Roslyn Compilation failed when deploying engineer
tudorioan20 opened this issue · 4 comments
I managed to deploy an engineer beforehand but now I keep getting this error when building an engineer.
I have the teamserver running on 127.0.0.1:5000.
I also ran the client via dotnet run https://127.0.0.1:5000.
I build a http Manager with the Connection addr. 127.0.0.1 and port 8000.
I put a bind address of 127.0.0.1:8001 ( I also tried another manager binding to the server address and port, not sure how the binding works as it is documented only for tcp)
This is the error i get when i add all the Commands and the Module Sleep Encrypt => no exe is created
Implant is an engineer Successfully compiled the DynamicEngLoading.dll Roslyn Compilation failed CS0234: The type or namespace name 'Modules' does not exist in the namespace 'Engineer' (are you missing an assembly reference?) Line 2: using DynamicEngLoading; CS0103: The name 'parseCOFF' does not exist in the current context Line 57: DynamicEngLoading.ForwardingFunctions.ForwardingFunctionWrap = taskingWrapper; CS0103: The name 'CleanUpMemoryAllocations' does not exist in the current context Line 59: typesWithModuleAttribute = Assembly.GetExecutingAssembly().GetTypes().Where(t => t.GetCustomAttribute(typeof(ModuleAttribute)) is ModuleAttribute attr).ToList(); CS0103: The name 'parseCOFF' does not exist in the current context Line 65: EngCommBase.Sleep = sleep * 1000; CS0103: The name 'getBeaconOutputData' does not exist in the current context Line 73: //Console.WriteLine($"sleep time set to {EngCommBase.Sleep}");
When I don't add any commands (leaving only the commands that appear by default in the right column), the engineer is compiled with no error but when running the .exe file created i get no connection in the Implants tab.
I tried cloning the repo multiple times, different ports for managers, still the issue persists ... Any sugestions?
I am running on Windows with the antivirus defender disabled and the firewall disabled.
Yeah, I need to update the docs but the bind address is the local address your listener starts on and the connection is what the implant will talk out too.
This is more than likely caused by an issue between the modules selected and the commands selected. In 0.2 atm if you, for example, select the bof execution module, you also need to select the bof command otherwise, it will throw an error and vice versa, the bof command needs the module. I have made a fix for this in 0.3 as well so it won't be an issue for much longer but for now if you select the bof command you need the bof module that backs it.
So, from my understanding of "bind address is the local address your listener starts on and the connection is what the implant will talk out to" this is a possible configuration of a http manager so the implant will talk to the server.
So the server is running on 127.0.0.1:5000
HTTP Manager:
Connection address 127.0.0.1:5000
Bind address 127.0.0.1:8000
Engineer w default commands, no modules.
Compiles but doesn't reach back to the server after I open the .exe file.
But the docs show a photo of managers with the Connection addresses of 127.0.0.1:8080, 127.0.0.1:8081, 127.0.0.1:8082 which made me try the configuration of
HTTP Manager:
Connection address 127.0.0.1:8000
Bind address 127.0.0.1:5000
So my questions are:
Which one is the correct one?
I tried both configs with different modules and commands, without getting the roslyn compilation error but I don't get a connection when I check. I can't seem to manage to get it to work. The teamserver shows no error, and the client shows An item with the same key has already been added. Key: TeamServer at System.Collections.Generic.Dictionary2.TryInsert(TKey key, TValue value, InsertionBehavior behavior) at System.Collections.Generic.Dictionary2.Add(TKey key, TValue value) at HardHatC2Client.Components.ImplantGraph.OnInitialized() in C:\Users\gigadmin\Desktop\HardHatC2-master\HardHatC2Client\Components\ImplantGraph.razor:line 88
So you can't have the manager listen on the same port that the main server is running on.
The bind address and bind port need to be something local to the teamserver so it can start listening to inbound connections. The connection address and port can be the same as the bind if the implant will reach out to the team server directly. However, you would change the connection address and port if you wanted the implant to talk to a redirector at a different address from the teamserver.
So basically bind address and port when making an HTTP manager are used by the teamserver to listen for connections while the connection address and port tell new implants how to call home.
Alright, I managed to get a connection by having the same bind and connection address and port, thanks.