Merge branch 'master' into jarmy

Signed-off-by: Joe <875022+moloch--@users.noreply.github.com>
BishopFox · Sep 20, 2022 · 9c109bd · 9c109bd
2 parents afd0b08 + e5ca995
commit 9c109bd
Show file tree

Hide file tree

Showing 84 changed files with 4,373 additions and 211 deletions.
diff --git a/client/command/commands.go b/client/command/commands.go
@@ -484,6 +484,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.StringL("aes-encrypt-key", "", "encrypt stage with AES encryption key")
 			f.StringL("aes-encrypt-iv", "", "encrypt stage with AES encryption iv")
 			f.String("C", "compress", "none", "compress the stage before encrypting (zlib, gzip, deflate9, none)")
+			f.Bool("P", "prepend-size", false, "prepend the size of the stage to the payload (to use with MSF stagers)")
 		},
 		Run: func(ctx *grumble.Context) error {
 			con.Println()

diff --git a/client/command/jobs/stage.go b/client/command/jobs/stage.go
@@ -22,6 +22,7 @@ import (
 	"bytes"
 	"compress/zlib"
 	"context"
+	"encoding/binary"
 	"net/url"
 	"strconv"
 	"strings"
@@ -39,6 +40,7 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	listenerURL := ctx.Flags.String("url")
 	aesEncryptKey := ctx.Flags.String("aes-encrypt-key")
 	aesEncryptIv := ctx.Flags.String("aes-encrypt-iv")
+	prependSize := ctx.Flags.Bool("prepend-size")
 	compress := strings.ToLower(ctx.Flags.String("compress"))
 
 	if profileName == "" || listenerURL == "" {
@@ -117,6 +119,9 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 
 	switch stagingURL.Scheme {
 	case "http":
+		if prependSize {
+			stage2 = prependPayloadSize(stage2)
+		}
 		ctrl := make(chan bool)
 		con.SpinUntil("Starting HTTP staging listener...", ctrl)
 		stageListener, err := con.Rpc.StartHTTPStagerListener(context.Background(), &clientpb.StagerListenerReq{
@@ -133,6 +138,9 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		}
 		con.PrintInfof("Job %d (http) started\n", stageListener.GetJobID())
 	case "https":
+		if prependSize {
+			stage2 = prependPayloadSize(stage2)
+		}
 		cert, key, err := getLocalCertificatePair(ctx)
 		if err != nil {
 			con.Println()
@@ -158,6 +166,8 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		}
 		con.PrintInfof("Job %d (https) started\n", stageListener.GetJobID())
 	case "tcp":
+		// Always prepend payload size for TCP stagers
+		stage2 = prependPayloadSize(stage2)
 		ctrl := make(chan bool)
 		con.SpinUntil("Starting TCP staging listener...", ctrl)
 		stageListener, err := con.Rpc.StartTCPStagerListener(context.Background(), &clientpb.StagerListenerReq{
@@ -184,3 +194,10 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		con.PrintInfof("AES IV: %v\n", aesEncryptIv)
 	}
 }
+
+func prependPayloadSize(payload []byte) []byte {
+	payloadSize := uint32(len(payload))
+	lenBuf := make([]byte, 4)
+	binary.LittleEndian.PutUint32(lenBuf, payloadSize)
+	return append(lenBuf, payload...)
+}
diff --git a/go.mod b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/gofrs/uuid v4.3.0+incompatible
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
-	github.com/grpc-ecosystem/go-grpc-middleware v1.2.2
+	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/jedib0t/go-pretty/v6 v6.3.8
 	github.com/kbinani/screenshot v0.0.0-20191211154542-3a185f1ce18f
 	github.com/lesnuages/go-winio v0.4.19
@@ -34,7 +34,7 @@ require (
 	github.com/onsi/ginkgo v1.12.1
 	github.com/onsi/gomega v1.10.0
 	github.com/pquerna/otp v1.3.0
-	github.com/shirou/gopsutil/v3 v3.21.10
+	github.com/shirou/gopsutil/v3 v3.22.8
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/stretchr/testify v1.8.0
@@ -61,7 +61,6 @@ require (
 	github.com/Binject/shellcode v0.0.0-20191101084904-a8a90e7d4563 // indirect
 	github.com/BurntSushi/xgb v0.0.0-20201008132610-5f9e7b3c49cd // indirect
 	github.com/Microsoft/go-winio v0.5.1 // indirect
-	github.com/StackExchange/wmi v1.2.1 // indirect
 	github.com/VirusTotal/vt-go v0.0.0-20210528074736-45bbe34cc8ab // indirect
 	github.com/VividCortex/ewma v1.1.1 // indirect
 	github.com/awgh/cppgo v0.0.0-20210224085512-3d24bca8edc0 // indirect
@@ -106,17 +105,18 @@ require (
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/nxadm/tail v1.4.4 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/thedevsaddam/gojsonq/v2 v2.5.2 // indirect
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	golang.org/x/mod v0.5.1 // indirect
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
 	golang.org/x/tools v0.1.9 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
 	google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f // indirect
-	google.golang.org/grpc/examples v0.0.0-20210910232509-03268c8ed29e // indirect
 	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect