Cannot get past login page #2901
Comments
|
Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/ |
|
2024-02-25 14:22:04 INFO new connection from 10.0.4.14:54112 server.py:888 |
|
Just confirming, you pulled down Master branch with --recursive flag (to pick up more recent plugins/magma submodule) ? |
|
I had the same issue when pulling with --recursive flag and specifying --branch 5.0.0. However, when omitting a specific branch it worked as intended. Hope this helps. |
|
Master branch is what is getting the patches. Including this fix - #2881 |
|
hey, I have the same problem. I pulled master branch(using --recursive) and tried using Safari, Chrome and firefox but still can't login.(the server is on Ubuntu machine and I'm using it remotely using the ip) |
|
Experiencing the same issue with a fresh pull of caldera this morning. Used |
|
Working now. Looks like I was running into this issue: #2885 (comment) Here's what fixed it.
Is there a way to simply use a wildcard here rather than a hardcoded IP? I tried the typical 0.0.0.0 as the <CALDERA_IP> but it didn't work. @edenqyb Sounds like it'll probably be the same issue you're running into from your setup's description. --- EDIT ---- |
|
Yep, @elegantmoose can confirm that I am pulling from the master branch @aut0exec copy and edit the .env file to my actual ip address worked |
|
@aut0exec thanks for posting this, I had to make this change as well! |
|
hey, even I am facing this issue: Recording.2024-04-23.175556.mp4 |
|
Me too and i have tryed everything written here |
|
Here's the inspect console view: Recording.mp4 |
|
Same goes for me, even if i tryed everything that is said here |
|
Not sure how you are trying but if it is with --insecure flag the default creds should not work. You should look for the creds that are generated in |
I tried with both and none worked. |
|
has anyone got this working? |
|
I got fed up and am using a previous version of the tool. |
|
i figured out my issue: i ran
|
It's works for me..... |
Describe the bug
Unable to login using default login on port 8888
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Log into the first screen
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
after launching main.py with debugging, insecure, build
2024-02-25 06:11:36 WARNING --insecure flag set. Caldera will use the default user accounts in default.yml config file. server.py:216
INFO Using main config from conf/default.yml server.py:225
DEBUG Loaded 2 parsers learning_svc.py:20
2024-02-25 06:11:37 INFO Building VueJS front-end. server.py:261
up to date, audited 1071 packages in 2s
153 packages are looking for funding
run
npm fundfor details1 moderate severity vulnerability
To address all issues (including breaking changes), run:
npm audit fix --force
Run
npm auditfor details.Copying all plugin GUI source files to magma
Copying over "access" files...
Copying over "atomic" files...
Copying over "builder" files...
Copying over "compass" files...
Copying over "debrief" files...
Copying over "emu" files...
Copying over "gameboard" files...
Copying over "human" files...
Copying over "manx" files...
Copying over "response" files...
Copying over "sandcat" files...
Copying over "ssl" files...
Copying over "stockpile" files...
Copying over "training" files...
Plugin GUI source files copied!
vite v2.9.17 building for production...
✓ 1481 modules transformed.
dist/assets/favicon.cc1c341b.ico 69.07 KiB
dist/assets/caldera-logo.6a24b35b.png 16.51 KiB
dist/assets/caldera-logo-mtn.88f0ff8a.png 36.07 KiB
dist/assets/darwin-icon-privileged.ffa7a1c2.svg 0.68 KiB
dist/assets/darwin-icon.95280721.svg 0.67 KiB
dist/assets/linux-icon-privileged.d1ede01c.svg 3.66 KiB
dist/assets/linux-icon.df96f069.svg 3.65 KiB
dist/assets/windows-icon-privileged.e4e076e8.svg 0.39 KiB
dist/assets/windows-icon.2e7338a5.svg 0.37 KiB
dist/index.html 0.46 KiB
dist/assets/access.a0a503d9.js 12.71 KiB / gzip: 3.97 KiB
dist/assets/atomic.67a3e273.js 1.05 KiB / gzip: 0.62 KiB
dist/assets/builder.7f422b3e.js 1.08 KiB / gzip: 0.63 KiB
dist/assets/compass.ad30b927.js 5.22 KiB / gzip: 2.22 KiB
dist/assets/debrief.166c248a.js 27.75 KiB / gzip: 7.22 KiB
dist/assets/emu.40c251f3.js 1.56 KiB / gzip: 0.70 KiB
dist/assets/gameboard.01aa0461.js 21.79 KiB / gzip: 6.09 KiB
dist/assets/sandcat.e3e90fa8.js 0.68 KiB / gzip: 0.44 KiB
dist/assets/human.615d442d.js 11.80 KiB / gzip: 3.46 KiB
dist/assets/response.4fea73b3.js 1.60 KiB / gzip: 0.83 KiB
dist/assets/manx.d044addc.js 6.11 KiB / gzip: 2.27 KiB
dist/assets/stockpile.730486f7.js 1.61 KiB / gzip: 0.76 KiB
dist/assets/gameboard.430857df.css 2.01 KiB / gzip: 0.68 KiB
dist/assets/compass.4b402f52.css 0.12 KiB / gzip: 0.12 KiB
dist/assets/debrief.854158fe.css 0.79 KiB / gzip: 0.34 KiB
dist/assets/human.d7b43e12.css 2.31 KiB / gzip: 0.78 KiB
dist/assets/response.9692d0ec.css 0.20 KiB / gzip: 0.13 KiB
dist/assets/training.9d43ffbb.css 3.86 KiB / gzip: 1.06 KiB
dist/assets/manx.fdacbfd3.css 3.11 KiB / gzip: 1.51 KiB
dist/assets/training.35b91e34.js 8.51 KiB / gzip: 3.33 KiB
dist/assets/access.b689ce59.css 0.32 KiB / gzip: 0.20 KiB
dist/assets/ssl.363b7b54.js 0.98 KiB / gzip: 0.62 KiB
dist/assets/index.ad437303.css 248.24 KiB / gzip: 33.79 KiB
dist/assets/index.b6169022.js 1665.65 KiB / gzip: 535.85 KiB
(!) Some chunks are larger than 500 KiB after minification. Consider:
2024-02-25 06:11:51 INFO VueJS front-end build complete. server.py:264
2024-02-25 06:11:52 DEBUG Collision in ability name detected for 5e3512c73a461c17ddcb1cc0bbdbeef9 and 52928f462ea8f5fa617aa8c815f5598b (WinPwn - PowerSharpPack - Kerberoasting Using Rubeus). Modifying name of the second ability to WinPwn - c_ability.py:103
PowerSharpPack - Kerberoasting Using Rubeus (2)...
DEBUG Collision in ability name detected for 9bd17863cd45f82002a6f011de139363 and ab44803d5a9c299258efff185b0f70b5 (rc.common). Modifying name of the second ability to rc.common (2)... c_ability.py:103
DEBUG Collision in ability name detected for 5ac7f6ec1898d8d408f9cdc687262cc7 and 7db784562afbea0265fcafc4243b66de (Exfiltration Over Alternative Protocol - SSH). Modifying name of the second ability to Exfiltration Over Alternative c_ability.py:103
Protocol - SSH (2)...
DEBUG Collision in ability name detected for 26d3702887944abcc64b406baf8f8e43 and 68a0a328719faa26fff5b92e18108b3f (Enumerate users and groups). Modifying name of the second ability to Enumerate users and groups (2)... c_ability.py:103
DEBUG Collision in ability name detected for c84a57391dbc724dc51436deb3e0ca00 and e0c75b4cc32124ef4c61508694fd0808 (Get-DomainUser with PowerView). Modifying name of the second ability to Get-DomainUser with PowerView (2)... c_ability.py:103
DEBUG Collision in ability name detected for 44705da4b28c8fa57fc2a2940b34565a and b73d58b20bcb138a26175f240cca9de2 (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)... c_ability.py:103
DEBUG Collision in ability name detected for dca8b042fcdffcc1f5cddcff4122c434 and b73d58b20bcb138a26175f240cca9de2 (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)... c_ability.py:103
DEBUG Collision in ability name detected for 4370001012f5f0df001269627b4737e9 and 942316dc6a362e44b248a872e5f42c92 (System Owner/User Discovery). Modifying name of the second ability to System Owner/User Discovery (2)... c_ability.py:103
DEBUG Collision in ability name detected for 3bfd3a51f3c7352d7c6c6c785d01e5f7 and 9bd1997d793d0ac5b1aea4888c75c932 (Loadable Kernel Module based Rootkit). Modifying name of the second ability to Loadable Kernel Module based Rootkit c_ability.py:103
(2)...
DEBUG Collision in ability name detected for 4d4b29abb6b1e580e33c0035c1fc37ad and f674301b84ea3344f119270bf7bb97cd (rm -rf). Modifying name of the second ability to rm -rf (2)... c_ability.py:103
DEBUG Collision in ability name detected for 2488245e-bcbd-405d-920e-2de27db882b3 and 1d3cb1429f530cb89f41c65e57f03db4 (Query Registry). Modifying name of the second ability to Query Registry (2)... c_ability.py:103
DEBUG Collision in ability name detected for fcf71ee3-d1a9-4136-b919-9e5f6da43608 and 3838447b079b302fe75b700a70163815 (Clear Logs). Modifying name of the second ability to Clear Logs (2)... c_ability.py:103
DEBUG Collision in ability name detected for b1d41972-3ad9-4aa1-8f7f-05f049a2980e and 10a9d979-e342-418a-a9b0-002c483e0fa6 (Start 54ndc47). Modifying name of the second ability to Start 54ndc47 (2)... c_ability.py:103
DEBUG Restored data from persistent storage data_svc.py:116
DEBUG There are 0 jobs in the scheduler data_svc.py:117
DEBUG Restored data from persistent storage base_knowledge_svc.py:308
DEBUG Registered contact: html contact_svc.py:38
DEBUG Registered contact: gist contact_svc.py:38
DEBUG Registered contact: dns contact_svc.py:38
DEBUG Registered contact: websocket contact_svc.py:38
DEBUG Registered contact: udp contact_svc.py:38
DEBUG Registered contact: tcp contact_svc.py:38
DEBUG Registered contact: slack contact_svc.py:38
DEBUG Registered contact: ftp contact_svc.py:38
DEBUG Registered contact: http contact_svc.py:38
DEBUG Registered contact tunnel: ssh_tunneling contact_svc.py:53
INFO Invalid Github Gist personal API token provided. Gist C2 contact will not be started. contact_gist.py:70
INFO Generating temporary SSH private key. Was unable to use provided SSH private key tunnel_ssh.py:26
DEBUG Configuration (agents) update, setting deployments=['0ab383be-b819-41bf-91b9-1bd4404d83bf', '1837b43e-4fff-46b2-a604-a602f7540469', '356d1722-7784-40c4-822b-0cf864b0b36d', '2f34977d-9558-4c12-abad-349716777c6b'] base_world.py:46
INFO Enabled plugin: response app_svc.py:116
INFO Enabled plugin: training app_svc.py:116
INFO Enabled plugin: atomic app_svc.py:116
ERROR Error importing plugin=builder, No module named 'docker' c_plugin.py:91
ERROR Error loading plugin=builder, 'NoneType' object has no attribute 'description' c_plugin.py:59
INFO Enabled plugin: manx app_svc.py:116
INFO Enabled plugin: access app_svc.py:116
INFO Enabled plugin: compass app_svc.py:116
INFO Enabled plugin: debrief app_svc.py:116
INFO Enabled plugin: fieldmanual app_svc.py:116
INFO Enabled plugin: stockpile app_svc.py:116
DEBUG Loaded gocat extension module: donut sand_svc.py:94
DEBUG Loaded gocat extension module: proxy_http sand_svc.py:94
DEBUG Loaded gocat extension module: shared sand_svc.py:94
DEBUG Loaded gocat extension module: slack sand_svc.py:94
2024-02-25 06:11:53 DEBUG Loaded gocat extension module: dns_tunneling sand_svc.py:94
DEBUG Loaded gocat extension module: native sand_svc.py:94
DEBUG Loaded gocat extension module: shellcode sand_svc.py:94
DEBUG Loaded gocat extension module: shells sand_svc.py:94
INFO Enabled plugin: sandcat app_svc.py:116
INFO Creating SSH listener on 0.0.0.0, port 8022 logging.py:92
INFO serving on 0.0.0.0:2222 server.py:741
WARNING Unable to properly load .donut for payload plugins.stockpile.app.donut.donut_handler due to failed import data_svc.py:436
WARNING upx does not meet the minimum version of 0.0.0. Upx is an optional dependency which adds more functionality. app_svc.py:171
2024-02-25 06:11:59 WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ff78708e0e18d31c0be7a2be295158ec c_adversary.py:90
WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 6fdc9037290299164d52b65219d628ef c_adversary.py:90
WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: ae21aefd2d9933df45a4e55485fbc333 c_adversary.py:90
WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: d8f4e4e10f4d6da1b174bb18cb859e6c c_adversary.py:90
WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 86ab6d7ecc05b7dabc7699a9e6a0a173 c_adversary.py:90
WARNING Ability referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: 5c922d92f383656401d5633ca23db497 c_adversary.py:90
WARNING Objective referenced in adversary ef4d997c-a0d1-4067-9efa-87c58682db71 but not found: c495a9828-cab1-44dd-a0ca-66e58177d8c. Setting default objective. c_adversary.py:95
2024-02-25 06:12:00 INFO Docs built successfully. hook.py:58
DEBUG Using default login handler. auth_svc.py:209
DEBUG Created authentication group: blue auth_svc.py:72
DEBUG Created authentication group: red auth_svc.py:72
DEBUG = connection is CONNECTING protocol.py:255
DEBUG > GET /system/ready HTTP/1.1 client.py:115
DEBUG > Host: 0.0.0.0:7012 client.py:117
DEBUG > Upgrade: websocket client.py:117
DEBUG > Connection: Upgrade client.py:117
DEBUG > Sec-WebSocket-Key: XW9AJqYM66vHUKndR95Y4A== client.py:117
DEBUG > Sec-WebSocket-Version: 13 client.py:117
DEBUG > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits client.py:117
DEBUG > User-Agent: Python/3.8 websockets/11.0.3 client.py:117
DEBUG < HTTP/1.1 101 Switching Protocols client.py:148
DEBUG < Upgrade: websocket client.py:150
DEBUG < Connection: Upgrade client.py:150
DEBUG < Sec-WebSocket-Accept: xzmuoWNPsdPanDCo/AmBgQq9y9s= client.py:150
DEBUG < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12 client.py:150
DEBUG < Date: Sun, 25 Feb 2024 06:12:00 GMT client.py:150
DEBUG < Server: Python/3.8 websockets/11.0.3 client.py:150
DEBUG = connection is OPEN protocol.py:356
DEBUG < CLOSE 1000 (OK) [2 bytes] protocol.py:1168
DEBUG = connection is CLOSING protocol.py:1223
DEBUG > CLOSE 1000 (OK) [2 bytes] protocol.py:1174
DEBUG = connection is CLOSED protocol.py:1494
INFO All systems ready. server.py:101
██████╗ █████╗ ██╗ ██████╗ ███████╗██████╗ █████╗
██╔════╝██╔══██╗██║ ██╔══██╗██╔════╝██╔══██╗██╔══██╗
██║ ███████║██║ ██║ ██║█████╗ ██████╔╝███████║
██║ ██╔══██║██║ ██║ ██║██╔══╝ ██╔══██╗██╔══██║
╚██████╗██║ ██║███████╗██████╔╝███████╗██║ ██║██║ ██║
╚═════╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝
2024-02-25 06:12:14 DEBUG Using login handler "Default Login Handler" for login auth_svc.py:101
DEBUG admin logging in auth_svc.py:155
The text was updated successfully, but these errors were encountered: