Empire

Empire copied to clipboard

Empire Version

2.5

OS Information (Linux flavor, Python version)

Attacking lab machine

root@kali:~# uname -a
Linux kali 4.14.0-kali3-amd64 #1 SMP Debian 4.14.12-2kali1 (2018-01-08) x86_64 GNU/Linux
root@kali:~# python -V
Python 2.7.15

Victim lab machine

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.16299 N/A Build 16299

PS C:\Users\analyser>  $PSVersionTable.PSVersion

Major  Minor  Build  Revision
-----  -----  -----  --------
5      1      16299  611

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

1. I created an HTTP listener
2. I generated a csharp_exe agent for that listener
3. I transfered the .ZIP file to the Windows machine
4. I extracted and compiled the .sln with Visual Studio 2017 without errors
5. I clicked "Run" from within Visual Studio 2017
6. I got the first screenshot's error (telling me about "TRIM")
7. There was obviously no staging between Windows and Linux machines

Screenshot of error, embedded text output, or Pastebin link to the error

I have the same issue using Powershdll. Using target framework 4.5 works for me. I am trying to find a way to run it with target framework 3.5 so it'd be nice to have a solution.

The exact exception is:

Method invocation failed because [System.Object[]] doesn't contain a method named 'trIM'.

I have solved it by editing the stager code in: Empire/data/agent/stagers/http.ps1

I have replaced the line:

 if(!$ip -or $ip.trim() -eq '') {$ip='0.0.0.0'};

With

 if(!$ip) {$ip='0.0.0.0'};

It would be nice to patch the stagers permanently with a try/except logic or something like that so that it is natively compatible with .Net 3.5.