Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't access Velociraptor #903

Open
VicTee opened this issue Aug 20, 2023 · 3 comments
Open

Can't access Velociraptor #903

VicTee opened this issue Aug 20, 2023 · 3 comments

Comments

@VicTee
Copy link

VicTee commented Aug 20, 2023

Get a Connection Refused error when trying to get into Velociraptor portal. No problem getting into Splunk or Fleet. I'm using http://:9999
@Matthew2412
Copy link

[*] Verifying that Velociraptor is reachable...
Error occured on webrequest: Exception calling "DownloadString" with "1" argument(s): "Nem lehet csatlakozni a távoli kiszolgálóhoz." (Cant connect to remote service )
[!] Velociraptor was unreachable and may not have installed correctly.

Could someone have a look at the logger vm ?
Fleet, Splunk , Guacamole is reachable but not velociraptor

I tried to redownload it but the issue persisted

@Matthew2412
Copy link 

logger: HTTP request sent, awaiting response... 200 OK
logger: Length: 54981288 (52M) [application/octet-stream]
logger: Saving to: ‘/opt/velociraptor/velociraptor-v0.7.0-2-linux-amd64’
logger:

velociraptor-v0.7.0 100%[===================>] 52.43M 4.29MB/s in 12s
logger:
logger: 2023-10-15 16:05:43 (4.31 MB/s) - ‘/opt/velociraptor/velociraptor-v0.7.0-2-linux-amd64’ saved [54981288/54981288]
logger:
logger: [16:05:43]: Velociraptor successfully downloaded!
logger: [16:05:43]: Creating Velociraptor dpkg...
logger: Creating amd64 server package at velociraptor_server_0.7.0.2_amd64.deb
logger: [16:05:46]: Cleanup velociraptor package building leftovers...
logger: [16:05:46]: Installing the dpkg...
logger: dpkg: error: cannot access archive 'velociraptor_*_server.deb': No such file or directory
logger: [16:05:46]: Failed to install the dpkg

@Skr1ptKid-0x
Copy link

Skr1ptKid-0x commented Oct 26, 2023
edited

It's not being managed anymore. :\ not sure where you are running it on. Logger isn't loading splunk or velociraptor either for me right now. I re-ran ansible playbook and got guacamole to load correctly. You may want to re-provision the host. Got splunk up. Otherwise, we probably need to look in the logger_bootstrap.sh for something that's wrong/old. And I found it

I installed in manually, but, I think if you look at this log in the bootstrap script, the wildcards in the wrong place. Its in the wrong place in the Velociraptor documents too. Unless I am messed up?

logger: dpkg: error: cannot access archive 'velociraptor_*_server.deb': No such file or directory

It should be like 'velociraptor_server_*_amd64.deb' https://docs.velociraptor.app/docs/deployment/self-signed/
I wonder about the cert used in the config too, but maybe its still ok and if not would it be easier to just make a new one with their tool or just use previous version of raptor? Not sure

Yes, the cert is expired. There are instructions at https://docs.velociraptor.app/docs/deployment/troubleshooting/

Attached is a new server.config. Remove the .txt extension and place is in your DetectionLab/Vagrant/resources/velociraptor path
server.config.yaml.txt

Attached is an updated logger_bootstrap.sh. Remove the .txt extension and place it in DetectionLab/Vagrant path
logger_bootstrap.sh.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@VicTee @Matthew2412 @Skr1ptKid-0x