Error with unicode about nimplant HOT 6 CLOSED

Hi @sl4cky, thanks for the report! That is indeed an edge case that I didn't test :)
Unfortunately, I'm not able to work on NimPlant for the foreseeable future, so any help on this is welcome. In troubleshooting this I would trace the steps of the whoami command (and corresponding information collection after check-in) and how that information is transferred from client to server. It likely isn't an extensive fix once the issue is found!

from nimplant.

Did some testing. The issue is with the winUtils.nim file and the getIntIp function, don't know exactly what the issue is with that function but I know the issue is there. whoami does not present the unicode but it doesn't make the agent fail to connect back. the issue makes the agent fail to connect back after the register request

from nimplant.

Hi @sl4cky! Thanks for looking into it. I found some time to troubleshoot the issue. It looks like there was in issue in the whoami() function not using a proper unicode API/buffer, and on the server side the log file was not opened in unicode mode causing a crash. Both issues should be resolved in the latest commit in the dev branch (cc4d6b6). Could you please pull this version and test if it works for you?

from nimplant.

Hi, yes will do it and let you know. Thanks 🙏

from nimplant.

Hi So I checked this, the whoami is okay but there is still an issue if the computername is with unicode, for this a change need to be done in the function proc getHost*() : string = of winutils. the winapi GetComputerNameW can be used for this I guess.

from nimplant.

Hi @sl4cky, thanks again for reporting this and sorry for the delay. I have updated the getHost() function to use the windows API to get the computer name as wide characters, which should fix the issue (02e9296). I unfortunately don't have a machine with a cyrillic name at hand to test, could you please verify if this fix (pushed to dev branch) works on your instance?

from nimplant.