Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to pass the User Certification: Create ability #2315

Closed
radioheado opened this issue Oct 6, 2021 · 5 comments
Closed

Unable to pass the User Certification: Create ability #2315

radioheado opened this issue Oct 6, 2021 · 5 comments
Assignees
@elegantmoose @uruwhy @CDJellen
Labels
bug hacktoberfest https://hacktoberfest.digitalocean.com

Comments

@radioheado
Copy link

Describe the bug
Unable to pass the User Certification: Create ability.

To Reproduce
Steps to reproduce the behavior:

  1. Open the Navigate menu.
  2. Select Campaigns > adversaries.
  3. In the drop-down, select the Certifiable adversary profile.
  4. Press the + add ability button on the right side of the window.
  5. In the window that appears, enter the following information: Press the generate new id button.

Issue 1 here: there is no such button in 4.0.0-alpha. So I tried to make a new ability through the abilities tab before I move back to step 4. I made the ability according to the guide solution,

  1. Select darwin as the platform from the drop-down.
  2. Select sh as the executor from the drop-down.
  3. Select sandcat.go-darwin from the payloads box.
  4. Enter whoami in the command text box.
  5. Enter ifconfig -a in the cleanup command text box.

Currently, I also have to specify the Technique Name and Technique ID or it won't allow me to save. I filled in with T1033 and System Owner/User Discovery. The above steps succeeded from step1 to step4. It failed every time when I wanted to add the cleanup command. No matter what I typed in the text box, it won't allow me to save the command.

Expected behavior
I expect to complete the flag.

Screenshots
image

Desktop (please complete the following information):

  • OS: Ubuntu 20.04.2 LTS
  • Browser: Firefox
  • Version 4.0.0-alpha
@radioheado radioheado added the bug label Oct 6, 2021
@wbooth wbooth removed their assignment Oct 11, 2021
@elegantmoose elegantmoose added the hacktoberfest https://hacktoberfest.digitalocean.com label Oct 12, 2021
@Saracodesagain
Copy link

i get the same error!

@elegantmoose
Copy link
Contributor

@radioheado and @TripleA98 - we are working on patch.

@Saracodesagain
Copy link

@radioheado and @TripleA98 - we are working on patch.

thank you! it seems that it has been patched and fixed 🥇

CDJellen added a commit to CDJellen/caldera that referenced this issue Oct 13, 2021
@CDJellen
Possible fix to Issue mitre#2315 (affects templates/abilities.html)
a24ecb2 
The REST API expects an ability object in which the cleanup field is an array (list) of strings. Currently, the "Create Ability" UI saves the cleanup command as a string, causing an Unprocessable Entity response status code (422) when executing the PUT request in API v2.  This commit includes a slight change to the cleanup field in the Create Ability modal which converts a line-break separated list of cleanup commands to the correct type.  The net effect of the change is to enable users to create and edit abilities which include cleanup commands through the UI and API v2.
@CDJellen CDJellen mentioned this issue Oct 13, 2021
Merged
5 tasks
@github-actions
Copy link

github-actions bot commented Nov 3, 2021

This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days

wbooth added a commit that referenced this issue Nov 3, 2021
@wbooth
Merge pull request #2321 from CDJellen/master
b816e9c 
Possible fix to Issue #2315 (affects `templates/abilities.html`)
@CDJellen
Copy link
Contributor

CDJellen commented Nov 3, 2021

The ability UI has been modified to enable cleanup commands in 4.0.0-alpha as of #2321 . Please consider updating to latest and creating the User Certificate training ability from the abilities tab. Thank you for reporting the issue, and feel free to open a new issue if you run in to any further issues, we are always looking to improve as we approach the full release of version 4.

@CDJellen CDJellen closed this as completed Nov 3, 2021
@radioheado radioheado mentioned this issue Nov 3, 2021
Closed
cyber-arsenull pushed a commit that referenced this issue Dec 28, 2021
@CDJellen
Possible fix to Issue #2315 (affects templates/abilities.html)
2a824f0 
The REST API expects an ability object in which the cleanup field is an array (list) of strings. Currently, the "Create Ability" UI saves the cleanup command as a string, causing an Unprocessable Entity response status code (422) when executing the PUT request in API v2.  This commit includes a slight change to the cleanup field in the Create Ability modal which converts a line-break separated list of cleanup commands to the correct type.  The net effect of the change is to enable users to create and edit abilities which include cleanup commands through the UI and API v2.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elegantmoose elegantmoose

@uruwhy uruwhy

@CDJellen CDJellen

Labels
bug hacktoberfest https://hacktoberfest.digitalocean.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@elegantmoose @wbooth @Saracodesagain @radioheado @uruwhy @CDJellen