Merge pull request BishopFox#412 from BishopFox/stage

PR 410

.github/workflows/autorelease.yml

@@ -2,8 +2,8 @@ name: Release
 
 on:
   push:
-    tags: v[1-9]+.[0-9]+.[0-9]+
-    branches: master
+    tags: ["v[1-9]+.[0-9]+.[0-9]+"]
+    branches: [master]
 
 jobs:
 
@@ -32,9 +32,6 @@ jobs:
 
     - name: Go Assets
       run: ./go-assets.sh
-
-    - name: Remove Vendor
-      run: rm -rf ./vendor/
 
     - name: Make
       run: export PATH=/home/runner/go/bin/:$PATH && make linux
@@ -77,9 +74,6 @@ jobs:
     - name: Go Assets
       run: ./go-assets.sh
 
-    - name: Remove Vendor
-      run: rm -rf ./vendor/
-
     - name: Make AMD64
       run: make macos
 

.github/workflows/codeql-scanning.yml

@@ -59,9 +59,6 @@ jobs:
       - name: Go Assets
         run: ./go-assets.sh
 
-      - name: Remove Vendor
-        run: rm -rf ./vendor/
-
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v1

.github/workflows/go.yml

@@ -34,9 +34,6 @@ jobs:
     - name: Go Assets
       run: ./go-assets.sh
 
-    - name: Remove Vendor
-      run: rm -rf ./vendor/
-
     - name: Make
       run: make linux
 
@@ -68,9 +65,6 @@ jobs:
     - name: Go Assets
       run: ./go-assets.sh
 
-    - name: Remove Vendor
-      run: rm -rf ./vendor/
-
     - name: Make
       run: make macos
 

Makefile

@@ -95,28 +95,28 @@ endif
 #
 .PHONY: default
 default: clean
-	$(ENV) $(GO) build -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
-	$(ENV) $(GO) build -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
+	$(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
+	$(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
 
 .PHONY: macos
 macos: clean
-	GOOS=darwin GOARCH=amd64 $(ENV) $(GO) build -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
-	GOOS=darwin GOARCH=amd64 $(ENV) $(GO) build -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
+	GOOS=darwin GOARCH=amd64 $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
+	GOOS=darwin GOARCH=amd64 $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
 
 .PHONY: macos-arm64
 macos-arm64: clean
-	GOOS=darwin GOARCH=arm64 $(ENV) $(GO) build -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server_arm64 ./server
-	GOOS=darwin GOARCH=arm64 $(ENV) $(GO) build -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client_arm64 ./client
+	GOOS=darwin GOARCH=arm64 $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server_arm64 ./server
+	GOOS=darwin GOARCH=arm64 $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client_arm64 ./client
 
 .PHONY: linux
 linux: clean
-	GOOS=linux $(ENV) $(GO) build -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
-	GOOS=linux $(ENV) $(GO) build -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
+	GOOS=linux $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server ./server
+	GOOS=linux $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client ./client
 
 .PHONY: windows
 windows: clean
-	GOOS=windows $(ENV) $(GO) build -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server.exe ./server
-	GOOS=windows $(ENV) $(GO) build -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client.exe ./client
+	GOOS=windows $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),server $(LDFLAGS) -o sliver-server.exe ./server
+	GOOS=windows $(ENV) $(GO) build -mod=vendor -trimpath $(TAGS),client $(LDFLAGS) -o sliver-client.exe ./client
 
 .PHONY: pb
 pb:

client/command/bind-commands.go

@@ -55,6 +55,7 @@ const (
 	defaultTCPPivotPort = 9898
 
 	defaultReconnect = 60
+	defaultPoll      = 1
 	defaultMaxErrors = 1000
 
 	defaultTimeout = 60
@@ -402,6 +403,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Int("T", "tcp-comms", defaultWGNPort, "wg c2 comms port")
 
 			f.Int("j", "reconnect", defaultReconnect, "attempt to reconnect every n second(s)")
+			f.Int("p", "poll", defaultPoll, "attempt to poll every n second(s)")
 			f.Int("k", "max-errors", defaultMaxErrors, "max number of connection errors")
 
 			f.String("w", "limit-datetime", "", "limit execution to before datetime")
@@ -1399,10 +1401,12 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 		LongHelp: help.GetHelpFor(consts.SetStr),
 		Flags: func(f *grumble.Flags) {
 			f.String("n", "name", "", "agent name to change to")
+			f.Int("r", "reconnect", -1, "reconnect interval for agent")
+			f.Int("p", "poll", -1, "poll interval for agent")
 		},
 		Run: func(ctx *grumble.Context) error {
 			fmt.Println()
-			setCmd(ctx, rpc)
+			updateSessionCmd(ctx, rpc)
 			fmt.Println()
 			return nil
 		},

client/command/generate.go

@@ -327,6 +327,7 @@ func parseCompileFlags(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) *clientp
 	}
 
 	reconnectInterval := ctx.Flags.Int("reconnect")
+	pollInterval := ctx.Flags.Int("poll")
 	maxConnectionErrors := ctx.Flags.Int("max-errors")
 
 	limitDomainJoined := ctx.Flags.Bool("limit-domainjoined")
@@ -396,6 +397,7 @@ func parseCompileFlags(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) *clientp
 		WGTcpCommsPort:    uint32(ctx.Flags.Int("tcp-comms")),
 
 		ReconnectInterval:   uint32(reconnectInterval),
+		PollInterval:        uint32(pollInterval),
 		MaxConnectionErrors: uint32(maxConnectionErrors),
 
 		LimitDomainJoined: limitDomainJoined,

client/command/info.go

@@ -42,19 +42,21 @@ func info(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 	}
 
 	if session != nil {
-		fmt.Printf(bold+"            ID: %s%d\n", normal, session.ID)
-		fmt.Printf(bold+"          Name: %s%s\n", normal, session.Name)
-		fmt.Printf(bold+"      Hostname: %s%s\n", normal, session.Hostname)
-		fmt.Printf(bold+"          UUID: %s%s\n", normal, session.UUID)
-		fmt.Printf(bold+"      Username: %s%s\n", normal, session.Username)
-		fmt.Printf(bold+"           UID: %s%s\n", normal, session.UID)
-		fmt.Printf(bold+"           GID: %s%s\n", normal, session.GID)
-		fmt.Printf(bold+"           PID: %s%d\n", normal, session.PID)
-		fmt.Printf(bold+"            OS: %s%s\n", normal, session.OS)
-		fmt.Printf(bold+"       Version: %s%s\n", normal, session.Version)
-		fmt.Printf(bold+"          Arch: %s%s\n", normal, session.Arch)
-		fmt.Printf(bold+"Remote Address: %s%s\n", normal, session.RemoteAddress)
-		fmt.Printf(bold+"     Proxy URL: %s%s\n", normal, session.ProxyURL)
+		fmt.Printf(bold+"                ID: %s%d\n", normal, session.ID)
+		fmt.Printf(bold+"              Name: %s%s\n", normal, session.Name)
+		fmt.Printf(bold+"          Hostname: %s%s\n", normal, session.Hostname)
+		fmt.Printf(bold+"              UUID: %s%s\n", normal, session.UUID)
+		fmt.Printf(bold+"          Username: %s%s\n", normal, session.Username)
+		fmt.Printf(bold+"               UID: %s%s\n", normal, session.UID)
+		fmt.Printf(bold+"               GID: %s%s\n", normal, session.GID)
+		fmt.Printf(bold+"               PID: %s%d\n", normal, session.PID)
+		fmt.Printf(bold+"                OS: %s%s\n", normal, session.OS)
+		fmt.Printf(bold+"           Version: %s%s\n", normal, session.Version)
+		fmt.Printf(bold+"              Arch: %s%s\n", normal, session.Arch)
+		fmt.Printf(bold+"    Remote Address: %s%s\n", normal, session.RemoteAddress)
+		fmt.Printf(bold+"         Proxy URL: %s%s\n", normal, session.ProxyURL)
+		fmt.Printf(bold+"     Poll Interval: %s%d\n", normal, session.PollInterval)
+		fmt.Printf(bold+"Reconnect Interval: %s%d\n", normal, session.ReconnectInterval)
 	} else {
 		fmt.Printf(Warn+"No target session, see `help %s`\n", consts.InfoStr)
 	}

client/command/set.go

@@ -30,24 +30,29 @@ import (
 	"github.com/desertbit/grumble"
 )
 
-func setCmd(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
+func updateSessionCmd(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 
 	// Option to change the agent name
 	name := ctx.Flags.String("name")
-
-	if name == "" {
-		fmt.Printf(Warn + "please provide a session name\n")
-		return
-	}
-	isAlphanumeric := regexp.MustCompile(`^[[:alnum:]]+$`).MatchString
-	if !isAlphanumeric(name) {
-		fmt.Printf(Warn + "Name must be in alphanumeric only\n")
-		return
+	if name != "" {
+		isAlphanumeric := regexp.MustCompile(`^[[:alnum:]]+$`).MatchString
+		if !isAlphanumeric(name) {
+			fmt.Printf(Warn + "Name must be in alphanumeric only\n")
+			return
+		}
 	}
 
+	// Option to change the reconnect interval
+	reconnect := ctx.Flags.Int("reconnect")
+
+	// Option to change the reconnect interval
+	poll := ctx.Flags.Int("poll")
+
 	session, err := rpc.UpdateSession(context.Background(), &clientpb.UpdateSession{
-		SessionID: ActiveSession.session.ID,
-		Name:      name,
+		SessionID:         ActiveSession.session.ID,
+		Name:              name,
+		ReconnectInterval: int32(reconnect),
+		PollInterval:      int32(poll),
 	})
 
 	if err != nil {

client/command/tasks.go

@@ -426,6 +426,7 @@ func getActiveSliverConfig() *clientpb.ImplantConfig {
 
 		MaxConnectionErrors: uint32(1000),
 		ReconnectInterval:   uint32(60),
+		PollInterval:        uint32(1),
 
 		Format:      clientpb.ImplantConfig_SHELLCODE,
 		IsSharedLib: true,

implant/sliver/handlers/handlers.go

@@ -28,6 +28,7 @@ import (
 	"io/ioutil"
 	"os/exec"
 	"strings"
+	"time"
 
 	// {{if .Config.Debug}}
 	"log"
@@ -448,6 +449,62 @@ func setEnvHandler(data []byte, resp RPCResponse) {
 	resp(data, err)
 }
 
+func reconnectIntervalHandler(data []byte, resp RPCResponse) {
+	reconnectIntervalReq := &sliverpb.ReconnectIntervalReq{}
+	err := proto.Unmarshal(data, reconnectIntervalReq)
+	if err != nil {
+		// {{if .Config.Debug}}
+		log.Printf("error decoding message: %v\n", err)
+		// {{end}}
+		return
+	}
+
+	reconnectInterval := reconnectIntervalReq.GetReconnectIntervalSeconds()
+	// {{if .Config.Debug}}
+	log.Printf("Update reconnect interval called: %d\n", reconnectInterval)
+	// {{end}}
+
+	// Set the reconnect interval value
+	transports.SetReconnectInterval(time.Duration(reconnectInterval) * time.Second)
+
+	recIntervalResp := &sliverpb.ReconnectInterval{}
+	recIntervalResp.Response = &commonpb.Response{}
+	if err != nil {
+		recIntervalResp.Response.Err = err.Error()
+	}
+
+	data, err = proto.Marshal(recIntervalResp)
+	resp(data, err)
+}
+
+func pollIntervalHandler(data []byte, resp RPCResponse) {
+	pollIntervalReq := &sliverpb.PollIntervalReq{}
+	err := proto.Unmarshal(data, pollIntervalReq)
+	if err != nil {
+		// {{if .Config.Debug}}
+		log.Printf("error decoding message: %v\n", err)
+		// {{end}}
+		return
+	}
+
+	pollInterval := pollIntervalReq.GetPollIntervalSeconds()
+	// {{if .Config.Debug}}
+	log.Printf("Update poll interval called: %d\n", pollInterval)
+	// {{end}}
+
+	// Set the reconnect interval value
+	transports.SetPollInterval(time.Duration(pollInterval) * time.Second)
+
+	pollIntervalResp := &sliverpb.PollInterval{}
+	pollIntervalResp.Response = &commonpb.Response{}
+	if err != nil {
+		pollIntervalResp.Response.Err = err.Error()
+	}
+
+	data, err = proto.Marshal(pollIntervalResp)
+	resp(data, err)
+}
+
 // {{if .Config.WGc2Enabled}}
 
 func wgListTCPForwardersHandler(_ []byte, resp RPCResponse) {

implant/sliver/handlers/handlers_darwin.go

@@ -44,6 +44,9 @@ var (
 
 		pb.MsgSideloadReq: sideloadHandler,
 
+		sliverpb.MsgReconnectIntervalReq: reconnectIntervalHandler,
+		sliverpb.MsgPollIntervalReq:      pollIntervalHandler,
+
 		// {{if .Config.WGc2Enabled}}
 		// Wireguard specific
 		sliverpb.MsgWGStartPortFwdReq:   wgStartPortfwdHandler,

implant/sliver/handlers/handlers_default.go

@@ -32,17 +32,19 @@ import (
 
 var (
 	genericHandlers = map[uint32]RPCHandler{
-		sliverpb.MsgPing:        pingHandler,
-		sliverpb.MsgLsReq:       dirListHandler,
-		sliverpb.MsgDownloadReq: downloadHandler,
-		sliverpb.MsgUploadReq:   uploadHandler,
-		sliverpb.MsgCdReq:       cdHandler,
-		sliverpb.MsgPwdReq:      pwdHandler,
-		sliverpb.MsgRmReq:       rmHandler,
-		sliverpb.MsgMkdirReq:    mkdirHandler,
-		sliverpb.MsgExecuteReq:  executeHandler,
-		sliverpb.MsgSetEnvReq:   setEnvHandler,
-		sliverpb.MsgEnvReq:      getEnvHandler,
+		sliverpb.MsgPing:                 pingHandler,
+		sliverpb.MsgLsReq:                dirListHandler,
+		sliverpb.MsgDownloadReq:          downloadHandler,
+		sliverpb.MsgUploadReq:            uploadHandler,
+		sliverpb.MsgCdReq:                cdHandler,
+		sliverpb.MsgPwdReq:               pwdHandler,
+		sliverpb.MsgRmReq:                rmHandler,
+		sliverpb.MsgMkdirReq:             mkdirHandler,
+		sliverpb.MsgExecuteReq:           executeHandler,
+		sliverpb.MsgSetEnvReq:            setEnvHandler,
+		sliverpb.MsgEnvReq:               getEnvHandler,
+		sliverpb.MsgReconnectIntervalReq: reconnectIntervalHandler,
+		sliverpb.MsgPollIntervalReq:      pollIntervalHandler,
 	}
 )
 

implant/sliver/handlers/handlers_linux.go

@@ -45,6 +45,9 @@ var (
 		sliverpb.MsgNetstatReq:  netstatHandler,
 		sliverpb.MsgSideloadReq: sideloadHandler,
 
+		sliverpb.MsgReconnectIntervalReq: reconnectIntervalHandler,
+		sliverpb.MsgPollIntervalReq:      pollIntervalHandler,
+
 		// {{if .Config.WGc2Enabled}}
 		// Wireguard specific
 		sliverpb.MsgWGStartPortFwdReq:   wgStartPortfwdHandler,

implant/sliver/handlers/handlers_windows.go

@@ -83,6 +83,9 @@ var (
 		sliverpb.MsgRmReq:       rmHandler,
 		sliverpb.MsgMkdirReq:    mkdirHandler,
 		sliverpb.MsgExecuteReq:  executeHandler,
+		sliverpb.MsgReconnectIntervalReq: reconnectIntervalHandler,
+		sliverpb.MsgPollIntervalReq:      pollIntervalHandler,
+
 		// {{if .Config.WGc2Enabled}}
 		// Wireguard specific
 		sliverpb.MsgWGStartPortFwdReq:   wgStartPortfwdHandler,

implant/sliver/sliver.go

@@ -286,6 +286,7 @@ func getRegisterSliver() *sliverpb.Envelope {
 		ActiveC2:          transports.GetActiveC2(),
 		ReconnectInterval: uint32(transports.GetReconnectInterval() / time.Second),
 		ProxyURL:          transports.GetProxyURL(),
+		PollInterval:      uint32(transports.GetPollInterval() / time.Second),
 	})
 	if err != nil {
 		// {{if .Config.Debug}}