401 Unauthorized - Kali

[OmegaImpakt]

Currently, I am using Kali 2024.4

When I try to run Caldera I get 401 Unauthorized

This is what I get when I run Caldera with the debugging option

2024-11-28 14:30:09 - INFO  (server.py:125 <module>) Using main config from conf/local.yml
2024-11-28 14:30:09 - DEBUG (learning_svc.py:20 __init__) Loaded 2 parsers
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for b1d41972-3ad9-4aa1-8f7f-05f049a2980e and 10a9d979-e342-418a-a9b0-002c483e0fa6 (Start 54ndc47). Modifying name of the second ability to Start 54ndc47 (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 1d3cb1429f530cb89f41c65e57f03db4 and 2488245e-bcbd-405d-920e-2de27db882b3 (Query Registry). Modifying name of the second ability to Query Registry (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 26d3702887944abcc64b406baf8f8e43 and 68a0a328719faa26fff5b92e18108b3f (Enumerate users and groups). Modifying name of the second ability to Enumerate users and groups (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for dca8b042fcdffcc1f5cddcff4122c434 and 44705da4b28c8fa57fc2a2940b34565a (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for b73d58b20bcb138a26175f240cca9de2 and 44705da4b28c8fa57fc2a2940b34565a (System Information Discovery). Modifying name of the second ability to System Information Discovery (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 942316dc6a362e44b248a872e5f42c92 and 4370001012f5f0df001269627b4737e9 (System Owner/User Discovery). Modifying name of the second ability to System Owner/User Discovery (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 5ac7f6ec1898d8d408f9cdc687262cc7 and 7db784562afbea0265fcafc4243b66de (Exfiltration Over Alternative Protocol - SSH). Modifying name of the second ability to Exfiltration Over Alternative Protocol - SSH (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for ab44803d5a9c299258efff185b0f70b5 and 9bd17863cd45f82002a6f011de139363 (rc.common). Modifying name of the second ability to rc.common (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for e0c75b4cc32124ef4c61508694fd0808 and c84a57391dbc724dc51436deb3e0ca00 (Get-DomainUser with PowerView). Modifying name of the second ability to Get-DomainUser with PowerView (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 52928f462ea8f5fa617aa8c815f5598b and 5e3512c73a461c17ddcb1cc0bbdbeef9 (WinPwn - PowerSharpPack - Kerberoasting Using Rubeus). Modifying name of the second ability to WinPwn - PowerSharpPack - Kerberoasting Using Rubeus (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 3bfd3a51f3c7352d7c6c6c785d01e5f7 and 9bd1997d793d0ac5b1aea4888c75c932 (Loadable Kernel Module based Rootkit). Modifying name of the second ability to Loadable Kernel Module based Rootkit (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for 3838447b079b302fe75b700a70163815 and fcf71ee3-d1a9-4136-b919-9e5f6da43608 (Clear Logs). Modifying name of the second ability to Clear Logs (2)...
2024-11-28 14:30:10 - DEBUG (c_ability.py:99 store) Collision in ability name detected for f674301b84ea3344f119270bf7bb97cd and 4d4b29abb6b1e580e33c0035c1fc37ad (rm -rf). Modifying name of the second ability to rm -rf (2)...
2024-11-28 14:30:10 - DEBUG (data_svc.py:116 restore_state) Restored data from persistent storage
2024-11-28 14:30:10 - DEBUG (data_svc.py:117 restore_state) There are 0 jobs in the scheduler
2024-11-28 14:30:10 - DEBUG (base_knowledge_svc.py:308 _restore_state) Restored data from persistent storage
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: dns
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: ftp
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: websocket
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: tcp
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: html
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: slack
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: udp
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: http
2024-11-28 14:30:10 - DEBUG (contact_svc.py:38 register_contact) Registered contact: gist
2024-11-28 14:30:11 - DEBUG (contact_svc.py:53 register_tunnel) Registered contact tunnel: ssh_tunneling
2024-11-28 14:30:11 - INFO  (contact_gist.py:70 start) Invalid Github Gist personal API token provided. Gist C2 contact will not be started.
2024-11-28 14:30:11 - INFO  (tunnel_ssh.py:26 start) Generating temporary SSH private key. Was unable to use provided SSH private key
2024-11-28 14:30:11 - INFO  (app_svc.py:116 load) Enabled plugin: stockpile
2024-11-28 14:30:11 - INFO  (app_svc.py:116 load) Enabled plugin: fieldmanual
2024-11-28 14:30:11 - INFO  (app_svc.py:116 load) Enabled plugin: compass
2024-11-28 14:30:11 - INFO  (app_svc.py:116 load) Enabled plugin: debrief
2024-11-28 14:30:11 - INFO  (app_svc.py:116 load) Enabled plugin: access
2024-11-28 14:30:11 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: ftp
2024-11-28 14:30:11 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: slack
2024-11-28 14:30:11 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: gist
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: dns_tunneling
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: proxy_http
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: proxy_smb_pipe
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: native_aws
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: native
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: shellcode
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: shells
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: donut
2024-11-28 14:30:12 - DEBUG (sand_svc.py:94 load_sandcat_extension_modules) Loaded gocat extension module: shared
2024-11-28 14:30:12 - INFO  (app_svc.py:116 load) Enabled plugin: sandcat
2024-11-28 14:30:12 - DEBUG (base_world.py:46 set_config) Configuration (agents) update, setting deployments=['0ab383be-b819-41bf-91b9-1bd4404d83bf', '1837b43e-4fff-46b2-a604-a602f7540469', '2f34977d-9558-4c12-abad-349716777c6b', '356d1722-7784-40c4-822b-0cf864b0b36d']
2024-11-28 14:30:12 - INFO  (app_svc.py:116 load) Enabled plugin: response
2024-11-28 14:30:12 - INFO  (app_svc.py:116 load) Enabled plugin: training
2024-11-28 14:30:12 - INFO  (app_svc.py:116 load) Enabled plugin: atomic
2024-11-28 14:30:12 - INFO  (app_svc.py:116 load) Enabled plugin: manx
2024-11-28 14:30:12 - INFO  (logging.py:102 log) Creating SSH listener on 0.0.0.0, port 8022
2024-11-28 14:30:12 - INFO  (server.py:756 start) serving on 0.0.0.0:2222
2024-11-28 14:30:20 - WARNING (hook.py:60 build_docs) Unable to build docs:

Configuration error:
There is a programmable error in your configuration file:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/sphinx/config.py", line 529, in eval_config_file
    exec(code, namespace)  # NoQA: S102
    ^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/caldera/plugins/fieldmanual/sphinx-docs/conf.py", line 28, in <module>
    import_plugin_docs(caldera_root_dir, sphinx_root_dir)
  File "/var/lib/caldera/plugins/fieldmanual/sphinx-docs/../../../plugins/fieldmanual/utils/plugin_docs.py", line 24, in import_plugin_docs
    doc_paths = copy_plugin_docs(caldera_root_dir, sphinx_root_dir)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/caldera/plugins/fieldmanual/sphinx-docs/../../../plugins/fieldmanual/utils/plugin_docs.py", line 51, in copy_plugin_docs
    copied_files = copy_tree(plugin_docs_dir, sphinx_plugin_dir)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/caldera/plugins/fieldmanual/sphinx-docs/../../../plugins/fieldmanual/utils/plugin_docs.py", line 17, in copy_tree
    before = set(glob.iglob(f"{dst}/**", recursive=True))
                 ^^^^
NameError: name 'glob' is not defined. Did you forget to import 'glob'


2024-11-28 14:30:20 - DEBUG (auth_svc.py:209 set_login_handlers) Using default login handler.
2024-11-28 14:30:20 - DEBUG (auth_svc.py:71 apply) Created authentication group: blue
2024-11-28 14:30:20 - DEBUG (auth_svc.py:71 apply) Created authentication group: red
2024-11-28 14:30:20 - DEBUG (protocol.py:256 __init__) = connection is CONNECTING
2024-11-28 14:30:20 - DEBUG (client.py:114 write_http_request) > GET /system/ready HTTP/1.1
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Host: 0.0.0.0:7012
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Upgrade: websocket
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Connection: Upgrade
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Sec-WebSocket-Key: mOJIRql46gPSx3mdayh39w==
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Sec-WebSocket-Version: 13
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-11-28 14:30:20 - DEBUG (client.py:116 write_http_request) > User-Agent: Python/3.12 websockets/10.4
2024-11-28 14:30:20 - DEBUG (client.py:147 read_http_response) < HTTP/1.1 101 Switching Protocols
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Upgrade: websocket
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Connection: Upgrade
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Sec-WebSocket-Accept: QjsmbvP/5jpmLTzQn0r31ocAMkQ=
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12; client_max_window_bits=12
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Date: Thu, 28 Nov 2024 12:30:20 GMT
2024-11-28 14:30:20 - DEBUG (client.py:149 read_http_response) < Server: Python/3.12 websockets/10.4
2024-11-28 14:30:20 - DEBUG (protocol.py:357 connection_open) = connection is OPEN
2024-11-28 14:30:20 - DEBUG (protocol.py:1232 write_close_frame) = connection is CLOSING
2024-11-28 14:30:20 - DEBUG (protocol.py:1183 write_frame_sync) > CLOSE 1000 (OK) [2 bytes]
2024-11-28 14:30:20 - DEBUG (protocol.py:1177 read_frame) < CLOSE 1000 (OK) [2 bytes]
2024-11-28 14:30:20 - DEBUG (protocol.py:1514 connection_lost) = connection is CLOSED
2024-11-28 14:30:20 - INFO  (server.py:73 run_tasks) All systems ready.
2024-11-28 14:30:28 - DEBUG (auth_svc.py:100 login_user) Using login handler "Default Login Handler" for login
2024-11-28 14:30:28 - DEBUG (default.py:34 handle_login) admin failed login attempt: 

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[rachelcamurphy]

Hi there,

Do you mind sharing the contents of your local.yml file? It looks like it may be a configuration problem.

[OmegaImpakt]

Hi there,

Do you mind sharing the contents of your local.yml file? It looks like it may be a configuration problem.

Yes Sure

ability_refresh: 60
api_key_blue: AcOknYOiAsh_1asnGrnfclhsEGfWT146oNxB57kxyOM
api_key_red: srrP81gI2huKmAOVKVfsq8HDEKbozdQfoCBSO9Jn34c
app.contact.dns.domain: mycaldera.caldera
app.contact.dns.socket: 0.0.0.0:8853
app.contact.ftp.host: 0.0.0.0
app.contact.ftp.port: 2222
app.contact.ftp.pword: caldera
app.contact.ftp.server.dir: ftp_dir
app.contact.ftp.user: caldera_user
app.contact.gist: API_KEY
app.contact.html: /weather
app.contact.http: http://0.0.0.0:8888
app.contact.slack.api_key: SLACK_TOKEN
app.contact.slack.bot_id: SLACK_BOT_ID
app.contact.slack.channel_id: SLACK_CHANNEL_ID
app.contact.tcp: 0.0.0.0:7010
app.contact.tunnel.ssh.host_key_file: REPLACE_WITH_KEY_FILE_PATH
app.contact.tunnel.ssh.host_key_passphrase: REPLACE_WITH_KEY_FILE_PASSPHRASE
app.contact.tunnel.ssh.socket: 0.0.0.0:8022
app.contact.tunnel.ssh.user_name: sandcat
app.contact.tunnel.ssh.user_password: s4ndc4t!
app.contact.udp: 0.0.0.0:7011
app.contact.websocket: 0.0.0.0:7012
auth.login.handler.module: default
crypt_salt: uPwkesWlCO8bK2UVOlPhEKKGvqii8Vmh4w5KMGdGqnY
encryption_key: dGpAJBJC9TdngbUV-KR-vWc8Uc5AjpWgyaoE2qhVkEk
exfil_dir: /tmp/caldera
host: 0.0.0.0
objects.planners.default: atomic
plugins:
- access
- atomic
- compass
- debrief
- fieldmanual
- manx
- response
- sandcat
- stockpile
- training
port: 8888
reports_dir: /tmp
requirements:
  go:
    command: go version
    type: installed_program
    version: 1.11
  python:
    attr: version
    module: sys
    type: python_module
    version: 3.7.0
users:
  blue:
    blue: kpiZv4s7B7uNTgQg7GSh0mown1ASlz1q9pkiDJzDO_k
  red:
    red: Ab3Po4iv5QFgIYV9nCcHpK6Sqd_tgrKzaq2Z5oL8rYg