interactsh icon indicating copy to clipboard operation
interactsh copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Not able to run the interactsh-server

Open raghumannn opened this issue 1 year ago • 3 comments

We are trying to setup interactsh-server. But we are hitting this below error. We have already tried to setup this on ubuntu. Since Debian is recommended, we were trying there. But there also we are hitting the same issue.

-03:/tmp/root# ./interactsh-server -d interactshserver.prancer.cloud

    _       __                       __       __
   (_)___  / /____  _________ ______/ /______/ /_
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ 1.0.6

                projectdiscovery.io

[INF] Public IP: 137.135.78.15
[INF] Outbound IP: 10.0.0.4
[INF] Requesting SSL Certificate for:  [*.interactshserver.prancer.cloud, interactshserver.prancer.cloud]
[ERR] An error occurred while applying for a certificate, error: [*.interactshserver.prancer.cloud] Obtain: [*.interactshserver.prancer.cloud] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/658683696/112438748756) (ca=https://acme-v02.api.letsencrypt.org/directory)
[ERR] Could not generate certs for auto TLS, https will be disabled
[INF] Listening with the following services:
[LDAP] Listening on TCP 10.0.0.4:389
[HTTPS] Listening on TCP 10.0.0.4:443
[DNS] Listening on TCP 10.0.0.4:53
[SMTPS] Listening on TCP 10.0.0.4:587
[DNS] Listening on UDP 10.0.0.4:53
[HTTP] Listening on TCP 10.0.0.4:80
[SMTP] Listening on TCP 10.0.0.4:25
[ERR] Could not serve http on tls: open : no such file or directory

raghumannn avatar Aug 02 '22 13:08 raghumannn

@raghumannn Could you verify that the interactsh DNS server while running is reachable from the outside (even with the certificate error)? Considering the output you provided, the following command should be successful:

$ dig interactshserver.prancer.cloud @137.135.78.15

I'm seeing a different public IP than the one reported by the output of interactsh for this domain. In general, the services must be accessible by the public IP.

Mzack9999 avatar Aug 03 '22 08:08 Mzack9999

Hi @Mzack9999 , I am also getting similar error.

root@ip-172-31-80-168:/home/ubuntu# interactsh-server -domain bibekshah.com

    _       __                       __       __  
   (_)___  / /____  _________ ______/ /______/ /_ 
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ 1.0.6

		projectdiscovery.io

[INF] Public IP: 44.203.251.136
[INF] Outbound IP: 172.31.80.168
[INF] Requesting SSL Certificate for:  [*.bibekshah.com, bibekshah.com]
[ERR] An error occurred while applying for a certificate, error: [*.bibekshah.com] Obtain: [*.bibekshah.com] solving challenges: presenting for challenge: could not determine zone for domain "_acme-challenge.bibekshah.com": unexpected response code 'SERVFAIL' for _acme-challenge.bibekshah.com. (order=https://acme-v02.api.letsencrypt.org/acme/order/679379707/116470992907) (ca=https://acme-v02.api.letsencrypt.org/directory)
[ERR] Could not generate certs for auto TLS, https will be disabled
[INF] Listening with the following services:
[DNS] Listening on TCP 172.31.80.168:53
[LDAP] Listening on TCP 172.31.80.168:389
[HTTP] Listening on TCP 172.31.80.168:80
[DNS] Listening on UDP 172.31.80.168:53
[HTTPS] Listening on TCP 172.31.80.168:443
[SMTPS] Listening on TCP 172.31.80.168:587
[SMTP] Listening on TCP 172.31.80.168:25
[ERR] Could not serve http on tls: open : no such file or directory

Also the dig command output: dig bibekshah.com @44.203.251.136 image

I am using EC2 with all traffic enabled and namecheap

b1bek avatar Aug 15 '22 16:08 b1bek

Hi all, I also got the similar error, but it seems to work now.

what I did was just manually getting cert from letsencrypt certbot certonly -d <my-domain>

then added the the custom path for both the cert and the key file interactsh-server -domain <my-domain> -wildcard -sa -ldap -cert /etc/letsencrypt/live/<my-domain>/fullchain.pem -privkey /etc/letsencrypt/live/<my-domain>/privkey.pem

Screenshot 2022-09-04 064427

0xjson avatar Sep 03 '22 23:09 0xjson

@b1bek @raghumannn could you confirm if you were able to get the certificates using directly certbot? These issues are hard to investigate as they are mostly related to DNS propagation which, as a consequence, causes the DNS challenge to fail.

Mzack9999 avatar Sep 28 '22 18:09 Mzack9999

Confirm this issue, on a clean ubuntu 20.04.

Looks like it could be a certmagic issue. It gets dns query but fails to answer properly,

This shows on debug. Generating the certificate manually with certbot + dns challenge plugin does work.

[DBG] Got acme dns request: 
;; opcode: QUERY, status: NOERROR, id: 21746
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1232

;; QUESTION SECTION:
;_acme-challenge.xxx.com.	IN	 TXT

handleACMETXTChallenge for zone _acme-challenge.xxx.com. err: no records were found for _acme-challenge.xxx.com.

sudoaza avatar Oct 10 '22 11:10 sudoaza

Closing as not reproducible - The workaround is generally generating certificates with certbot and then just using them in interactsh

Mzack9999 avatar Dec 01 '22 11:12 Mzack9999

i had a similar problem.

reason: misconfigured domain I tried to set up interactsh on a subdomain like the author of the issue and only had A Record right way (as far as I understand):

A  ns1.interactsh.example.com - ip
A  ns2.interactsh.example.com - ip
NS interactsh.example.com - ns1.interactsh.example.com
NS interactsh.example.com - ns2.interactsh.example.com

dunaevai135 avatar Jan 10 '23 23:01 dunaevai135