Merge branch 'master' into go-donut

BishopFox · Mar 8, 2021 · b56397b · b56397b
2 parents bebacb4 + a37846c
commit b56397b
Show file tree

Hide file tree

Showing 14 changed files with 171 additions and 64 deletions.
diff --git a/client/command/bind-commands.go b/client/command/bind-commands.go
@@ -1394,6 +1394,23 @@ func BindCommands(app *grumble.App, rpc rpcpb.SliverRPCClient) {
 		HelpGroup: consts.GenericHelpGroup,
 	})
 
+	app.AddCommand(&grumble.Command{
+		Name:      consts.SetEnvStr,
+		Help:      "Set environment variables",
+		LongHelp:  help.GetHelpFor(consts.SetEnvStr),
+		AllowArgs: true,
+		Flags: func(f *grumble.Flags) {
+			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+		},
+		Run: func(ctx *grumble.Context) error {
+			fmt.Println()
+			setEnv(ctx, rpc)
+			fmt.Println()
+			return nil
+		},
+		HelpGroup: consts.GenericHelpGroup,
+	})
+
 	app.AddCommand(&grumble.Command{
 		Name:     consts.LicensesStr,
 		Help:     "Open source licenses",

diff --git a/client/command/env.go b/client/command/env.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/rpcpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
 	"github.com/desertbit/grumble"
@@ -34,3 +35,35 @@ func getEnv(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 		fmt.Printf("%s=%s\n", envVar.Key, envVar.Value)
 	}
 }
+
+func setEnv(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
+	session := ActiveSession.Get()
+	if session == nil {
+		return
+	}
+
+	if len(ctx.Args) != 2 {
+		fmt.Printf(Warn + "Usage: setenv KEY VALUE\n")
+		return
+	}
+
+	name := ctx.Args[0]
+	value := ctx.Args[1]
+
+	envInfo, err := rpc.SetEnv(context.Background(), &sliverpb.SetEnvReq{
+		Variable: &commonpb.EnvVar{
+			Key:   name,
+			Value: value,
+		},
+		Request: ActiveSession.Request(ctx),
+	})
+	if err != nil {
+		fmt.Printf(Warn+"Error: %v", err)
+		return
+	}
+	if envInfo.Response != nil && envInfo.Response.Err != "" {
+		fmt.Printf(Warn+"Error: %s", envInfo.Response.Err)
+		return
+	}
+	fmt.Printf(Info+"set %s to %s\n", name, value)
+}
diff --git a/client/constants/constants.go b/client/constants/constants.go
@@ -147,6 +147,7 @@ const (
 	BackdoorStr   = "backdoor"
 	MakeTokenStr  = "make-token"
 	GetEnvStr     = "getenv"
+	SetEnvStr     = "setenv"
 
 	LicensesStr = "licenses"
 )

diff --git a/client/help/console-help.go b/client/help/console-help.go
@@ -72,6 +72,7 @@ var (
 		consts.ScreenshotStr: screenshotHelp,
 		consts.MakeTokenStr:  makeTokenHelp,
 		consts.GetEnvStr:     getEnvHelp,
+		consts.SetEnvStr:     setEnvHelp,
 	}
 
 	jobsHelp = `[[.Bold]]Command:[[.Normal]] jobs <options>
@@ -393,6 +394,10 @@ The [[.Bold]]psexec[[.Normal]] command will use the credentials of the Windows u
 [[.Bold]]About:[[.Normal]] Retrieve the environment variables for the current session. If no variable name is provided, lists all the environment variables.
 [[.Bold]]Example:[[.Normal]] getenv SHELL
 	`
+	setEnvHelp = `[[.Bold]]Command:[[.Normal]] setenv [name]
+[[.Bold]]About:[[.Normal]] Set an environment variable in the current process.
+[[.Bold]]Example:[[.Normal]] setenv SHELL /bin/bash
+	`
 )
 
 const (

diff --git a/implant/sliver/handlers/handlers.go b/implant/sliver/handlers/handlers.go
@@ -27,6 +27,7 @@ import (
 	"io"
 	"io/ioutil"
 	"os/exec"
+	"strings"
 
 	// {{if .Config.Debug}}
 	"log"
@@ -373,6 +374,60 @@ func executeHandler(data []byte, resp RPCResponse) {
 	resp(data, err)
 }
 
+func getEnvHandler(data []byte, resp RPCResponse) {
+	envReq := &sliverpb.EnvReq{}
+	err := proto.Unmarshal(data, envReq)
+	if err != nil {
+		// {{if .Config.Debug}}
+		log.Printf("error decoding message: %v\n", err)
+		// {{end}}
+		return
+	}
+	variables := os.Environ()
+	var envVars []*commonpb.EnvVar
+	envInfo := sliverpb.EnvInfo{}
+	if envReq.Name != "" {
+		envVars = make([]*commonpb.EnvVar, 1)
+		envVars[0] = &commonpb.EnvVar{
+			Key:   envReq.Name,
+			Value: os.Getenv(envReq.Name),
+		}
+	} else {
+		envVars = make([]*commonpb.EnvVar, len(variables))
+		for i, e := range variables {
+			pair := strings.SplitN(e, "=", 2)
+			envVars[i] = &commonpb.EnvVar{
+				Key:   pair[0],
+				Value: pair[1],
+			}
+		}
+	}
+	envInfo.Variables = envVars
+	data, err = proto.Marshal(&envInfo)
+	resp(data, err)
+}
+
+func setEnvHandler(data []byte, resp RPCResponse) {
+	envReq := &sliverpb.SetEnvReq{}
+	err := proto.Unmarshal(data, envReq)
+	if err != nil {
+		// {{if .Config.Debug}}
+		log.Printf("error decoding message: %v\n", err)
+		// {{end}}
+		return
+	}
+
+	err = os.Setenv(envReq.Variable.Key, envReq.Variable.Value)
+	setEnvResp := &sliverpb.SetEnv{
+		Response: &commonpb.Response{},
+	}
+	if err != nil {
+		setEnvResp.Response.Err = err.Error()
+	}
+	data, err = proto.Marshal(setEnvResp)
+	resp(data, err)
+}
+
 // ---------------- Data Encoders ----------------
 
 func gzipWrite(w io.Writer, data []byte) error {

diff --git a/implant/sliver/handlers/handlers_darwin.go b/implant/sliver/handlers/handlers_darwin.go
@@ -25,19 +25,20 @@ import (
 
 var (
 	darwinHandlers = map[uint32]RPCHandler{
-		pb.MsgPsReq:        psHandler,
-		pb.MsgTerminateReq: terminateHandler,
-		pb.MsgPing:         pingHandler,
-		pb.MsgLsReq:        dirListHandler,
-		pb.MsgDownloadReq:  downloadHandler,
-		pb.MsgUploadReq:    uploadHandler,
-		pb.MsgCdReq:        cdHandler,
-		pb.MsgPwdReq:       pwdHandler,
-		pb.MsgRmReq:        rmHandler,
-		pb.MsgMkdirReq:     mkdirHandler,
-		pb.MsgIfconfigReq:  ifconfigHandler,
-		pb.MsgExecuteReq:   executeHandler,
-		sliverpb.MsgEnvReq: getEnvHandler,
+		pb.MsgPsReq:           psHandler,
+		pb.MsgTerminateReq:    terminateHandler,
+		pb.MsgPing:            pingHandler,
+		pb.MsgLsReq:           dirListHandler,
+		pb.MsgDownloadReq:     downloadHandler,
+		pb.MsgUploadReq:       uploadHandler,
+		pb.MsgCdReq:           cdHandler,
+		pb.MsgPwdReq:          pwdHandler,
+		pb.MsgRmReq:           rmHandler,
+		pb.MsgMkdirReq:        mkdirHandler,
+		pb.MsgIfconfigReq:     ifconfigHandler,
+		pb.MsgExecuteReq:      executeHandler,
+		sliverpb.MsgEnvReq:    getEnvHandler,
+		sliverpb.MsgSetEnvReq: setEnvHandler,
 
 		pb.MsgScreenshotReq: screenshotHandler,
 

diff --git a/implant/sliver/handlers/handlers_default.go b/implant/sliver/handlers/handlers_default.go
@@ -41,6 +41,8 @@ var (
 		sliverpb.MsgRmReq:       rmHandler,
 		sliverpb.MsgMkdirReq:    mkdirHandler,
 		sliverpb.MsgExecuteReq:  executeHandler,
+		sliverpb.MsgSetEnvReq:   setEnvHandler,
+		sliverpb.MsgEnvReq:      getEnvHandler,
 	}
 )
 

diff --git a/implant/sliver/handlers/handlers_linux.go b/implant/sliver/handlers/handlers_linux.go
@@ -38,6 +38,7 @@ var (
 		sliverpb.MsgIfconfigReq:  ifconfigHandler,
 		sliverpb.MsgExecuteReq:   executeHandler,
 		sliverpb.MsgEnvReq:       getEnvHandler,
+		sliverpb.MsgSetEnvReq:    setEnvHandler,
 
 		sliverpb.MsgScreenshotReq: screenshotHandler,
 

diff --git a/implant/sliver/handlers/handlers_windows.go b/implant/sliver/handlers/handlers_windows.go
@@ -44,20 +44,21 @@ var (
 	windowsHandlers = map[uint32]RPCHandler{
 
 		// Windows Only
-		sliverpb.MsgTaskReq:                  taskHandler,
-		sliverpb.MsgProcessDumpReq:           dumpHandler,
-		sliverpb.MsgImpersonateReq:           impersonateHandler,
-		sliverpb.MsgRevToSelfReq:             revToSelfHandler,
-		sliverpb.MsgRunAsReq:                 runAsHandler,
-		sliverpb.MsgInvokeGetSystemReq:       getsystemHandler,
-		sliverpb.MsgInvokeExecuteAssemblyReq: executeAssemblyHandler,
-		sliverpb.MsgInvokeMigrateReq:         migrateHandler,
-		sliverpb.MsgSpawnDllReq:              spawnDllHandler,
-		sliverpb.MsgStartServiceReq:          startService,
-		sliverpb.MsgStopServiceReq:           stopService,
-		sliverpb.MsgRemoveServiceReq:         removeService,
-		sliverpb.MsgEnvReq:                   getEnvHandler,
-		sliverpb.MsgExecuteTokenReq:          executeTokenHandler,
+		sliverpb.MsgTaskReq:            taskHandler,
+		sliverpb.MsgProcessDumpReq:     dumpHandler,
+		sliverpb.MsgImpersonateReq:     impersonateHandler,
+		sliverpb.MsgRevToSelfReq:       revToSelfHandler,
+		sliverpb.MsgRunAsReq:           runAsHandler,
+		sliverpb.MsgInvokeGetSystemReq: getsystemHandler,
+		sliverpb.MsgExecuteAssemblyReq: executeAssemblyHandler,
+		sliverpb.MsgInvokeMigrateReq:   migrateHandler,
+		sliverpb.MsgSpawnDllReq:        spawnDllHandler,
+		sliverpb.MsgStartServiceReq:    startService,
+		sliverpb.MsgStopServiceReq:     stopService,
+		sliverpb.MsgRemoveServiceReq:   removeService,
+		sliverpb.MsgEnvReq:             getEnvHandler,
+		sliverpb.MsgSetEnvReq:          setEnvHandler,
+		sliverpb.MsgExecuteTokenReq:    executeTokenHandler,
 
 		// Platform specific
 		sliverpb.MsgIfconfigReq:   ifconfigHandler,

diff --git a/implant/sliver/handlers/rpc-handlers.go b/implant/sliver/handlers/rpc-handlers.go
@@ -23,14 +23,11 @@ package handlers
 import (
 	"fmt"
 	"net"
-	"strings"
 
 	// {{if .Config.Debug}}
 	"log"
 	// {{end}}
 
-	"os"
-
 	"github.com/bishopfox/sliver/implant/sliver/netstat"
 	"github.com/bishopfox/sliver/implant/sliver/procdump"
 	"github.com/bishopfox/sliver/implant/sliver/ps"
@@ -303,39 +300,6 @@ func netstatHandler(data []byte, resp RPCResponse) {
 	}
 }
 
-func getEnvHandler(data []byte, resp RPCResponse) {
-	envReq := &sliverpb.EnvReq{}
-	err := proto.Unmarshal(data, envReq)
-	if err != nil {
-		// {{if .Config.Debug}}
-		log.Printf("error decoding message: %v\n", err)
-		// {{end}}
-		return
-	}
-	variables := os.Environ()
-	var envVars []*commonpb.EnvVar
-	envInfo := sliverpb.EnvInfo{}
-	if envReq.Name != "" {
-		envVars = make([]*commonpb.EnvVar, 1)
-		envVars[0] = &commonpb.EnvVar{
-			Key:   envReq.Name,
-			Value: os.Getenv(envReq.Name),
-		}
-	} else {
-		envVars = make([]*commonpb.EnvVar, len(variables))
-		for i, e := range variables {
-			pair := strings.SplitN(e, "=", 2)
-			envVars[i] = &commonpb.EnvVar{
-				Key:   pair[0],
-				Value: pair[1],
-			}
-		}
-	}
-	envInfo.Variables = envVars
-	data, err = proto.Marshal(&envInfo)
-	resp(data, err)
-}
-
 func buildEntries(proto string, s []netstat.SockTabEntry) []*sliverpb.SockTabEntry {
 	entries := make([]*sliverpb.SockTabEntry, 0)
 	for _, e := range s {

diff --git a/protobuf/rpcpb/services.proto b/protobuf/rpcpb/services.proto
@@ -89,6 +89,7 @@ service SliverRPC {
     rpc RemoveService(sliverpb.RemoveServiceReq) returns (sliverpb.ServiceInfo);
     rpc MakeToken(sliverpb.MakeTokenReq) returns (sliverpb.MakeToken);
     rpc GetEnv(sliverpb.EnvReq) returns (sliverpb.EnvInfo);
+    rpc SetEnv(sliverpb.SetEnvReq) returns (sliverpb.SetEnv);
     rpc Backdoor(sliverpb.BackdoorReq) returns (sliverpb.Backdoor);
 
     // *** Realtime Commands ***

diff --git a/protobuf/sliverpb/constants.go b/protobuf/sliverpb/constants.go
@@ -180,7 +180,10 @@ const (
 	MsgEnvReq
 	// MsgEnvInfo - Response to environment variable request
 	MsgEnvInfo
-
+	// MsgSetEnvReq
+	MsgSetEnvReq
+	// MsgSetEnv
+	MsgSetEnv
 	// MsgExecuteTokenReq - Execute request executed with the current (Windows) token
 	MsgExecuteTokenReq
 )
@@ -345,6 +348,10 @@ func MsgNumber(request proto.Message) uint32 {
 		return MsgEnvReq
 	case *EnvInfo:
 		return MsgEnvInfo
+	case *SetEnvReq:
+		return MsgSetEnvReq
+	case *SetEnv:
+		return MsgSetEnv
 
 	}
 	return uint32(0)

diff --git a/protobuf/sliverpb/sliver.proto b/protobuf/sliverpb/sliver.proto
@@ -421,6 +421,15 @@ message EnvInfo {
   commonpb.Response Response = 9;
 }
 
+message SetEnvReq {
+  commonpb.EnvVar Variable = 1;
+  commonpb.Request Request = 9;
+}
+
+message SetEnv {
+  commonpb.Response Response = 9;
+}
+
 // DNS Specific messages
 message DNSSessionInit {
   bytes Key = 1;

diff --git a/server/rpc/rpc-env.go b/server/rpc/rpc-env.go
@@ -15,3 +15,13 @@ func (rpc *Server) GetEnv(ctx context.Context, req *sliverpb.EnvReq) (*sliverpb.
 	}
 	return resp, nil
 }
+
+// SetEnv - Set an environment variable
+func (rpc *Server) SetEnv(ctx context.Context, req *sliverpb.SetEnvReq) (*sliverpb.SetEnv, error) {
+	resp := &sliverpb.SetEnv{}
+	err := rpc.GenericHandler(req, resp)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}