now and if it is working for you guys then please close this issue.
And the flag.txt(random bytes text) is because I failed to parse the string with the null terminator and CreateFileW couldn't tell where to stop. Once opened it is going to create that file. I resolved that one too.

Cracked5pider avatar Oct 31 '22 15:10 Cracked5pider

The issue is fixed, but if you try to download a file that does not exist it will create a file with a string of characters at the end

raf181 avatar Nov 01 '22 20:11 raf181

alright gotcha. can you open another issue for this ? thank you so much for letting me know.

Cracked5pider avatar Nov 01 '22 21:11 Cracked5pider