Medusa icon indicating copy to clipboard operation
Medusa copied to clipboard

Published 20 hours ago verified publisher icon MythicAgents

Mythic create new callback issue

Open who1smrrobot opened this issue 3 years ago • 1 comments

Hi,

when spawning a new linux payload (python3), the active callback cannot be created as the username field is empty:

image

Failed to create new callback null value in column "user" of relation "callback" violates not-null constraint
DETAIL:  Failing row contains (1, e11d1b05-1279-445e-af89-7cdf6a829c8f, 2022-02-06 08:56:10.628592, 2022-02-06 08:56:10.628595, null, WEB50, 35668, 172.10.10.50, 172.10.10.50, , First linux-python-payload, 1, t, 1, 2, f, null, 1, null, null, null, Linux 5.11.0-49-generic, x64, , null, , , null).

It seems as the os.getlogin() function causes the trouble, so I decided to replace it with getpass.getuser() which is also supported according to this article: https://stackoverflow.com/questions/47444178/difference-between-os-getlogin-and-os-environ-for-getting-username

https://github.com/MythicAgents/Medusa/blob/9266936ed16e105d6d69aa6fb2e38d66f03382ea/Payload_Type/medusa/agent_code/base_agent/base_agent.py3#L15

who1smrrobot avatar Feb 07 '22 16:02 who1smrrobot

I was having this same exact issue, in particular i had this error pop up when running a medusa payload:

Traceback (most recent call last):
  File "/tmp/run.py", line 1072, in <module>
    medusa = medusa()
  File "/tmp/run.py", line 1058, in __init__
    self.checkIn()
  File "/tmp/run.py", line 364, in checkIn
    UUID = json.loads(decoded_data.replace(self.agent_config["PayloadUUID"],""))["id"]
KeyError: 'id'

My friend traced down the error using pdb:

(Pdb) print(decoded_data.replace(self.agent_config["PayloadUUID"],""))["id"]
{"status":"error","error":"Failed to create callback: null value in column \"user\" of relation \"callback\" violates not-null constraint\nDETAIL:  Failing row contains (105, 04a25b5f-d237-4c5b-8e40-711f3358eaed, 2022-10-13 03:08:58.843399, 2022-10-13 03:08:58.843403, null, EEDED8995C94, 3055, 172.17.0.3, 23.240.244.100, , no xor, 1, t, 15, 2, f, null, 1, null, null, null, Linux 5.10.104-linuxkit, x64, , null, , , null).\n"}
*** TypeError: 'NoneType' object is not subscriptable

A temporary solution (as this pull request hasn't been acepted) is to create a non-root user and run the payload as that user.

gelosecurity avatar Oct 13 '22 03:10 gelosecurity