Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Payloads EMU #3122

Open
notmarshmllow opened this issue Jan 8, 2025 · 1 comment
Open

Missing Payloads EMU #3122

notmarshmllow opened this issue Jan 8, 2025 · 1 comment
Assignees
@elegantmoose
Labels
bug

Comments

@notmarshmllow
Copy link

I have ran the download_payloads.sh script and have all the files in /emu/paylaods folder. I am still facing this error.
using Caldera v4.1.0

Cubuntu@ip-172-26-1-108:~/caldera$ sudo python3 server.py --insecure
2025-01-08 17:05:16 - WARNING (server.py:117 <module>) --insecure flag set. Caldera will use the default.yml config file.
2025-01-08 17:05:16 - INFO  (server.py:124 <module>) Using main config from conf/default.yml
2025-01-08 17:05:16 - ERROR (app_svc.py:173 validate_requirement) go does not meet the minimum version of 1.11
2025-01-08 17:05:18 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2025-01-08 17:05:18 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2025-01-08 17:05:18 - ERROR (emu_svc.py:57 decrypt_payloads) [-] Error - Unable to import 'pyminizip'.
2025-01-08 17:05:18 - ERROR (emu_svc.py:57 decrypt_payloads) [-] Verify you have installed dependencies:
2025-01-08 17:05:18 - ERROR (emu_svc.py:57 decrypt_payloads) [-] See URL for more info: https://github.com/smihica/pyminizip
2025-01-08 17:05:18 - ERROR (emu_svc.py:62 decrypt_payloads) None
2025-01-08 17:05:18 - ERROR (c_plugin.py:70 enable) Error enabling plugin=emu, Command '['/usr/bin/python3', 'plugins/emu/data/adversary-emulation-plans/sandworm/Resources/utilities/crypt_executables.py', '-i', 'plugins/emu/data/adversary-emulation-plans/sandworm/Resources', '-p', 'malware', '--decrypt']' returned non-zero exit status 255.
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: emu
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: access
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: response
2025-01-08 17:05:18 - INFO  (app_svc.py:116 load) Enabled plugin: gameboard
2025-01-08 17:05:19 - INFO  (app_svc.py:116 load) Enabled plugin: training
2025-01-08 17:05:19 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2025-01-08 17:05:19 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2025-01-08 17:05:19 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2025-01-08 17:05:19 - INFO  (app_svc.py:116 load) Enabled plugin: bountyhunter
2025-01-08 17:05:19 - INFO  (logging.py:92 log) Creating SSH listener on 0.0.0.0, port 8022
2025-01-08 17:05:19 - INFO  (server.py:741 start) serving on 0.0.0.0:2222
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 03afada1-1714-408f-bde5-f528b91dc89d but not found: StealToken.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 03afada1-1714-408f-bde5-f528b91dc89d but not found: StealToken.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9fefcde6-083a-4440-8eca-dc03d30c0bcb but not found: StealToken.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9fefcde6-083a-4440-8eca-dc03d30c0bcb but not found: StealToken.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 68b588bc-002a-42dc-bac7-9189f944065b but not found: monkey.png
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 68b588bc-002a-42dc-bac7-9189f944065b but not found: monkey.png
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4a2ad84e-a93a-4b2e-b1f0-c354d6a41278 but not found: timestomp.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4a2ad84e-a93a-4b2e-b1f0-c354d6a41278 but not found: timestomp.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5226e5dc-fc28-43b7-a679-0db49d520402 but not found: stepFourteen_bypassUAC.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5226e5dc-fc28-43b7-a679-0db49d520402 but not found: stepFourteen_bypassUAC.ps1
2025-01-08 17:05:32 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 6b90da47-13d0-48fc-8f07-0a1e6d5d876e but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 6b90da47-13d0-48fc-8f07-0a1e6d5d876e but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1b9e018d-986d-42d9-bb8b-0e104e98ce9c but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1b9e018d-986d-42d9-bb8b-0e104e98ce9c but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9b518cfb-125f-466e-872b-4f8171773ce5 but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9b518cfb-125f-466e-872b-4f8171773ce5 but not found: StealToken.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in ab48e12f-def0-40a4-b3d9-ad958f45202a but not found: BOOSTWRITE.dll
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: uac-bypass.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: attackkatz.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: uac-bypass.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: attackkatz.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 50cf48b9-2076-4efc-80f1-5b8f421ecae4 but not found: reverse.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 50cf48b9-2076-4efc-80f1-5b8f421ecae4 but not found: reverse.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 43aad2d6-d16a-4adb-aa2b-9510a3be4c52 but not found: stepFifteen_wmi.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 43aad2d6-d16a-4adb-aa2b-9510a3be4c52 but not found: stepFifteen_wmi.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f820b93d-6176-4a72-a138-a70b0b549c49 but not found: wipe.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f820b93d-6176-4a72-a138-a70b0b549c49 but not found: wipe.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: uac-samcats.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: samcat.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: uac-samcats.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: samcat.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in e4cdb5c6-d322-3b6e-ac8e-68b2e8a7dd4c but not found: adfind.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in d30692dd-779f-4a40-b947-de23dabbb033 but not found: adfind.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5b24eef2-7a7f-4d34-8cab-e588074c59bc but not found: adfind.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 02a96c18-f700-482d-88a8-bd311f6c41dc but not found: adfind.exe
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a42be479-fc26-4d7c-9e63-7a9b74e4c8d2 but not found: stepSixteen_SID.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a42be479-fc26-4d7c-9e63-7a9b74e4c8d2 but not found: stepSixteen_SID.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a34ab8f2-a106-41fb-af0b-cf5382bd18ae but not found: stepThirteen.ps1
2025-01-08 17:05:33 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a34ab8f2-a106-41fb-af0b-cf5382bd18ae but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b6026408-c815-47ca-bbb0-6b74591badc8 but not found: tcping.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2b5a72b1-01e4-48ae-98b0-2570a7894371 but not found: stepTwelve.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2b5a72b1-01e4-48ae-98b0-2570a7894371 but not found: stepTwelve.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 96140694-6d13-40b6-9553-0e63533469f3 but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 96140694-6d13-40b6-9553-0e63533469f3 but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0cfadbcb-ec21-44ae-adb7-9a23176dd620 but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0cfadbcb-ec21-44ae-adb7-9a23176dd620 but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5df12481-9d8c-4235-b550-9cefc8ed7361 but not found: ps.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5df12481-9d8c-4235-b550-9cefc8ed7361 but not found: ps.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in e44a39ce-0651-3ddd-8f05-f83aa2ffd657 but not found: adfind.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in d04a02e1-a05c-46f8-adf0-c036266fe0a1 but not found: pillowMint.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in d04a02e1-a05c-46f8-adf0-c036266fe0a1 but not found: pillowMint.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in ed2471a9-1eeb-4787-a5d8-61f66b278a50 but not found: computername.vbs
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f9c0b150-822f-497b-ad6d-187f24561e9a but not found: stepTwelve.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f9c0b150-822f-497b-ad6d-187f24561e9a but not found: stepTwelve.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2738b811-a360-4a4f-af9d-704343ebab4d but not found: adfind.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f320eebd-e75b-4194-b529-79e64ad0b9ee but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f320eebd-e75b-4194-b529-79e64ad0b9ee but not found: stepThirteen.ps1
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 88378065-bedf-46b9-a8b7-bc5897f4abcb but not found: username.vbs
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 814005f7-c8d3-45c8-aea2-45758b2d6e90 but not found: nbtscan.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9d543214-6476-429a-9ca1-cf12233b808c but not found: netsess.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in d5b83af2-b79e-438d-acfc-2641282df698 but not found: RDAT.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a438a2a-c95b-4fd2-a29f-8b1250fc3adc but not found: dumpWebBrowserCreds.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 98279c81-d5a0-4ec4-9d40-a6e87d1f9bd2 but not found: m64.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2f3be960-5c00-4f03-a9c2-da09c31d38d9 but not found: contact.aspx
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 38d009be-4ba2-46dc-a321-8be05c07630c but not found: plink.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 38d009be-4ba2-46dc-a321-8be05c07630c but not found: plink.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f96e8195-8b0f-4b87-bdce-748dfda2861f but not found: m64.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5beb978f-dce0-4ccd-b4fa-de47e0adb453 but not found: Java-Update.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5beb978f-dce0-4ccd-b4fa-de47e0adb453 but not found: Java-Update.exe
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b8ad9654-80a1-4fde-b2d4-c0de7648621c but not found: kill.bat
2025-01-08 17:05:34 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b8ad9654-80a1-4fde-b2d4-c0de7648621c but not found: window.bat
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b8ad9654-80a1-4fde-b2d4-c0de7648621c but not found: ryuk.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 7e3a8de9-edb9-4df4-beef-9577c4562420 but not found: tiny.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 7e3a8de9-edb9-4df4-beef-9577c4562420 but not found: tiny.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in ccbb3c07-dc04-46f5-83d3-54fe71deab3c but not found: keylogger.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 690e889f-5844-473e-98c5-c90c9f1772dc but not found: SharpNP.dll
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: pscp.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: psexec.py
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: impacket_exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: plink.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: tiny.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: pscp.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: psexec.py
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: impacket_exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: plink.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: tiny.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 60c4ddd6-2ce0-4f5c-8ddb-c5eccd744686 but not found: obfuscated_webShell.php
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in f3df5a83-2a5a-4277-8763-8fb51032d3fc but not found: plink.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b80ca347-2d2a-4e33-8683-1975cda6664f but not found: OutlookScraper.dll
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5cb977ae-87c8-450f-b016-f414b42ba60f but not found: PsExec.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in ffb50e17-cb3c-4424-a4e7-99e3885f22cc but not found: mimikatz.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 267bad86-3f06-49f1-9a3e-6522f2a61e7a but not found: Invoke-Mimikatz.ps1
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 267bad86-3f06-49f1-9a3e-6522f2a61e7a but not found: Invoke-Mimikatz.ps1
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in fe3d4de1-50bf-4241-9546-72dc757e696f but not found: secretsdump.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 97412b40-4940-4da1-8bff-6f11d42bca26 but not found: wce.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4ef6009d-2d62-4bb4-8de9-0458df2e9567 but not found: stepFourteen_credDump.ps1
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4ef6009d-2d62-4bb4-8de9-0458df2e9567 but not found: stepFourteen_credDump.ps1
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 3de63509-4171-488f-8938-ce346677a5a6 but not found: rubeus.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a23fb84f-dfb7-4d07-a6ec-0352ae983651 but not found: b.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in c4f4b13c-87b6-498c-b814-93570173068c but not found: dmevals.local.pfx
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in c4f4b13c-87b6-498c-b814-93570173068c but not found: dmevals.local.pfx
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1dba454c-0e4f-4fe0-8bc9-b17e8c5c9a24 but not found: m.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1dba454c-0e4f-4fe0-8bc9-b17e8c5c9a24 but not found: m.exe
2025-01-08 17:05:35 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 08e57385-dbce-4850-8bb7-589ef79465ab but not found: rar.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 08e57385-dbce-4850-8bb7-589ef79465ab but not found: rar.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in e4027dff-280b-4964-82be-b35a40c4a493 but not found: PsExec.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 571845f6-b75c-4b9d-a666-a78f7827261f but not found: cod.3aka3.scr
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 571845f6-b75c-4b9d-a666-a78f7827261f but not found: cod.3aka3.scr
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0c752dce-9302-4465-805f-522650aece3f but not found: psexec.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 82d2f5c7-7561-4d91-96d2-959473b9ad2b but not found: stager.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 82d2f5c7-7561-4d91-96d2-959473b9ad2b but not found: stager.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 57771abd-0789-4dda-bb02-31359e6860db but not found: psexec_sandworm.py
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in d77838f6-d562-3480-ad29-2cbeee8b7b45 but not found: psexec.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 8911d502-747a-4155-adcd-b03a1f284ee7 but not found: wmiexec.vbs
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4f7d21c9-ea31-4943-ad8a-efbbeeccdd7d but not found: Modified-SysInternalsSuite.zip
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4f7d21c9-ea31-4943-ad8a-efbbeeccdd7d but not found: Modified-SysInternalsSuite.zip
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in e74554b8-0bc9-3d50-95a4-e45421925b49 but not found: dnscat2.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a612311d-a802-48da-bb7f-88a4b9dd7a24 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a612311d-a802-48da-bb7f-88a4b9dd7a24 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in ea4bc858-ba13-4f97-9df3-c543d8f3d44c but not found: pscp.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 78d94199-7e0e-442b-81a6-32f8e419a7ac but not found: putty.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 68e209dd-f354-4adc-8bc6-e85a3e55a7f4 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 68e209dd-f354-4adc-8bc6-e85a3e55a7f4 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 89b84389-036e-4c3d-a490-bf8ba50bffe8 but not found: 7za.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 89b84389-036e-4c3d-a490-bf8ba50bffe8 but not found: 7za.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 6824cbb6-f3e1-4081-8a63-d72ae368cb23 but not found: pscp.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2d18c8ec-4593-49dc-9bf4-11d0673d6ae6 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 2d18c8ec-4593-49dc-9bf4-11d0673d6ae6 but not found: upload.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 22ddbc4f-fb5d-4785-8bc8-373da2f3e176 but not found: dumpWebCreds.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 22ddbc4f-fb5d-4785-8bc8-373da2f3e176 but not found: dumpWebCreds.exe
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0b1841bd-ef8b-475c-bce7-8fcb2860984a but not found: Get-Screenshot.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0b1841bd-ef8b-475c-bce7-8fcb2860984a but not found: Get-Screenshot.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 453cb643-892b-475d-8db9-df61289749f1 but not found: take-screenshot.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 453cb643-892b-475d-8db9-df61289749f1 but not found: take-screenshot.ps1
2025-01-08 17:05:36 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in fc231955-774f-442c-ac0e-e74dfda50c5c but not found: stepSeventeen_zip.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in fc231955-774f-442c-ac0e-e74dfda50c5c but not found: stepSeventeen_zip.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5f3f7045-ae92-4a3e-8b39-35e4f8cc3038 but not found: keylogger.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 5f3f7045-ae92-4a3e-8b39-35e4f8cc3038 but not found: keylogger.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 160a1e0f-0f9b-49bb-a0fe-7e362b51737f but not found: rar.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b1dcc53a-c86c-46ba-8a3d-e1da74a8db3c but not found: stepSeventeen_email.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in b1dcc53a-c86c-46ba-8a3d-e1da74a8db3c but not found: stepSeventeen_email.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in fd27fe6c-4846-4e94-aef9-f6bc21ab0f0e but not found: 7za.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: m.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: m.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 4b1748e5-532c-453c-b195-557ce5550fef but not found: psexec.exe
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: update.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: Invoke-PSInject.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: update.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: Invoke-PSInject.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: update.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: Invoke-BypassUACTokenManipulation.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: update.ps1
2025-01-08 17:05:37 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: Invoke-BypassUACTokenManipulation.ps1
2025-01-08 17:05:39 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a440211a-d2cc-4f89-a02d-a39061a0e697 but not found: credDump.ps1
2025-01-08 17:05:39 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in a440211a-d2cc-4f89-a02d-a39061a0e697 but not found: credDump.ps1
2025-01-08 17:05:39 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0220b3e7-9ba0-4529-abb4-52a70dc49b50 but not found: bypassUAC.ps1
2025-01-08 17:05:39 - WARNING (data_svc.py:467 _verify_abilities) Payload referenced in 0220b3e7-9ba0-4529-abb4-52a70dc49b50 but not found: bypassUAC.ps1
2025-01-08 17:05:40 - INFO  (hook.py:58 build_docs) Docs built successfully.
2025-01-08 17:05:41 - INFO  (server.py:72 run_tasks) All systems ready.

I have all files in /payloads folder

ubuntu@ip-172-26-1-108:~/caldera/plugins/emu/payloads$ ls -al
total 127800
drwxrwxr-x 2 ubuntu ubuntu     4096 Jan  8 17:07 .
drwxrwxr-x 9 ubuntu ubuntu     4096 Jan  8 16:49 ..
-rw-rw-r-- 1 ubuntu ubuntu        0 Jan  8 16:45 .gitkeep
-rw-rw-r-- 1 ubuntu ubuntu  1152000 Jan  8 17:04 7za.exe
-rw-r--r-- 1 root   root    2198016 Oct 13  2023 AdFind.exe
-rw-rw-r-- 1 ubuntu ubuntu   876996 Jan  8 17:07 AdFind.zip
-rw-rw-r-- 1 ubuntu ubuntu   420864 Jan  8 17:04 BOOSTWRITE.dll
-rw-r--r-- 1 root   root        264 Jul 10  2013 Changelog
-rw-rw-r-- 1 ubuntu ubuntu     1461 Jan  8 17:04 Get-Screenshot.ps1
-rw-rw-r-- 1 ubuntu ubuntu    35693 Jan  8 17:04 Invoke-BypassUACTokenManipulation.ps1
-rw-rw-r-- 1 ubuntu ubuntu  2204116 Jan  8 17:04 Invoke-Mimikatz.ps1
-rw-rw-r-- 1 ubuntu ubuntu   537667 Jan  8 17:04 Invoke-PSInject.ps1
-rw-rw-r-- 1 ubuntu ubuntu   293272 Jan  8 17:04 Java-Update.exe
-rw-r--r-- 1 root   root       2035 Jul 10  2013 LICENSE.txt
-rw-rw-r-- 1 ubuntu ubuntu  2817405 Jan  8 17:04 Modified-SysInternalsSuite.zip
-rw-r--r-- 1 root   root     344576 Feb  1  2004 NetSess.exe
-rw-rw-r-- 1 ubuntu ubuntu   136838 Jan  8 17:07 NetSess.zip
-rw-rw-r-- 1 ubuntu ubuntu    17920 Jan  8 17:04 OutlookScraper.dll
-rw-rw-r-- 1 ubuntu ubuntu        0 Jan  8 17:07 PsExec.exe
-rw-rw-r-- 1 ubuntu ubuntu 64633668 Jan  8 17:04 RDAT.exe
-rw-r--r-- 1 root   root       8614 Jul 10  2013 README
-rw-rw-r-- 1 ubuntu ubuntu    22528 Jan  8 17:04 SharpNP.dll
-rw-rw-r-- 1 ubuntu ubuntu    36233 Jan  8 17:04 StealToken.ps1
-rw-r--r-- 1 root   root       4815 Dec 10  2004 adcsv.pl
-rw-r--r-- 1 root   root    2198016 Jan  8 17:07 adfind.exe
-rw-rw-r-- 1 ubuntu ubuntu  1335808 Jan  8 17:04 attackkatz.exe
-rw-rw-r-- 1 ubuntu ubuntu 12635471 Jan  8 17:04 b.exe
-rw-rw-r-- 1 ubuntu ubuntu  4613120 Jan  8 17:04 cod.3aka3.scr
-rw-rw-r-- 1 ubuntu ubuntu      371 Jan  8 17:04 computername.vbs
-rw-rw-r-- 1 ubuntu ubuntu    12738 Jan  8 17:04 contact.aspx
-rw-rw-r-- 1 ubuntu ubuntu     4141 Jan  8 17:04 dmevals.local.pfx
-rw-rw-r-- 1 ubuntu ubuntu   410495 Jan  8 17:07 dnscat2.ps1
-rw-rw-r-- 1 ubuntu ubuntu    10752 Jan  8 17:04 dumpWebCreds.exe
-rw-rw-r-- 1 ubuntu ubuntu    19968 Jan  8 17:04 hollow.exe
-rw-rw-r-- 1 ubuntu ubuntu 19901462 Jan  8 17:04 impacket_exe
-rw-rw-r-- 1 ubuntu ubuntu      523 Jan  8 17:04 invoke-winrmsession.ps1
-rw-rw-r-- 1 ubuntu ubuntu   299520 Jan  8 17:04 keylogger.exe
-rw-rw-r-- 1 ubuntu ubuntu     1956 Jan  8 17:04 kill.bat
-rw-rw-r-- 1 ubuntu ubuntu  1011864 Jan  8 17:04 m.exe
-rw-rw-r-- 1 ubuntu ubuntu  1256712 Jan  8 17:04 mimikatz.exe
-rw-rw-r-- 1 ubuntu ubuntu   542783 Jan  8 17:04 monkey.png
-rw-rw-r-- 1 ubuntu ubuntu    36864 Jan  8 17:07 nbtscan.exe
-rw-r--r-- 1 root   root     344576 Jan  8 17:07 netsess.exe
-rw-rw-r-- 1 ubuntu ubuntu      294 Jan  8 17:04 obfuscated_webShell.php
-rw-rw-r-- 1 ubuntu ubuntu   206848 Jan  8 17:04 paexec.exe
-rw-r--r-- 1 root   root         10 Oct 13  2023 password.txt
-rw-rw-r-- 1 ubuntu ubuntu  2397768 Jan  8 17:04 pillowMint.exe
-rw-rw-r-- 1 ubuntu ubuntu   678312 Jan  8 17:04 plink.exe
-rw-rw-r-- 1 ubuntu ubuntu   448187 Jan  8 17:04 powerview.ps1
-rw-rw-r-- 1 ubuntu ubuntu    19091 Jan  8 17:04 ps.ps1
-rw-rw-r-- 1 ubuntu ubuntu   685448 Jan  8 17:04 pscp.exe
-rw-rw-r-- 1 ubuntu ubuntu        0 Jan  8 17:07 psexec.exe
-rw-rw-r-- 1 ubuntu ubuntu    20758 Jan  8 17:04 psexec.py
-rw-rw-r-- 1 ubuntu ubuntu    19565 Jan  8 17:07 psexec_sandworm.py
-rw-rw-r-- 1 ubuntu ubuntu      302 Jan  8 17:07 putty.exe
-rw-rw-r-- 1 ubuntu ubuntu   603864 Jan  8 17:04 rar.exe
-rw-rw-r-- 1 ubuntu ubuntu     1358 Jan  8 17:04 reverse.ps1
-rw-rw-r-- 1 ubuntu ubuntu  1337344 Jan  8 17:04 samcat.exe
-rw-rw-r-- 1 ubuntu ubuntu  2283520 Jan  8 17:04 sandcat.go-windows-upx
-rw-rw-r-- 1 ubuntu ubuntu        0 Jan  8 17:07 secretsdump.exe
-rw-rw-r-- 1 ubuntu ubuntu    31405 Jan  8 17:04 stager.ps1
-rw-rw-r-- 1 ubuntu ubuntu      880 Jan  8 17:04 stepFifteen_wmi.ps1
-rw-rw-r-- 1 ubuntu ubuntu      422 Jan  8 17:04 stepFourteen_bypassUAC.ps1
-rw-rw-r-- 1 ubuntu ubuntu     2613 Jan  8 17:04 stepFourteen_credDump.ps1
-rw-rw-r-- 1 ubuntu ubuntu      525 Jan  8 17:04 stepSeventeen_email.ps1
-rw-rw-r-- 1 ubuntu ubuntu      771 Jan  8 17:04 stepSeventeen_zip.ps1
-rw-rw-r-- 1 ubuntu ubuntu    22020 Jan  8 17:04 stepSixteen_SID.ps1
-rw-rw-r-- 1 ubuntu ubuntu     4236 Jan  8 17:04 stepThirteen.ps1
-rw-rw-r-- 1 ubuntu ubuntu     1566 Jan  8 17:04 stepTwelve.ps1
-rw-rw-r-- 1 ubuntu ubuntu      754 Jan  8 17:04 take-screenshot.ps1
-rw-rw-r-- 1 ubuntu ubuntu   258560 Jan  8 17:07 tcping.exe
-rw-rw-r-- 1 ubuntu ubuntu      532 Jan  8 17:04 timestomp.ps1
-rw-rw-r-- 1 ubuntu ubuntu    87397 Jan  8 17:04 tiny.exe
-rw-rw-r-- 1 ubuntu ubuntu     1048 Jan  8 17:04 uac-bypass.ps1
-rw-rw-r-- 1 ubuntu ubuntu     1003 Jan  8 17:04 uac-samcats.ps1
-rw-rw-r-- 1 ubuntu ubuntu     1013 Jan  8 17:04 update.ps1
-rw-rw-r-- 1 ubuntu ubuntu     4284 Jan  8 17:04 upload.ps1
-rw-rw-r-- 1 ubuntu ubuntu      367 Jan  8 17:04 username.vbs
-rw-r--r-- 1 root   root     466944 Jul 13  2013 wce.exe
-rw-rw-r-- 1 ubuntu ubuntu   223882 Jan  8 17:07 wce_v1_41beta_universal.zip
-rw-rw-r-- 1 ubuntu ubuntu      966 Jan  8 17:04 window.bat
-rw-rw-r-- 1 ubuntu ubuntu   457076 Jan  8 17:04 wipe.ps1
-rw-rw-r-- 1 ubuntu ubuntu     9972 Jan  8 17:07 wmiexec.vbs
@elegantmoose
Copy link
Contributor

try rebuilding Caldera. Ie run download script to get all payloads (which you have already done) and then do --build to start the server again.

*IIRC, this is caused by Caldera not rechecking for updated payloads in a plugin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elegantmoose elegantmoose

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elegantmoose @notmarshmllow