Merge branch 'master' into go-donut

.github/codeql/codeql-config.yml

@@ -0,0 +1,5 @@
+name: "CodeQL Security Checks"
+
+queries:
+  - name: Security and Quality
+    uses: security-extended

.github/workflows/codeql-scanning.yml

@@ -0,0 +1,89 @@
+name: "Code Scanning"
+
+on:
+  push:
+    branches:
+      - test/*
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  CodeQL-Build:
+    name: CodeQL Security Scan
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+    runs-on: ubuntu-latest
+
+    steps:
+
+      # Setup go environment
+      - name: Go 1.15
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.15
+        id: go
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          # Must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head of the pull request.
+          # Only include this option if you are running this workflow on pull requests.
+          if: ${{ github.event_name == 'pull_request' }}
+          fetch-depth: 2
+
+      # If this run was triggered by a pull request event then checkout
+      # the head of the pull request instead of the merge commit.
+      # Only include this step if you are running this workflow on pull requests.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
+
+      - name: OS Packages 
+        run: |
+          sudo apt-get update --fix-missing && sudo apt-get -y install \
+          git build-essential zlib1g zlib1g-dev wget zip unzip \
+          mingw-w64 binutils-mingw-w64 g++-mingw-w64
+
+      - name: Protoc
+        env:
+          PROTOC_VER: 3.11.4
+        run: |
+          wget -O protoc-${PROTOC_VER}-linux-x86_64.zip https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VER}/protoc-${PROTOC_VER}-linux-x86_64.zip \
+          && unzip protoc-${PROTOC_VER}-linux-x86_64.zip \
+          && sudo cp -vv ./bin/protoc /usr/local/bin/protoc
+
+      - name: Protoc-gen-go
+        env:
+          PROTOC_GEN_GO_VER: 1.3.5
+        run: |
+          wget -O protoc-gen-go.tar.gz https://github.com/golang/protobuf/archive/v${PROTOC_GEN_GO_VER}.tar.gz \
+          && tar xvf protoc-gen-go.tar.gz \
+          && cd protobuf-${PROTOC_GEN_GO_VER} \
+          && make install
+
+      - name: Packr
+        run: go get -u github.com/gobuffalo/packr/packr
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Go Assets
+        run: ./go-assets.sh
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          config-file: ./.github/codeql/codeql-config.yml
+          languages: go 
+
+      # Setup os PATH to include protoc-gen-go and packr
+      - name: Update PATH
+        run: echo "/home/runner/go/bin/" >> $GITHUB_PATH
+
+      # Build the server ... is this necessary though?
+      - run: |
+         make linux
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/go.yml

@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - name: Go 1.14
+    - name: Go 1.15
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.15
       id: go
 
     - name: OS Packages 
@@ -54,6 +54,9 @@ jobs:
 
     - name: Make
       run: export PATH=/home/runner/go/bin/:$PATH && make static-linux
+
+    - name: Update PATH
+      run: echo "/home/runner/go/bin/" >> $GITHUB_PATH
 
     - name: Test
       run: ./sliver-server unpack --force && ./go-tests.sh
@@ -78,10 +81,10 @@ jobs:
     runs-on: macos-latest
     steps:
 
-    - name: Go 1.14
+    - name: Go 1.15
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.15
       id: go
 
     - name: Mingw
@@ -115,6 +118,9 @@ jobs:
 
     - name: Make
       run: export PATH=/Users/runner/go/bin/:$PATH && make static-macos
+
+    - name: Update PATH
+      run: echo "/home/runner/go/bin/" >> $GITHUB_PATH
 
     - name: Test
       env:
@@ -155,4 +161,4 @@ jobs:
         path: sliver-server
 
     - name: CI Tests
-      run: ts-node ./index.ts
+      run: ts-node ./index.ts

CONTRIBUTING.md

@@ -6,6 +6,7 @@ Contributing to Sliver
 * Contributions to core code must be GPLv3 (but not libraries)
 * If you'd like to work on a feature, please open a ticket and assign it to yourself
 * Changes should be made in a new branch
+* Commits [must be signed](https://docs.github.com/en/github/authenticating-to-github/signing-commits) for any PR to master
 * Please provide meaningful commit messages
 * Ensure code passes existing unit tests, or provide updated test(s)
 * `gofmt` your code

Makefile

@@ -26,7 +26,7 @@ endif
 #
 # Version Information
 #
-VERSION = 1.0.7
+VERSION = 1.0.9
 COMPILED_AT = $(shell date +%s)
 RELEASES_URL = https://api.github.com/repos/BishopFox/sliver/releases
 PKG = github.com/bishopfox/sliver/client/version

client/command/bind-commands.go

@@ -126,6 +126,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Int("l", "lport", defaultMTLSLPort, "tcp listen port")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.Bool("p", "persistent", false, "make persistent across restarts")
 		},
 		Run: func(ctx *grumble.Context) error {
 			fmt.Println()
@@ -145,6 +146,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Bool("c", "no-canaries", false, "disable dns canary detection")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.Bool("p", "persistent", false, "make persistent across restarts")
 		},
 		Run: func(ctx *grumble.Context) error {
 			fmt.Println()
@@ -165,6 +167,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Int("l", "lport", defaultHTTPLPort, "tcp listen port")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.Bool("p", "persistent", false, "make persistent across restarts")
 		},
 		Run: func(ctx *grumble.Context) error {
 			fmt.Println()
@@ -190,6 +193,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Bool("e", "lets-encrypt", false, "attempt to provision a let's encrypt certificate")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.Bool("p", "persistent", false, "make persistent across restarts")
 		},
 		Run: func(ctx *grumble.Context) error {
 			fmt.Println()
@@ -352,6 +356,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("o", "os", "windows", "operating system")
 			f.String("a", "arch", "amd64", "cpu architecture")
+			f.String("n", "name", "", "agent name")
 			f.Bool("d", "debug", false, "enable debug features")
 			f.Bool("e", "evasion", false, "enable evasion features")
 			f.Bool("b", "skip-symbols", false, "skip symbol obfuscation")
@@ -371,6 +376,7 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Bool("x", "limit-domainjoined", false, "limit execution to domain joined machines")
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
+			f.String("f", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
 
 			f.String("r", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 
@@ -457,10 +463,11 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			f.Bool("x", "limit-domainjoined", false, "limit execution to domain joined machines")
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
+			f.String("f", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
 
 			f.String("r", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 
-			f.String("p", "name", "", "profile name")
+			f.String("p", "profile-name", "", "profile name")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
@@ -1241,4 +1248,20 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 			return nil
 		},
 	})
+
+	app.AddCommand(&grumble.Command{
+		Name:     consts.SetStr,
+		Help:     "Set agent option",
+		LongHelp: help.GetHelpFor(consts.SetStr),
+		Flags: func(f *grumble.Flags) {
+			f.String("n", "name", "", "agent name to change to")
+		},
+		Run: func(ctx *grumble.Context) error {
+			fmt.Println()
+			setCmd(ctx, rpc)
+			fmt.Println()
+			return nil
+		},
+		HelpGroup: consts.SliverHelpGroup,
+	})
 }

client/command/generate.go

@@ -29,6 +29,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"regexp"
 	"strings"
 	"text/tabwriter"
 
@@ -40,6 +41,7 @@ import (
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/rpcpb"
+	server "github.com/bishopfox/sliver/server/generate"
 	"github.com/desertbit/grumble"
 )
 
@@ -232,9 +234,35 @@ func generateStager(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 
 // Shared function that extracts the compile flags from the grumble context
 func parseCompileFlags(ctx *grumble.Context) *clientpb.ImplantConfig {
+	var name string
 	targetOS := strings.ToLower(ctx.Flags.String("os"))
 	arch := strings.ToLower(ctx.Flags.String("arch"))
 
+	if ctx.Flags["name"] != nil {
+		name = strings.ToLower(ctx.Flags.String("name"))
+
+		if name != "" {
+			isAlphanumeric := regexp.MustCompile(`^[[:alnum:]]+$`).MatchString
+			if !isAlphanumeric(name) {
+				fmt.Printf(Warn + "Agent's name must be in alphanumeric only\n")
+				return nil
+			}
+
+			sliversDir := server.GetSliversDir() // ~/.sliver/slivers
+			projectGoPathDir := path.Join(sliversDir, targetOS, arch, name)
+
+			if _, err := os.Stat(projectGoPathDir); !os.IsNotExist(err) {
+				prompt := &survey.Confirm{Message: "Agent already exists with this name. Overwrite existing file?"}
+				var confirm bool
+				survey.AskOne(prompt, &confirm)
+				if !confirm {
+					fmt.Printf(Warn + "File exists\n")
+					return nil
+				}
+			}
+		}
+	}
+
 	c2s := []*clientpb.ImplantC2{}
 
 	mtlsC2 := parseMTLSc2(ctx.Flags.String("mtls"))
@@ -282,6 +310,7 @@ func parseCompileFlags(ctx *grumble.Context) *clientpb.ImplantConfig {
 	limitHostname := ctx.Flags.String("limit-hostname")
 	limitUsername := ctx.Flags.String("limit-username")
 	limitDatetime := ctx.Flags.String("limit-datetime")
+	limitFileExists := ctx.Flags.String("limit-fileexists")
 
 	isSharedLib := false
 	isService := false
@@ -330,6 +359,7 @@ func parseCompileFlags(ctx *grumble.Context) *clientpb.ImplantConfig {
 	config := &clientpb.ImplantConfig{
 		GOOS:             targetOS,
 		GOARCH:           arch,
+		Name:             name,
 		Debug:            ctx.Flags.Bool("debug"),
 		Evasion:          ctx.Flags.Bool("evasion"),
 		ObfuscateSymbols: symbolObfuscation,
@@ -343,6 +373,7 @@ func parseCompileFlags(ctx *grumble.Context) *clientpb.ImplantConfig {
 		LimitHostname:     limitHostname,
 		LimitUsername:     limitUsername,
 		LimitDatetime:     limitDatetime,
+		LimitFileExists:   limitFileExists,
 
 		Format:      configFormat,
 		IsSharedLib: isSharedLib,
@@ -612,11 +643,14 @@ func getLimitsString(config *clientpb.ImplantConfig) string {
 	if config.LimitHostname != "" {
 		limits = append(limits, fmt.Sprintf("hostname=%s", config.LimitHostname))
 	}
+	if config.LimitFileExists != "" {
+		limits = append(limits, fmt.Sprintf("fileexists=%s", config.LimitFileExists))
+	}
 	return strings.Join(limits, "; ")
 }
 
 func newProfile(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
-	name := ctx.Flags.String("name")
+	name := ctx.Flags.String("profile-name")
 	if name == "" {
 		fmt.Printf(Warn + "Invalid profile name\n")
 		return