You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When attempting to generate a windows_shellcode stager in Empire, the process fails with a server-side error:
Server Log Error:
RuntimeError: File not found.
File "/home/kali/git/Empire/empire/server/common/stagers.py", line 203, in generate_powershell_shellcode
shellcode = donut.create(file=directory, arch=arch_type)
On the client-side, this results in a JSONDecodeError due to an empty response from the server:
Client Log Error:
ERROR: Expecting value: line 1 column 1 (char 0)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Despite donut-shellcode being installed as indicated in pyproject.toml and poetry.lock, the error persists.
[ERROR]: Exception in ASGI application
Traceback (most recent call last):
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/uvicorn/protocols/http/h11_impl.py", line 412, in run_asgi
result = await app( # type: ignore[func-returns-value]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/uvicorn/middleware/proxy_headers.py", line 84, in __call__
return await self.app(scope, receive, send)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/fastapi/applications.py", line 1054, in __call__
await super().__call__(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/applications.py", line 123, in __call__
await self.middleware_stack(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/errors.py", line 186, in __call__
raise exc
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/errors.py", line 164, in __call__
await self.app(scope, receive, _send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/gzip.py", line 24, in __call__
await responder(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/gzip.py", line 44, in __call__
await self.app(scope, receive, self.send_with_gzip)
File "/home/kali/git/Empire/empire/server/api/middleware.py", line 36, in __call__
await super().__call__(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/cors.py", line 83, in __call__
await self.app(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/middleware/exceptions.py", line 62, in __call__
await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/routing.py", line 758, in __call__
await self.middleware_stack(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/routing.py", line 778, in app
await route.handle(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/routing.py", line 299, in handle
await self.app(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/routing.py", line 79, in app
await wrap_app_handling_exceptions(app, request)(scope, receive, send)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/starlette/routing.py", line 74, in app
response = await func(request)
^^^^^^^^^^^^^^^^^^^
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/fastapi/routing.py", line 299, in app
raise e
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/fastapi/routing.py", line 294, in app
raw_response = await run_endpoint_function(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.cache/pypoetry/virtualenvs/empire-bc-security-fork-Sa7SYij8-py3.12/lib/python3.12/site-packages/fastapi/routing.py", line 191, in run_endpoint_function
return await dependant.call(**values)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/git/Empire/empire/server/api/v2/stager/stager_api.py", line 60, in create_stager
resp, err = stager_service.create_stager(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/git/Empire/empire/server/core/stager_service.py", line 85, in create_stager
generated, err = self.generate_stager(template_instance)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/git/Empire/empire/server/core/stager_service.py", line 153, in generate_stager
resp = template_instance.generate()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/git/Empire/empire/server/stagers/windows/shellcode.py", line 148, in generate
shellcode, err = self.mainMenu.stagers.generate_powershell_shellcode(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/git/Empire/empire/server/common/stagers.py", line 203, in generate_powershell_shellcode
shellcode = donut.create(file=directory, arch=arch_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
RuntimeError: File not found.
Expected Behavior
The stager generation process should be completed successfully
Language of the stager to generate (powershell, csharp).
Architecture
both
True
Architecture of the .dll to generate (x64 or x86).
StagerRetries
0
False
Times for the stager to retry connecting.
UserAgent
default
False
User-agent string to use for the staging request (default, none, or other).
Proxy
default
False
Proxy to use for request (default, none, or other).
ProxyCreds
default
False
Proxy credentials ([domain]username:password) to use for request (default, none, or other).
OutFile
shelly.bin
True
Filename that should be used for the generated output.
Obfuscate
False
False
Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.
ObfuscateCommand
Token\All\1
False
The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.
Bypasses
mattifestation etw
False
Bypasses as a space separated list to be prepended to the launcher.
Anything else?
Suspected Cause:
The donut.create() function cannot find a required file during the stager generation process. This may indicate a misconfiguration in Empire’s use of the donut-shellcode library or missing dependencies. Based on the discussion in [BUG] Fail to build on Python 3.12 #752 donut version was recently updated.
Attempts to Fix:
Reinstalled donut-shellcode using poetry.
Verified donut-shellcode installation in a Python shell (inside poetry session).
Rebuilt Empire dependencies with poetry install.
Despite these steps, the error persists.
The text was updated successfully, but these errors were encountered:
I think I finally tracked this issue down, and it was definitely a frustrating one to debug. It turns out that if you start the server and generate the PowerShell C# EXE stager, it will fail. However, if you restart the server, it works as expected. The reason it was tricky to reproduce consistently is that the launcher file wasn’t being deleted on a server restart. To address this, I’ve updated the code so that the launcher file is included by default, and resets will now clear that file.
From what I can tell, this issue should no longer exist in version 6.0, as we’ve completely rewritten the compiler in that release.
Thanks for your patience while I worked through this and if you have a chance, can you test out the PR to confirm it works for you?
Is there an existing issue for this?
Empire Version
v5.11.7
Python Version
3.12.7
Operating System
Kali Linux 2024.4
Database
MariaDB
Current Behavior
When attempting to generate a windows_shellcode stager in Empire, the process fails with a server-side error:
On the client-side, this results in a JSONDecodeError due to an empty response from the server:
Despite donut-shellcode being installed as indicated in pyproject.toml and poetry.lock, the error persists.
Full server log:
Expected Behavior
The stager generation process should be completed successfully
Steps To Reproduce
generate the stager
Observe the server and client logs for errors.
full list of options set:
Anything else?
Suspected Cause:
Attempts to Fix:
Despite these steps, the error persists.
The text was updated successfully, but these errors were encountered: