From a54eba95eff33cc1614e08c124e967bf9d72748f Mon Sep 17 00:00:00 2001 From: rkervella Date: Mon, 12 Apr 2021 11:52:54 +0200 Subject: [PATCH 1/2] Fix named pipe listener to accept remote clients --- go.sum | 1 + implant/go-mod | 2 +- implant/sliver/pivots/named-pipe_windows.go | 9 ++++++--- implant/sliver/transports/named-pipe.go | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/go.sum b/go.sum index 93920883f6..a8945c6607 100644 --- a/go.sum +++ b/go.sum @@ -532,6 +532,7 @@ golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309040221-94ec62e08169/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/implant/go-mod b/implant/go-mod index 0f29ce79c8..6c3e1c8cef 100644 --- a/implant/go-mod +++ b/implant/go-mod @@ -6,7 +6,7 @@ require ( github.com/BurntSushi/xgb v0.0.0-20210121224620-deaf085860bc // indirect github.com/gen2brain/shm v0.0.0-20200228170931-49f9650110c5 // indirect github.com/golang/protobuf v1.4.3 - github.com/Microsoft/go-winio v0.4.16 + github.com/lesnuages/go-winio v0.4.19 golang.zx2c4.com/wireguard v0.0.0-20210311162910-5f0c8b942d93 github.com/kbinani/screenshot v0.0.0-20191211154542-3a185f1ce18f github.com/lxn/win v0.0.0-20210218163916-a377121e959e // indirect diff --git a/implant/sliver/pivots/named-pipe_windows.go b/implant/sliver/pivots/named-pipe_windows.go index 0889e257bd..1ef21abcd3 100644 --- a/implant/sliver/pivots/named-pipe_windows.go +++ b/implant/sliver/pivots/named-pipe_windows.go @@ -28,16 +28,19 @@ import ( "strings" "time" - "github.com/Microsoft/go-winio" "github.com/bishopfox/sliver/implant/sliver/transports" "github.com/bishopfox/sliver/protobuf/sliverpb" + "github.com/lesnuages/go-winio" "github.com/golang/protobuf/proto" ) func StartNamedPipeListener(pipeName string) error { - fullName := "\\\\.\\pipe\\"+pipeName - ln, err := winio.ListenPipe(fullName, nil) + fullName := "\\\\.\\pipe\\" + pipeName + config := &winio.PipeConfig{ + RemoteClientMode: true, + } + ln, err := winio.ListenPipe(fullName, config) // {{if .Config.Debug}} log.Printf("Listening on %s", fullName) // {{end}} diff --git a/implant/sliver/transports/named-pipe.go b/implant/sliver/transports/named-pipe.go index dd68734462..2b1117e3f6 100644 --- a/implant/sliver/transports/named-pipe.go +++ b/implant/sliver/transports/named-pipe.go @@ -31,9 +31,9 @@ import ( "log" // {{end}} - "github.com/Microsoft/go-winio" "github.com/bishopfox/sliver/protobuf/sliverpb" "github.com/golang/protobuf/proto" + "github.com/lesnuages/go-winio" ) const ( From d4b3ec9dac5d58bcc6d11ce8130c8cbe83bd2a4e Mon Sep 17 00:00:00 2001 From: rkervella Date: Mon, 12 Apr 2021 12:17:18 +0200 Subject: [PATCH 2/2] Add github.com/lesnages to GOPRIVATE --- server/generate/binaries.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/generate/binaries.go b/server/generate/binaries.go index b9aa22f223..48e101bbd9 100644 --- a/server/generate/binaries.go +++ b/server/generate/binaries.go @@ -78,7 +78,7 @@ const ( // GoPrivate - The default Go private arg to garble when obfuscation is enabled. // Wireguard dependencies prevent the use of wildcard github.com/* and golang.org/*. // The current packages below aren't definitive and need to be tidied up. - GoPrivate = "github.com/bishopfox/*,github.com/Microsoft/*,github.com/burntsushi/*,github.com/kbinani/*,github.com/lxn/*,github.com/golang/*,github.com/shm/*" + GoPrivate = "github.com/bishopfox/*,github.com/Microsoft/*,github.com/burntsushi/*,github.com/kbinani/*,github.com/lxn/*,github.com/golang/*,github.com/shm/*,github.com/lesnuages/*" clientsDirName = "clients" sliversDirName = "slivers"