Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Dan Le
    @ledan9286_gitlab
    is there instructions on resetting it
    i tried googling it and the ways that they are shown are not working
    Arvind
    @a4vnd_gitlab
    Hi GRR Team,
    after successfull GRR installation i'm able to see my client list in GRR dashboard?
    Kindly help me with any solution for it?
    mbushkov
    @mbushkov
    @a4vnd_gitlab - just click on a search button in the top right corner. You'll see all the clients then. For the context: https://grr-doc.readthedocs.io/en/latest/deploying-grr-clients/how-to-check-if-client-talks-back.html?highlight=search#how-to-check-if-a-deployed-client-talks-back-to-the-grr-server
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov I have tried it but its not showing any of the client.
    on my client system the GRR files are created, but its not able to fetch on back to GRR server.
    If you have any video tutorial or any document kindly share it
    Thank you,
    Arvind
    @a4vnd_gitlab
    @mbushkov I've installed according to the GRR doc given on this link https://grr-doc.readthedocs.io/en/latest/installing-grr-server/from-release-deb.html
    Arvind
    @a4vnd_gitlab
    Hi All,
    If anyone of you have GRR configuration installation video, kindly share it?
    Thanks in advance.
    Arvind
    @a4vnd_gitlab
    Hi all, i am facing an issue while configuring grr.
    error is ERROR:2019-04-02 04:11:14,021 2376 MainProcess 140316268869376 MainThread mysql_advanced_data_store:592] OperationalError: (2006, 'MySQL server has gone away'). This may be due to an incorrect MySQL 'max_allowed_packet' setting (try increasing it). Retrying
    mbushkov
    @mbushkov
    @a4vnd_gitlab , do you see this issue right away or just when clients are repacked? Can you post a more detailed log?
    Arvind
    @a4vnd_gitlab
    @mbushkov when clients are repacked
    mbushkov
    @mbushkov
    Have you tried increasing max_allowed_packet setting in MySQL?
    Arvind
    @a4vnd_gitlab
    yes
    but still the error continues to appear
    mbushkov
    @mbushkov
    When you do
    show variables like 'max_allowed_packet'
    in the MySQL console. Does it show an updated value? What's your current setting?
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov
    I'm facing an issue an mysql error
    Arvind
    @a4vnd_gitlab
    image.png
    Matthew Clairmont
    @clairmont32
    Hi all, I just came across a PDF doc dated in 2017 mentioning the exploration of a Go rewrite. Is this still on the table?
    mbushkov
    @mbushkov
    @clairmont32 - Fleetspeak project (https://github.com/google/fleetspeak), fully developed in Go, will eventually replace GRR frontend component (HTTP frontend that GRR clients talk to). As for the rest of GRR, as of now, we have no intention to rewrite it in Go.
    crysis30300
    @crysis30300
    Hello,
    I am trying to delete client via Grr_console as documented , but i get an error everytime i try to do that
    crysis30300
    @crysis30300
    Hello , whenever i try to push binary to any client the client crashes with many errors like ( Terminated by user GRRFrontEnd. Reason: Client crashed.) - (Client killed during transaction) - (Nanny Message
    Crash message : No heartbeat received) , the binary is already registered with {grr_config_updater upload_exe } and i can show it in binaries panel in the web UI , am i doing anything wrong or is there any instructions for doing so!!! , Thanks for your help , we really appreciate that
    crysis30300
    @crysis30300
    Update for Launchbinary Problem : i can see the .exe file in GRR/Temp folder in windows , and i can also see it in the Taskmanager in windows 10 , but it does not launch at all , and return with an error in GRR UI !! , any soluion for that
    prats84
    @prats84_twitter
    Sorry for the noob question, but can any one confirm if the communication client to server is encrypted tls/ssl, in default install i.e using .deb
    I did pcap capture and did not see it encrypted
    Tarek
    @tee2015
    Hello all , have aquestion how can I get the binary of the grr client Windows version should I build it ? myself
    Tarek
    @tee2015
    All good please disregard my silly question :P
    Tarek
    @tee2015
    Hello ALL its me again :) looks like both and the server are rnning no issues but wheneve rI strat a hunt job its giving (Can't start flow :
    Unknown error)
    Tarek
    @tee2015
    one of the examples (Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/webhistory.py", line 68, in Start raise flow_base.FlowError("Could not find valid History paths.") FlowError: Could not find valid History paths.)
    mbushkov
    @mbushkov
    @tee2015 , which flow do you start the hunt with? Does the machine where the flow is failing have registered users?
    Tarek
    @tee2015
    I started with chrome history , about registered users not sure tbh but I have the client is connected successfully to the grr server and showing status green and reproting back about how long it's been up and show the CPU usage and some info
    Tarek
    @tee2015
    @mbushkov I will check about registered users on the documentation
    Arvind
    @a4vnd_gitlab
    Hi @mbushkov
    is there any option to search an specific suspected " file's hash value" or "file by name" in GRR?
    Tarek
    @tee2015
    I saw U can retrieve a file
    Tarek
    @tee2015
    If Ur agent work properly ;)
    Tarek
    @tee2015
    @mbushkov I reinstalled the agent again and checked all the services it's creating , it's adding a record on the registry, starting the win monitor service properly , on the config file I just change the IP to connect back to the grr server , but it's not sending all the required details to the sever like the username + PC name and the CPU details and architecture ... Should I add the username manually in the config ? Looks like yes the issue with the registerd users can U just point me to a troubleshooting document or pointing what I am missing thank you very much in advance :)
    Tarek
    @tee2015
    Okay I think I found what I am missing , I must add psexec and register the user πŸ•ΊπŸΌπŸ’ƒ
    Tarek
    @tee2015
    image.png
    Now its registered and installed via Psexec, looks like not much changed I can see some python errors thought, "Traceback (most recent call last): File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flow.py", line 259, in StartFlow flow_obj.Start() File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 106, in Start self.state.knowledge_base = _ReadClientKnowledgeBase(self.client_id) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/flows/general/collectors.py", line 51, in _ReadClientKnowledgeBase client, allow_uninitialized=allow_uninitialized) File "/usr/share/grr-server/local/lib/python2.7/site-packages/grr_response_server/artifact.py", line 45, in GetKnowledgeBase (rdf_client_obj.client_id, kb)) KnowledgeBaseAttributesMissingError: KnowledgeBase missing OS for C.d746109cc0e10bdc. Knowledgebase content: message KnowledgeBase { }" .
    Tarek
    @tee2015
    πŸ₯ΊπŸ₯Ί
    Tarek
    @tee2015
    Thank you @mbushkov all sorted out πŸ™πŸ»πŸ‘πŸ»
    burakatabay
    @burakatabay
    hey!
    Is anyone here
    Tarek
    @tee2015
    πŸ‘€
    burakatabay
    @burakatabay
    Δ± try to install grr on centos 7-1810 but Δ± can't solve the problem can you help me ? @tee2015