Skip to content

GitLab

Open
Created by Knightmare HTB@knightmare

legion package in repo does not match latest build in repo. Causes issues importing scans, e.g. on HTB VMs

Hello.

The upstream build of the legion package has issues when importing certain types of scans during HTB VMs, and, I dare say other types of scanning. The version in the parrot repo is several behind the github version too, so this may explain the problem.

I have spawned a HTB pwnbox instance, and can reproduce the issue. By pulling in the latest github build, and a copy of pythonn3-pip from the parrot repo, it is possible to mitigate the problem. Below is the example of me taking this action:

┌─[zerokool@skynet]─[~]
└──╼ $sudo apt update
Get:1 https://deb.parrot.sh/parrot rolling InRelease [14.4 kB]
Get:2 https://deb.parrot.sh/parrot rolling-security InRelease [8,599 B]
Get:3 https://deb.parrot.sh/parrot rolling/main amd64 Packages [18.1 MB]
Get:4 https://deb.parrot.sh/parrot rolling/contrib amd64 Packages [152 kB]
Get:5 https://deb.parrot.sh/parrot rolling/non-free amd64 Packages [260 kB]
Fetched 18.5 MB in 2s (7,495 kB/s)                   
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
172 packages can be upgraded. Run 'apt list --upgradable' to see them.

┌─[zerokool@skynet]─[~]
└──╼ $sudo apt install legion
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
: <snip>
Need to get 40.1 MB of archives.
After this operation, 182 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 https://ftp.nluug.nl/os/Linux/distr/parrot rolling/main amd64 libavahi-core7 amd64 0.8-5 [121 kB]                                                                                      
: <snip>
Processing triggers for mailcap (3.69) ...
Scanning application launchers
Removing duplicate launchers or broken launchers
Launchers are updated

Pull in github revision

┌─[zerokool@skynet]─[~]
└──╼ $git clone https://github.com/GoVanguard/legion.git ; cd legion ; chmod +x startLegion.sh

Cloning into 'legion'...
remote: Enumerating objects: 3530, done.
remote: Counting objects: 100% (240/240), done.
remote: Compressing objects: 100% (193/193), done.
remote: Total 3530 (delta 120), reused 103 (delta 45), pack-reused 3290
Receiving objects: 100% (3530/3530), 3.13 MiB | 1.63 MiB/s, done.
Resolving deltas: 100% (2095/2095), done.

┌─[✗]─[zerokool@skynet]─[~/legion]
└──╼ $gksudo ./startLegion.sh

Strap yourself in, we're starting Legion...
Python 3.7 is installed, but neither PIP 3.7 nor PIP 3.6 were found. Please install PIP 3.7.
Python 3 bin is python3.7 (/usr/bin/python3.7)
Pip 3 bin is Missing ()
Detected Parrot ? 
First run here (or you did a pull to update). Let's try to automatically install all the dependancies...
Running Parrot-?.sh...
bash: ./deps/Parrot-?.sh: No such file or directory
Checking for additional Sparta scripts...
--2021-08-03 07:12:42--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/smbenum.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1605 (1.6K) [text/plain]
Saving to: 'scripts/smbenum.sh'

smbenum.sh                                      100%[=====================================================================================================>]   1.57K  --.-KB/s    in 0s      

2021-08-03 07:12:42 (18.0 MB/s) - 'scripts/smbenum.sh' saved [1605/1605]

--2021-08-03 07:12:42--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/snmpbrute.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.111.133, 185.199.110.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27302 (27K) [text/plain]
Saving to: 'scripts/snmpbrute.py'

snmpbrute.py                                    100%[=====================================================================================================>]  26.66K  --.-KB/s    in 0s      

2021-08-03 07:12:42 (74.0 MB/s) - 'scripts/snmpbrute.py' saved [27302/27302]

--2021-08-03 07:12:42--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/ms08-067_check.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8769 (8.6K) [text/plain]
Saving to: 'scripts/ms08-067_check.py'

ms08-067_check.py                               100%[=====================================================================================================>]   8.56K  --.-KB/s    in 0s      

2021-08-03 07:12:42 (56.9 MB/s) - 'scripts/ms08-067_check.py' saved [8769/8769]

--2021-08-03 07:12:42--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/rdp-sec-check.pl
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22219 (22K) [text/plain]
Saving to: 'scripts/rdp-sec-check.pl'

rdp-sec-check.pl                                100%[=====================================================================================================>]  21.70K  --.-KB/s    in 0.002s  

2021-08-03 07:12:42 (11.5 MB/s) - 'scripts/rdp-sec-check.pl' saved [22219/22219]

--2021-08-03 07:12:43--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/ndr.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 35836 (35K) [text/plain]
Saving to: 'scripts/ndr.py'

ndr.py                                          100%[=====================================================================================================>]  35.00K  --.-KB/s    in 0.002s  

2021-08-03 07:12:43 (18.1 MB/s) - 'scripts/ndr.py' saved [35836/35836]

--2021-08-03 07:12:43--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/installDeps.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 47 [text/plain]
Saving to: 'scripts/installDeps.sh'

installDeps.sh                                  100%[=====================================================================================================>]      47  --.-KB/s    in 0s      

2021-08-03 07:12:43 (2.19 MB/s) - 'scripts/installDeps.sh' saved [47/47]

--2021-08-03 07:12:43--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/snmpcheck.rb
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133, 185.199.109.133, 185.199.110.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 33258 (32K) [text/plain]
Saving to: 'scripts/snmpcheck.rb'

snmpcheck.rb                                    100%[=====================================================================================================>]  32.48K  --.-KB/s    in 0s      

2021-08-03 07:12:43 (75.6 MB/s) - 'scripts/snmpcheck.rb' saved [33258/33258]

--2021-08-03 07:12:43--  https://raw.githubusercontent.com/GoVanguard/sparta-scripts/master/smtp-user-enum.pl
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.110.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13045 (13K) [text/plain]
Saving to: 'scripts/smtp-user-enum.pl'

smtp-user-enum.pl                               100%[=====================================================================================================>]  12.74K  --.-KB/s    in 0s      

2021-08-03 07:12:44 (46.5 MB/s) - 'scripts/smtp-user-enum.pl' saved [13045/13045]

Cloning into 'scripts/CloudFail'...
remote: Enumerating objects: 308, done.
remote: Counting objects: 100% (24/24), done.
remote: Compressing objects: 100% (19/19), done.
remote: Total 308 (delta 7), reused 13 (delta 5), pack-reused 284
Receiving objects: 100% (308/308), 39.89 MiB | 5.00 MiB/s, done.
Resolving deltas: 100% (136/136), done.
Requirement already satisfied: scapy in /usr/lib/python3/dist-packages (2.4.4)
Fetching snmp-1.3.2.gem
Successfully installed snmp-1.3.2
Parsing documentation for snmp-1.3.2
Installing ri documentation for snmp-1.3.2
Done installing documentation for snmp after 0 seconds
1 gem installed
Python 3.7 is installed, but neither PIP 3.7 nor PIP 3.6 were found. Please install PIP 3.7.
Python 3 bin is python3.7 (/usr/bin/python3.7)
Pip 3 bin is Missing ()
 _     _____ ____ ___ ___  _   _ 
| |   | ____/ ___|_ _/ _ \| \ | |
| |   |  _|| |  _ | | | | |  \| |
| |___| |__| |_| || | |_| | |\  |
|_____|_____\____|___\___/|_| \_|

Upon loading both builds, there is a clear version jump between the upstrema package on the left, and the github revision on the right. This also corrects the issue on VMs where a large multi-stage nmap scan takes place, such as TheNotebook:

LegionParrotBuilds

Thanks.