Skip to content

Commit

Permalink
Merge pull request #760 from BishopFox/fix/loot-nil-deref
Browse files Browse the repository at this point in the history
Check for nil pointer before using loot.File
  • Loading branch information
rkervella authored Jul 22, 2022
2 parents f2da771 + 57fe465 commit d94c596
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 7 deletions.
18 changes: 14 additions & 4 deletions client/command/loot/add-credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,20 @@ func LootAddCredentialCmd(ctx *grumble.Context, con *console.SliverConsoleClient
switch credType {
case clientpb.CredentialType_USER_PASSWORD.String():
loot.CredentialType = clientpb.CredentialType_USER_PASSWORD
usernamePrompt := &survey.Input{Message: "Username: "}
survey.AskOne(usernamePrompt, &loot.Credential.User)
passwordPrompt := &survey.Input{Message: "Password: "}
survey.AskOne(passwordPrompt, &loot.Credential.Password)
for loot.Credential.User == "" {
usernamePrompt := &survey.Input{Message: "Username: "}
survey.AskOne(usernamePrompt, &loot.Credential.User)
if loot.Credential.User == "" {
con.Println("Username is required")
}
}
for loot.Credential.Password == "" {
passwordPrompt := &survey.Input{Message: "Password: "}
survey.AskOne(passwordPrompt, &loot.Credential.Password)
if loot.Credential.Password == "" {
con.Println("Password is required")
}
}
case clientpb.CredentialType_API_KEY.String():
loot.CredentialType = clientpb.CredentialType_API_KEY
usernamePrompt := &survey.Input{Message: "API Key: "}
Expand Down
8 changes: 6 additions & 2 deletions client/command/loot/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,10 +176,14 @@ func SelectLoot(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) (*clientpb.Loot
buf := bytes.NewBufferString("")
table := tabwriter.NewWriter(buf, 0, 2, 2, ' ', 0)
for _, loot := range allLoot.Loot {
if loot.Name == loot.File.Name {
filename := ""
if loot.File != nil {
filename = loot.File.Name
}
if loot.Name == filename {
fmt.Fprintf(table, "%s\t%s\t%s\t\n", loot.Name, loot.Type, loot.LootID)
} else {
fmt.Fprintf(table, "%s\t%s\t%s\t%s\t\n", loot.Name, loot.File.Name, loot.Type, loot.LootID)
fmt.Fprintf(table, "%s\t%s\t%s\t%s\t\n", loot.Name, filename, loot.Type, loot.LootID)
}
}
table.Flush()
Expand Down
7 changes: 6 additions & 1 deletion client/command/loot/loot.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,13 @@ func PrintAllLootTable(stdout io.Writer, allLoot *clientpb.AllLoot) {
strings.Repeat("=", len("File Name")),
strings.Repeat("=", len("UUID")),
)

for _, loot := range allLoot.Loot {
fmt.Fprintf(table, "%s\t%s\t%s\t%s\t\n", lootTypeToStr(loot.Type), loot.Name, loot.File.Name, loot.LootID)
filename := ""
if loot.File != nil {
filename = loot.File.Name
}
fmt.Fprintf(table, "%s\t%s\t%s\t%s\t\n", lootTypeToStr(loot.Type), loot.Name, filename, loot.LootID)
}

table.Flush()
Expand Down

0 comments on commit d94c596

Please sign in to comment.