Simple Hello-World BOF crashes beacon #794
Comments
|
Are you running a beacon or a session? |
|
Hey @rkervella, thanks for looking into it! I'm running a session. Maybe it is related to: #679 To clarify a little bit more: If I just run the BOF once on a session it works without problems. But if I execute it multiple times (right after another) the session crashes. |
|
Yup I've seen that happens with other BOFs, as stated in #679. I'll have a look. I looked at your BOF, it seems fine so it's definitely a bug on our side. |
|
The annoying part is I can't seem to be able to reproduce: [server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World
[server] sliver (TIRED_BUSTLE) > say-hello
[*] Successfully executed say-hello (coff-loader)
[*] Got output:
Hello World |
rkervella
added
bug
|
Interesting... You have used my Makefile with mingw I guess? Is there any information/log when executing BOFs? Like a stack trace or any information that helps debugging once a session/beacon crashes? |
|
Yes, if you generate your implant with |
|
sa-uptime and sa-resources when in beacon mode are consistent in eventually crashing for me |
Only in beacon mode though? |
|
For me, MOST of the instability / crashing seems to go away in session mode. Occasionally I can get those same BOFs to hang forever in session mode if I up arrow + enter really fast. |
|
Hurm, i wonder if its some race condition in the invocation? |
|
Yeah definitely looks like it |
|
What's really weird now is that since I have created an implant with
So I thought there was an issue with the old implant, but when I created a new implant (v1.5.22) without
I didn't look into the code yet to see whether the debug flag really contributes to the issue. |
|
Hm that's good to know. I'll run more tests with obfuscation enabled, see if crashes. If so, it could also be an issue with garble. |
|
I haven’t tried recently to build one using the —debug flag. Not with Golang, but with C - I’ve definitely seen things where the debug version magically saved crashes from happening that the exact same code in “release” form would cause it to fall on its face. |
|
Alright I can reproduce with obfuscation enabled. |
I'm having issues creating a simple BOF that does not crash the beacon.
Here is the source code:
/~https://github.com/1mansh0w/sliver-bof-hello-world
Here is how I load it:
When I now execute the BOF only once it always runs fine, but executing it a couple of more times will always crash the beacon. The client will just show this message and the session is lost:
"Executing say-hello ..."Am I doing something wrong or is there a bug in sliver?
Thanks!
I'm running the latest version of Sliver (v1.5.22) on both client and server. I'm cross-compiling the BOF on Ubuntu.
The text was updated successfully, but these errors were encountered: