Error with unicode

[sl4cky]

• This issue is not about OPSEC or bypassing defensive products
• I have followed the steps in the Troubleshooting section

---

OS and version:
ubuntu 22.04

Python version:
Python 3.10.1

Nim version:
Nim Compiler Version 1.6.12 [Linux: amd64]

Using Docker: Yes/No
No

Issue Description
When a target computer use unicode in their username / computername like Russian or Chineese or else it doesn't manage to communicate properly with the server.
following is the error :
An unexpected exception occurred when handling command: TypeError('unsupported format string passed to NoneType.format')

Screenshots

[chvancooten]

Hi @sl4cky, thanks for the report! That is indeed an edge case that I didn't test :)
Unfortunately, I'm not able to work on NimPlant for the foreseeable future, so any help on this is welcome. In troubleshooting this I would trace the steps of the whoami command (and corresponding information collection after check-in) and how that information is transferred from client to server. It likely isn't an extensive fix once the issue is found!

[sl4cky]

Did some testing. The issue is with the winUtils.nim file and the getIntIp function, don't know exactly what the issue is with that function but I know the issue is there. whoami does not present the unicode but it doesn't make the agent fail to connect back. the issue makes the agent fail to connect back after the register request

[chvancooten]

Hi @sl4cky! Thanks for looking into it. I found some time to troubleshoot the issue. It looks like there was in issue in the whoami() function not using a proper unicode API/buffer, and on the server side the log file was not opened in unicode mode causing a crash. Both issues should be resolved in the latest commit in the dev branch (cc4d6b6). Could you please pull this version and test if it works for you?

[sl4cky]

Hi, yes will do it and let you know. Thanks 🙏

[sl4cky]

Hi So I checked this, the whoami is okay but there is still an issue if the computername is with unicode, for this a change need to be done in the function proc getHost*() : string = of winutils. the winapi GetComputerNameW can be used for this I guess.

[chvancooten]

Hi @sl4cky, thanks again for reporting this and sorry for the delay. I have updated the getHost() function to use the windows API to get the computer name as wide characters, which should fix the issue (02e9296). I unfortunately don't have a machine with a cyrillic name at hand to test, could you please verify if this fix (pushed to dev branch) works on your instance?