Only alert user when --in-process is not used.

BishopFox · Jan 3, 2023 · f48dfa0 · f48dfa0
1 parent 0bf19f5
commit f48dfa0
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/client/command/alias/load.go b/client/command/alias/load.go
@@ -280,8 +280,22 @@ func runAliasCommand(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	extArgs = strings.TrimSpace(extArgs)
 	entryPoint := aliasManifest.Entrypoint
 	processArgsStr := ctx.Flags.String("process-arguments")
+	// Special case for payloads with pass to Donut (.NET assemblies and sideloaded payloads):
+	// The Donut loader has a hard limit of 256 characters for the command line arguments, so
+	// we're alerting the user that the arguments will be truncated.
 	if len(extArgs) > 256 && (aliasManifest.IsAssembly || !aliasManifest.IsReflective) {
-		con.PrintWarnf(" Arguments are limited to 256 characters when using the default fork/exec model for .NET assemblies and non-reflective PE files.\nConsider using the --in-process flag to execute .NET assemblies in-process and work around this limitation.\n")
+		msgStr := ""
+		// The --in-process flag only exists for .NET assemblies (aliasManifest.IsAssembly == true).
+		// Groupping the two conditions together could crash the client since ctx.Flags.Type panics
+		// if the flag is not registered.
+		if aliasManifest.IsAssembly {
+			if !ctx.Flags.Bool("in-process") {
+				msgStr = " Arguments are limited to 256 characters when using the default fork/exec model for .NET assemblies.\nConsider using the --in-process flag to execute .NET assemblies in-process and work around this limitation.\n"
+			}
+		} else if !aliasManifest.IsReflective {
+			msgStr = " Arguments are limited to 256 characters when using the default fork/exec model for non-reflective PE payloads.\n"
+		}
+		con.PrintWarnf(msgStr)
 		confirm := false
 		prompt := &survey.Confirm{Message: "Do you want to continue?"}
 		survey.AskOne(prompt, &confirm, nil)

diff --git a/client/command/exec/execute-assembly.go b/client/command/exec/execute-assembly.go
@@ -60,14 +60,15 @@ func ExecuteAssemblyCmd(ctx *grumble.Context, con *console.SliverConsoleClient)
 	process := ctx.Flags.String("process")
 	processArgsStr := ctx.Flags.String("process-arguments")
 	processArgs := strings.Split(processArgsStr, " ")
+	inProcess := ctx.Flags.Bool("in-process")
 
 	runtime := ctx.Flags.String("runtime")
 	etwBypass := ctx.Flags.Bool("etw-bypass")
 	amsiBypass := ctx.Flags.Bool("amsi-bypass")
 
 	assemblyArgsStr := strings.Join(assemblyArgs, " ")
 	assemblyArgsStr = strings.TrimSpace(assemblyArgsStr)
-	if len(assemblyArgsStr) > 256 {
+	if len(assemblyArgsStr) > 256 && !inProcess {
 		con.PrintWarnf(" Injected .NET assembly arguments are limited to 256 characters when using the default fork/exec model.\nConsider using the --in-process flag to execute the .NET assembly in-process and work around this limitation.\n")
 		confirm := false
 		prompt := &survey.Confirm{Message: "Do you want to continue?"}
@@ -94,7 +95,7 @@ func ExecuteAssemblyCmd(ctx *grumble.Context, con *console.SliverConsoleClient)
 		Runtime:     runtime,
 		EtwBypass:   etwBypass,
 		AmsiBypass:  amsiBypass,
-		InProcess:   ctx.Flags.Bool("in-process"),
+		InProcess:   inProcess,
 	})
 	ctrl <- true
 	<-ctrl