caldera
caldera copied to clipboard
mitre
Ability end as "failed" even thought it's working perfectly
Describe the bug Some custom abilities get a wrong result in Caldera operation. They work perfectly well, but Caldera mark them down as "failed" or "timeout reached but couldn't kill the process". This is the case for some exploits creating new agent: the agent is created, but for some reason Caldera wait until the end of timeout and give a "timeout reached but couldn't kill the process" result. It is also the case for a simple "kill -9 $(pgrep -f process)" or "pkill -f process". Note that the -f is important; same command without -f is working perfectly.
To Reproduce Steps to reproduce the behavior:
- Make a custom ability, for example one which would start a process, like simpleHTTPServer.
- Put a "kill -9 $(pgrep -f python) as cleanup, or at the end of the ability (but makes more sense at cleanup)
- Start an operation with an adversary using this ability.
Expected behavior Ability should end as success. Ability end as failed, even thought it is successfull (the process is killed)
Screenshots
For those screenshots, I'm killing a "nc" process (had an http server in use, couldn't kill it).
The ability is a simple command: kill -9 $(pgrep -f nc)
Ability fail:
But process is killed:
In some case, the shell is waiting for an input, so it could make sense if the ability ended as "timeout but couldn't kill", but not as "failed". Plus, other abilities still end as success even though the shell is waiting for input.
Here's another example, with a coproc {nc}:
killed but still waiting for user to hit enter.
Ability end as failed. If you change the ability to remove the -f from the command ( kill -9 $(pgrep nc)), it works perfectly, ends as success.
Desktop (please complete the following information):
- OS: Ubuntu
- Browser : Firefox
- Version: 102.0
