Merge pull request #787 from BishopFox/feature/stage-encryption

Fix stage encryption and add zlib compression option

client/command/commands.go

@@ -478,7 +478,8 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("k", "key", "", "path to PEM encoded private key file (HTTPS only)")
 			f.Bool("e", "lets-encrypt", false, "attempt to provision a let's encrypt certificate (HTTPS only)")
 			f.StringL("aes-encrypt-key", "", "encrypt stage with AES encryption key")
-			f.StringL("aes-encrypt-iv", "", "encrypt stage with AES encyption iv")
+			f.StringL("aes-encrypt-iv", "", "encrypt stage with AES encryption iv")
+			f.String("C", "compress", "none", "compress the stage before encrypting (zlib, gzip, deflate9, none)")
 		},
 		Run: func(ctx *grumble.Context) error {
 			con.Println()

client/command/jobs/stage.go

@@ -19,9 +19,12 @@ package jobs
 */
 
 import (
+	"bytes"
+	"compress/zlib"
 	"context"
 	"net/url"
 	"strconv"
+	"strings"
 
 	"github.com/bishopfox/sliver/client/command/generate"
 	"github.com/bishopfox/sliver/client/console"
@@ -36,6 +39,7 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	listenerURL := ctx.Flags.String("url")
 	aesEncryptKey := ctx.Flags.String("aes-encrypt-key")
 	aesEncryptIv := ctx.Flags.String("aes-encrypt-iv")
+	compress := strings.ToLower(ctx.Flags.String("compress"))
 
 	if profileName == "" || listenerURL == "" {
 		con.PrintErrorf("Missing required flags, see `help stage-listener` for more info\n")
@@ -75,7 +79,7 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 
 		// check if aes iv is correct length
 		if len(aesEncryptIv)%16 != 0 {
-			con.PrintErrorf("Incorect length of AES IV\n")
+			con.PrintErrorf("Incorrect length of AES IV\n")
 			return
 		}
 
@@ -88,7 +92,26 @@ func StageListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		return
 	}
 
+	switch compress {
+	case "zlib":
+		// use zlib to compress the stage2
+		var compBuff bytes.Buffer
+		zlibWriter := zlib.NewWriter(&compBuff)
+		zlibWriter.Write(stage2)
+		zlibWriter.Close()
+		stage2 = compBuff.Bytes()
+	case "gzip":
+		stage2 = util.GzipBuf(stage2)
+	case "deflate9":
+		fallthrough
+	case "deflate":
+		stage2 = util.DeflateBuf(stage2)
+	}
+
 	if aesEncrypt {
+		// PreludeEncrypt is vanilla AES, we typically only use it for interoperability with Prelude
+		// but it's also useful here as more advanced cipher modes are often difficult to implement in
+		// a stager.
 		stage2 = util.PreludeEncrypt(stage2, []byte(aesEncryptKey), []byte(aesEncryptIv))
 	}
 

util/cryptography.go

@@ -41,6 +41,9 @@ func PreludeEncrypt(data []byte, key []byte, iv []byte) []byte {
 		if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 			return make([]byte, 0)
 		}
+	} else {
+		// make sure we copy the IV
+		copy(cipherText[:aes.BlockSize], iv)
 	}
 	mode := cipher.NewCBCEncrypter(block, iv)
 	mode.CryptBlocks(cipherText[aes.BlockSize:], plainText)

util/files.go

@@ -21,6 +21,7 @@ package util
 import (
 	"archive/tar"
 	"bytes"
+	"compress/flate"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -46,6 +47,15 @@ func GunzipBuf(data []byte) []byte {
 	return buf.Bytes()
 }
 
+// DeflateBuf - Deflate a buffer using BestCompression (9)
+func DeflateBuf(data []byte) []byte {
+	var buf bytes.Buffer
+	flateWriter, _ := flate.NewWriter(&buf, flate.BestCompression)
+	flateWriter.Write(data)
+	flateWriter.Close()
+	return buf.Bytes()
+}
+
 // ChmodR - Recursively chmod
 func ChmodR(path string, filePerm, dirPerm os.FileMode) error {
 	return filepath.Walk(path, func(name string, info os.FileInfo, err error) error {