Server variable #{server} is incorrect

[ramus82]

Hello,
I wanted to use #{server} variable in my ability and it's propagated as following: "10.0.0.1://None:None" (no quotes).

How shall I modify the variable for whole Caldera instance?

Thanks a lot
M.

[uruwhy]

Hi @ramus82 , can you share a screenshot of the agent information table that has that server value? And can you also share the command line you used to start the agent?

[ramus82]

Hi uruwhy,
I created a testing ability and executed that ability (via adversary).

The ability is defined as:
platform: linux
executor: sh
no payload
command:
echo "Command Part" > /tmp/facts_output.txt ; echo "server: #{server}" >> /tmp/facts_output.txt ; echo "group: #{group}" >> /tmp/facts_output.txt ; echo "paw: #{paw}" >> /tmp/facts_output.txt ; echo "upstream: #{upstream_dest}" >> /tmp/facts_output.txt ; echo "origin_link_id: #{origin_link_id}" >> /tmp/facts_output.txt ; echo "host.dir.compress: #{host.dir.compress}" >> /tmp/facts_output.txt

cleanup:
echo "Cleanup Part" >> /tmp/facts_output.txt ; echo "server: #{server}" >> /tmp/facts_output.txt ; echo "host.dir.compress: #{host.dir.compress}" >> /tmp/facts_output.txt

The command executed (click on star in Operation window of the executed command):
echo "Command Part" > /tmp/facts_output.txt ; echo "server: 10.3.0.44://None:None" >> /tmp/facts_output.txt ; echo "group: red" >> /tmp/facts_output.txt ; echo "paw: oioeck" >> /tmp/facts_output.txt ; echo "upstream: 10.3.0.44://None:None" >> /tmp/facts_output.txt ; echo "origin_link_id: 2ac7a58d-1b93-457f-b1da-aa589412e122" >> /tmp/facts_output.txt ; echo "host.dir.compress: /tmp/loot_mmz.txt" >> /tmp/facts_output.txt

The cleanup command executed (click on star in Operation window of the executed command):
echo "Cleanup Part" >> /tmp/facts_output.txt ; echo "server: 10.3.0.44://None:None" >> /tmp/facts_output.txt ; echo "host.dir.compress: /tmp/loot_mmz.txt" >> /tmp/facts_output.txt

The content of the file "/tmp/facts_output.txt" is:

[root@hostname~]# cat /tmp/facts_output.txt 
Command Part
server: 10.3.0.44://None:None
group: red
paw: oioeck
upstream: 10.3.0.44://None:None
origin_link_id: 2ac7a58d-1b93-457f-b1da-aa589412e122
host.dir.compress: /tmp/loot_mmz.txt
Cleanup Part
server: 10.3.0.44://None:None
host.dir.compress: /tmp/loot_mmz.txt

Screenshot of Operation window

Screenshot of the ability from Adversary window

[uruwhy]

Hi @ramus82 , I found where the issue was. In the Agent constructor in app/objects/c_agent.py, we were using the urlparse method to get the protocol, hostname, and port for the provided server value. This only works properly when all pieces of the url are included (e.g http://localhost:8888), but breaks when information is missing. So when the manx agent submitted something like localhost:7010 as its server value, urlparse did not parse it correctly. I set up a pull request (#2203) that addresses this issue.

If you want to maintain your current version of caldera for compatibility reasons, feel free to simply update your c_agent.py file accordingly. Otherwise, you can pull from the master branch of caldera once the pull request is merged in.

[ramus82]

Hi @uruwhy , I updated the c_agent.py file as you did (based on the commits related of the pull request) and it works fine on release 3.1.0. I just briefly test it and I don't see any issues so far.

Thanks a lot for the fix.

[uruwhy]

Glad it's working out for you! Let us know if you have any other questions or run into any other issues.

[middleware99]

@uruwhy am I wrong, or your pull request wasn't merged at all?

https://github.com/mitre/caldera/blob/master/app/objects/c_agent.py#L110-#L111

PR: #2203