Error executing Caldera injector in OpenBAS ("temporary injector not spawned correctly") (Docker Desktop)

[RafaelR03]

Description

I have deployed OpenBAS alongside Caldera using Docker Desktop for Windows. The setup appears to be functional, and I have confirmed that OpenBAS and Caldera can communicate correctly. Below are the steps I followed:

✅ Deployed OpenBAS and Caldera using Docker Compose
✅ Deployed a Sandcat (Linux) agent in Caldera
✅ Caldera successfully detects the agent
✅ The OpenBAS container can successfully ping the Sandcat agent's IP

However, when I attempt to execute an inject using Caldera within OpenBAS, the execution fails with the following error:

Environment

1. Operating System: Windows 11
2. Platform: Docker Desktop
3. OpenBAS Version: openbas 1.14.0
4. JAVA Virtual Machine: 21.0.6+7-LTS
5. PostgreSQL: 17.4
6. RabbitMQ: 4.0.7
7. Telemetry manager: Enable

docker-compose.yml Configuration: docker-compose.txt
caldera.yml Configuration: caldera.txt
docker-compose.caldera.yml Configuration: docker-compose.caldera.txt
docker-compose.caldera-executor.yml Configuration: docker-compose.caldera-executor.txt
docker-compose.caldera-injector.yml Configuration: docker-compose.caldera-injector.txt
.env Configuration: .env.txt

Agent Details

Status: alive, trusted
Paw: zusddx
Host: 190321efbac9 (172.18.0.8)
Display Name: 190321efbac9$root
Username: root
Privilege: Elevated
Last Seen: 3/24/2025, 9:00:25 PM
Created: 3/24/2025, 8:31:30 PM
Architecture: amd64
Platform: 798
PID: 798
PPID: 671
Executable Name: splunkd
Location: /usr/src/app/splunkd
Executors: proc, sh
Host IP Addresses: 172.18.0.8
Peer-to-Peer Proxy Receivers: No local P2P proxy receivers active.
Peer-toPeer Proxy Chains: Not using P2P agents to reach C2.

Reproducible Steps

1. Deployed OpenBAS and Caldera on Docker Desktop for Windows.
   Command: docker compose -p openbas -f docker-compose.yml -f docker-compose.caldera.yml -f docker-compose.caldera-executor.yml -f docker-compose.caldera-injector.yml up -d
2. Deployed a Sandcat (Linux) agent in Caldera, and it was detected by both OpenBAS and Caldera.
3. Verified that the OpenBAS container can ping the Sandcat agent.
4. Created a simulation in OpenBAS and added a Caldera inject, e.g., "Access /etc/master.passwd (Local)".
5. The execution fails with the error "ERROR Caldera failed to execute the ability on agent root (temporary injector not spawned correctly)".
6. If I run the same OpenBAS agent inject type, it stays in "Pending" indefinitely.

Expected Output

The simulation should execute successfully on the Sandcat agent via Caldera and return the execution results.

Actual Output

ERROR Caldera failed to execute the ability on agent root (temporary injector not spawned correctly)

This issue might be related to:
Failure to start the temporary injector in OpenBAS for communication with Caldera.
Incorrect OpenBAS configuration for communicating with Caldera (e.g., API key or environment variable issue).
Permission issues in Caldera preventing the execution of abilities via API.

If anyone can confirm if any adjustments are needed to allow OpenBAS to execute injects via Caldera, that would be greatly appreciated!

[damgouj]

Hello RafaelR03, thanks for all the details ! Could you try to:

• Restart your applications ?
• Check if a new agent is shown in Caldera when you try to execute the simulation ?
• Exclude your agent folder to prevent your antivirus to kill the agent ?

[RafaelR03]

Yes, I have already restarted the applications, but the issue persists. I have also tried different injectors, and all of them return the same error.

Yes, the agent appears in Caldera and is detected correctly. I can see it in the list of active agents, and it responds to pings from the OpenBAS container. However, when I execute the simulation, it still fails with the same error.

Could you please provide more details on how to exclude the agent folder? Specifically, how should I go about excluding the agent folder from the antivirus in the Caldera Docker container?

Also, it would be helpful if you could explain in more detail how to install both the Caldera agent and the OpenBAS agent, as I may have installed them incorrectly. I want to ensure that I followed the correct process for agent installation.

Also, I will send image of the Caldera settings, maybe it can help you understand something.

[damgouj]

If you want more details on how to install the Caldera and Openbas agents, look https://docs.openbas.io/latest/deployment/ecosystem/executors/ for Caldera and https://docs.openbas.io/latest/usage/openbas-agent/ for Openbas.
If you are in Docker for the Caldera agent, just check if you antivirus doesn't kill your agent when you execute your simulation.
To help me understand, could you send me an image of your Caldera agents section,

your Caldera abilities section,

and the details of the caldera subprocessor ?

[RafaelR03]

[damgouj]

Ok thank you. If you look your last image, the $url is not well filled so the implant isn't downloaded and your simulation is not executed. The fix is here: OpenBAS-Platform/docker@758ff29. You have to replace in your env file, OPENBAS_BASE-URL by OPENBAS_BASE_URL and in your docker-compose file, ${OPENBAS_BASE-URL} by ${OPENBAS_BASE_URL}. Don't forget to relaunch then all to sync again the caldera aibility. The URL should be replaced by the good one.

[RafaelR03]

Thank you for your help. However, after applying the suggested fix, the problem still persists.

[damgouj]

Could you check if your ability has now the right URL please ? Is it better with the OpenBAS agent ?

[J4ckie0x17]

Hi, I have the same problem as RafaelR03 (ERROR Caldera failed to execute the ability on asset ... (temporary injector not spawned correctly).
I have checked his files and they are the same as mine. In fact, I also had the error in the ${OPENBAS_BASE_URL} , after changing it, it still doesn't work. In my case I am using the caldera agent provided by OpenBAS.

I also have a problem that I don't know if it has anything to do with it, but when I install the caldera agent, I get the following message:

(This has been installed as NT-Authority system, and I have the rules in the exclusion firewall.)

Also I leave my configuration files, in case I'm missing something:

env.txt
docker-compose.txt
conf_caldera.txt

[damgouj]

Hello @J4ckie0x17, could you send an image of the Caldera ability to check if it is updated with the right URL ? If not, you have to delete the ability and relaunch OpenBAS.
For your installation problem about the caldera agent, to make it works, your Windows user needs to be admin and in the same domain as your machine.

[J4ckie0x17]

I provide you with a screenshot of the agent, and the script that installs it.

caldera_install.txt