Flow "LaunchBinary" Not working
skanjINCIDE opened this issue · comments
Environment
- How did you install GRR? From release DEB
- What GRR version are you running? 3.4.2
- What operating system does the GRR server run on? Ubuntu 18.04
- What operating system does the affected GRR client run on, if applicable? Windows 10
Describe the issue
Following the procedure in the documentation (https://grr-doc.readthedocs.io/en/latest/investigating-with-grr/pushing-code.html#deploying-arbitrary-python-code) I upload and sign two files in the server. I can see the files in the Binary tab in the UI, so I this step goes well.
When I start creating the flow in the machine I get the following screen:
I try to create the flow with the following arguments:
- Binary: aff4:windows/xxxxx.exe, Command Line: xxxxx.exe -p "C:" --csv. And I get the error: Unable to determine type of signed binary: aff4:/aff4:windows/xxxxx.exe.
- Binary:windows/xxxxx.exe, Command Line: xxxxx.exe -p "C:" --csv. And I get the error: Unable to determine type of signed binary: aff4:/windows/xxxxx.exe.
The files type are: "PE32 executable (console) Intel 80386, for MS Windows"
Can you help me to find what I'm missing, Please?
Thank you!
After uploading the executable foobar.exe
, the binary path you want to use is:
aff4:/config/executables/foobar.exe
Moreover, the command line should only include arguments (without the executable name), so it should be just:
-p "C:" --csv
Hi @panhania ,
Thank you for your answer. I try the solution you propose and I get this error:
Traceback (most recent call last): File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/signed_binary_utils.py", line 163, in FetchBlobsForSignedBinaryByID binary_id) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/db.py", line 4222, in ReadSignedBinaryReferences return self.delegate.ReadSignedBinaryReferences(binary_id) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/db_utils.py", line 51, in Decorator result = f(*args, **kwargs) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql_utils.py", line 241, in Decorated return self._RunInTransaction(Closure, readonly) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql.py", line 559, in _RunInTransaction result = function(connection) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql_utils.py", line 239, in Closure return func(self, *args, **new_kw) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/databases/mysql_signed_binaries.py", line 60, in ReadSignedBinaryReferences raise db.UnknownSignedBinaryError(binary_id) grr_response_server.databases.db.UnknownSignedBinaryError: Signed binary of type EXECUTABLE and path loki.exe was not found During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/flows/general/administrative.py", line 850, in _BlobIterator binary_urn) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/signed_binary_utils.py", line 190, in FetchBlobsForSignedBinaryByURN return FetchBlobsForSignedBinaryByID(_SignedBinaryIDFromURN(binary_urn)) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/signed_binary_utils.py", line 165, in FetchBlobsForSignedBinaryByID raise SignedBinaryNotFoundError(_SignedBinaryURNFromID(binary_id)) grr_response_server.signed_binary_utils.SignedBinaryNotFoundError: Binary with urn aff4:/config/executables/loki.exe was not found. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/flow.py", line 266, in StartFlow flow_obj.Start() File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/flows/general/administrative.py", line 865, in Start blob_iterator = self._BlobIterator(binary_urn) File "/usr/share/grr-server/lib/python3.6/site-packages/grr_response_server/flows/general/administrative.py", line 853, in _BlobIterator self.args.binary) grr_response_server.flow_base.FlowError: Executable binary aff4:/config/executables/foobar.exe not found.
And the status:
Executable binary aff4:/config/executables/foobar.exe not found.
This is the output of the sign command:
user@server:~/exe_deploy$ sudo grr_config_updater upload_exe --file=/home/ubuntu/exe_deploy/foobar.exe --platform=windows
I1019 10:17:10.448897 140054543677248 server_logging.py:191] Writing log file to /usr/share/grr-server/lib/python3.6/site-packages/grr_response_core/var/log//GRRlog.txt
Using configuration <GrrConfigManager file="/usr/share/grr-server/install_data/etc/grr-server.yaml" file="/etc/grr//server.local.yaml" >
Uploaded EXECUTABLE to windows//foobar.exe
Maybe I have to restart de service? In the binary tab it seems the binary is correctly uploaded.
Thank you so much,
Best regards
Ah, sorry, I messed up the path (forgot about the platform part), I think. It should be:
aff4:/config/executables/windows/foobar.exe