Skip to content

Commit

Permalink
Merge pull request #599 from BishopFox/fix/kill
Browse files Browse the repository at this point in the history
Fix/kill
  • Loading branch information
moloch-- authored Feb 13, 2022
2 parents 8bc39cc + 34738d2 commit 646ef42
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 10 deletions.
4 changes: 4 additions & 0 deletions client/command/processes/terminate.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ func TerminateCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
Pid: int32(pid),
Force: ctx.Flags.Bool("force"),
})
if err != nil {
con.PrintErrorf("Terminate failed: %s", err)
return
}

if terminated.Response != nil && terminated.Response.Async {
con.AddBeaconCallback(terminated.Response.TaskID, func(task *clientpb.BeaconTask) {
Expand Down
6 changes: 5 additions & 1 deletion implant/sliver/handlers/special-handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ package handlers

import (
"os"
"time"

"github.com/bishopfox/sliver/implant/sliver/transports"
"github.com/bishopfox/sliver/protobuf/sliverpb"
Expand Down Expand Up @@ -54,6 +55,9 @@ func killHandler(data []byte, _ *transports.Connection) error {
// {{if .Config.Debug}}
log.Println("Let's exit!")
// {{end}}
os.Exit(0)
go func() {
time.Sleep(time.Second)
os.Exit(0)
}()
return nil
}
3 changes: 1 addition & 2 deletions implant/sliver/sliver.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#include "sliver.h"

#ifdef __WIN32
#include <windows.h>

DWORD WINAPI Start()
{
Expand All @@ -19,10 +20,8 @@ BOOL WINAPI DllMain(
// Initialize once for each new process.
// Return FALSE to fail DLL load.
{
// {{if .Config.IsSharedLib}}
HANDLE hThread = CreateThread(NULL, 0, Start, NULL, 0, NULL);
// CreateThread() because otherwise DllMain() is highly likely to deadlock.
// {{end}}
}
break;
case DLL_PROCESS_DETACH:
Expand Down
6 changes: 3 additions & 3 deletions server/generate/binaries.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,12 @@ var (
},
"darwin": {
"windows": {
"386": "/usr/local/bin/i686-w64-mingw32-gcc",
"amd64": "/usr/local/bin/x86_64-w64-mingw32-gcc",
"386": "/opt/homebrew/bin/i686-w64-mingw32-gcc",
"amd64": "/opt/homebrew/bin/x86_64-w64-mingw32-gcc",
},
"linux": {
// brew install FiloSottile/musl-cross/musl-cross
"amd64": "/usr/local/bin/x86_64-linux-musl-gcc",
"amd64": "/opt/homebrew/bin/x86_64-linux-musl-gcc",
},
},
}
Expand Down
4 changes: 1 addition & 3 deletions server/generate/canaries.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,7 @@ func (g *CanaryGenerator) GenerateCanary() string {
index := insecureRand.Intn(len(g.ParentDomains))

parentDomain := g.ParentDomains[index]
if strings.HasPrefix(parentDomain, ".") {
parentDomain = parentDomain[1:]
}
parentDomain = strings.TrimPrefix(parentDomain, ".")
if !strings.HasSuffix(parentDomain, ".") {
parentDomain += "." // Ensure we have the FQDN
}
Expand Down
16 changes: 16 additions & 0 deletions server/handlers/sessions.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,10 @@ func auditLogSession(session *core.Session, register *sliverpb.Register) {
// two handlers calls may race when a tunnel is quickly created and closed.
func tunnelDataHandler(implantConn *core.ImplantConnection, data []byte) *sliverpb.Envelope {
session := core.Sessions.FromImplantConnection(implantConn)
if session == nil {
sessionHandlerLog.Warnf("Received tunnel data from unknown session: %v", implantConn)
return nil
}
tunnelHandlerMutex.Lock()
defer tunnelHandlerMutex.Unlock()
tunnelData := &sliverpb.TunnelData{}
Expand All @@ -121,6 +125,10 @@ func tunnelDataHandler(implantConn *core.ImplantConnection, data []byte) *sliver

func tunnelCloseHandler(implantConn *core.ImplantConnection, data []byte) *sliverpb.Envelope {
session := core.Sessions.FromImplantConnection(implantConn)
if session == nil {
sessionHandlerLog.Warnf("Received tunnel close from unknown session: %v", implantConn)
return nil
}
tunnelHandlerMutex.Lock()
defer tunnelHandlerMutex.Unlock()

Expand All @@ -145,12 +153,20 @@ func tunnelCloseHandler(implantConn *core.ImplantConnection, data []byte) *slive

func pingHandler(implantConn *core.ImplantConnection, data []byte) *sliverpb.Envelope {
session := core.Sessions.FromImplantConnection(implantConn)
if session == nil {
sessionHandlerLog.Warnf("Received ping from unknown session: %v", implantConn)
return nil
}
sessionHandlerLog.Debugf("ping from session %s", session.ID)
return nil
}

func socksDataHandler(implantConn *core.ImplantConnection, data []byte) *sliverpb.Envelope {
session := core.Sessions.FromImplantConnection(implantConn)
if session == nil {
sessionHandlerLog.Warnf("Received socks data from unknown session: %v", implantConn)
return nil
}
tunnelHandlerMutex.Lock()
defer tunnelHandlerMutex.Unlock()
socksData := &sliverpb.SocksData{}
Expand Down
2 changes: 1 addition & 1 deletion server/rpc/rpc-kill.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"google.golang.org/protobuf/proto"
)

// Kill - Kill the implant proccess
func (rpc *Server) Kill(ctx context.Context, kill *sliverpb.KillReq) (*commonpb.Empty, error) {
var (
beacon *models.Beacon
Expand All @@ -49,7 +50,6 @@ func (rpc *Server) Kill(ctx context.Context, kill *sliverpb.KillReq) (*commonpb.
}

func (rpc *Server) killSession(kill *sliverpb.KillReq, session *core.Session) (*commonpb.Empty, error) {
core.Sessions.Remove(session.ID)
data, err := proto.Marshal(kill)
if err != nil {
return nil, err
Expand Down

0 comments on commit 646ef42

Please sign in to comment.