Merge pull request #473 from BishopFox/fix/dns

Fixed issue #436 and standardized on --lhost/-L for all listener cmds
BishopFox · Jul 19, 2021 · 6c62dfb · 6c62dfb
2 parents 35d692b + 76cd61a
commit 6c62dfb
Show file tree

Hide file tree

Showing 13 changed files with 347 additions and 327 deletions.
diff --git a/client/command/commands.go b/client/command/commands.go
@@ -149,7 +149,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Help:     "Start an mTLS listener",
 		LongHelp: help.GetHelpFor([]string{consts.MtlsStr}),
 		Flags: func(f *grumble.Flags) {
-			f.String("s", "server", "", "interface to bind server to")
+			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultMTLSLPort, "tcp listen port")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
@@ -169,6 +169,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Help:     "Start a WireGuard listener",
 		LongHelp: help.GetHelpFor([]string{consts.WGStr}),
 		Flags: func(f *grumble.Flags) {
+			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultWGLPort, "udp listen port")
 			f.Int("n", "nport", generate.DefaultWGNPort, "virtual tun interface listen port")
 			f.Int("x", "key-port", generate.DefaultWGKeyExPort, "virtual tun interface key exchange port")
@@ -191,6 +192,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("d", "domains", "", "parent domain(s) to use for DNS c2")
 			f.Bool("c", "no-canaries", false, "disable dns canary detection")
+			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultDNSLPort, "udp listen port")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
@@ -212,6 +214,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("d", "domain", "", "limit responses to specific domain")
 			f.String("w", "website", "", "website name (see websites cmd)")
+			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultHTTPLPort, "tcp listen port")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
@@ -233,6 +236,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("d", "domain", "", "limit responses to specific domain")
 			f.String("w", "website", "", "website name (see websites cmd)")
+			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultHTTPSLPort, "tcp listen port")
 
 			f.String("c", "cert", "", "PEM encoded certificate file")
@@ -675,7 +679,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		LongHelp: help.GetHelpFor([]string{consts.MsfStr}),
 		Flags: func(f *grumble.Flags) {
 			f.String("m", "payload", "meterpreter_reverse_https", "msf payload")
-			f.String("o", "lhost", "", "listen host")
+			f.String("L", "lhost", "", "listen host")
 			f.Int("l", "lport", 4444, "listen port")
 			f.String("e", "encoder", "", "msf encoder")
 			f.Int("i", "iterations", 1, "iterations of the encoder")
@@ -698,7 +702,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.Int("p", "pid", -1, "pid to inject into")
 			f.String("m", "payload", "meterpreter_reverse_https", "msf payload")
-			f.String("o", "lhost", "", "listen host")
+			f.String("L", "lhost", "", "listen host")
 			f.Int("l", "lport", 4444, "listen port")
 			f.String("e", "encoder", "", "msf encoder")
 			f.Int("i", "iterations", 1, "iterations of the encoder")
@@ -819,8 +823,8 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("o", "os", "windows", "operating system")
 			f.String("a", "arch", "amd64", "cpu architecture")
-			f.String("l", "lhost", "", "Listening host")
-			f.Int("p", "lport", 8443, "Listening port")
+			f.String("L", "lhost", "", "Listening host")
+			f.Int("l", "lport", 8443, "Listening port")
 			f.String("r", "protocol", "tcp", "Staging protocol (tcp/http/https)")
 			f.String("f", "format", "raw", "Output format (msfvenom formats, see `help generate stager` for the list)")
 			f.String("b", "badchars", "", "bytes to exclude from stage shellcode")

diff --git a/client/command/jobs/dns.go b/client/command/jobs/dns.go
@@ -37,11 +37,13 @@ func DNSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		}
 	}
 
+	lhost := ctx.Flags.String("lhost")
 	lport := uint16(ctx.Flags.Int("lport"))
 
 	con.PrintInfof("Starting DNS listener with parent domain(s) %v ...\n", domains)
 	dns, err := con.Rpc.StartDNSListener(context.Background(), &clientpb.DNSListenerReq{
 		Domains:    domains,
+		Host:       lhost,
 		Port:       uint32(lport),
 		Canaries:   !ctx.Flags.Bool("no-canaries"),
 		Persistent: ctx.Flags.Bool("persistent"),

diff --git a/client/command/jobs/http.go b/client/command/jobs/http.go
@@ -29,12 +29,14 @@ import (
 // HTTPListenerCmd - Start an HTTP listener
 func HTTPListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	domain := ctx.Flags.String("domain")
+	lhost := ctx.Flags.String("lhost")
 	lport := uint16(ctx.Flags.Int("lport"))
 
 	con.PrintInfof("Starting HTTP %s:%d listener ...\n", domain, lport)
 	http, err := con.Rpc.StartHTTPListener(context.Background(), &clientpb.HTTPListenerReq{
 		Domain:     domain,
 		Website:    ctx.Flags.String("website"),
+		Host:       lhost,
 		Port:       uint32(lport),
 		Secure:     false,
 		Persistent: ctx.Flags.Bool("persistent"),

diff --git a/client/command/jobs/https.go b/client/command/jobs/https.go
@@ -31,6 +31,7 @@ import (
 func HTTPSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	domain := ctx.Flags.String("domain")
 	website := ctx.Flags.String("website")
+	lhost := ctx.Flags.String("lhost")
 	lport := uint16(ctx.Flags.Int("lport"))
 
 	cert, key, err := getLocalCertificatePair(ctx)
@@ -44,6 +45,7 @@ func HTTPSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	https, err := con.Rpc.StartHTTPSListener(context.Background(), &clientpb.HTTPListenerReq{
 		Domain:     domain,
 		Website:    website,
+		Host:       lhost,
 		Port:       uint32(lport),
 		Secure:     true,
 		Cert:       cert,

diff --git a/client/command/jobs/mtls.go b/client/command/jobs/mtls.go
@@ -28,12 +28,12 @@ import (
 
 // MTLSListenerCmd - Start an mTLS listener
 func MTLSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
-	server := ctx.Flags.String("server")
+	lhost := ctx.Flags.String("lhost")
 	lport := uint16(ctx.Flags.Int("lport"))
 
 	con.PrintInfof("Starting mTLS listener ...\n")
 	mtls, err := con.Rpc.StartMTLSListener(context.Background(), &clientpb.MTLSListenerReq{
-		Host:       server,
+		Host:       lhost,
 		Port:       uint32(lport),
 		Persistent: ctx.Flags.Bool("persistent"),
 	})