From 4ad24ac3a061043db57dde3542e6240e900d98bd Mon Sep 17 00:00:00 2001
From: rkervella <rkervella@bishopfox.com>
Date: Tue, 27 Jul 2021 18:14:20 +0200
Subject: [PATCH 1/3] Fix typo

---
 client/command/commands.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/command/commands.go b/client/command/commands.go
index 97f9072403..587c3404d4 100644
--- a/client/command/commands.go
+++ b/client/command/commands.go
@@ -1643,7 +1643,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		},
 		Flags: func(f *grumble.Flags) {
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
-			f.String("H", "hive", "HKCU", "egistry hive")
+			f.String("H", "hive", "HKCU", "registry hive")
 			f.String("o", "hostname", "", "remote host to read values from")
 		},
 		HelpGroup: consts.SliverWinHelpGroup,

From 2df7f1319f8d376f3565fa3651b492409a37aef5 Mon Sep 17 00:00:00 2001
From: rkervella <rkervella@bishopfox.com>
Date: Tue, 27 Jul 2021 18:40:18 +0200
Subject: [PATCH 2/3] Fix #479

---
 client/command/registry/reg-read.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/client/command/registry/reg-read.go b/client/command/registry/reg-read.go
index aa8bf780c7..0cee8bc70c 100644
--- a/client/command/registry/reg-read.go
+++ b/client/command/registry/reg-read.go
@@ -72,6 +72,10 @@ func getType(t string) (uint32, error) {
 
 // RegReadCmd - Read a windows registry key: registry read --hostname aa.bc.local --hive HKCU "software\google\chrome\blbeacon\version"
 func RegReadCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
+	var (
+		finalPath string
+		key       string
+	)
 	session := con.ActiveSession.GetInteractive()
 	if session == nil {
 		return
@@ -93,15 +97,24 @@ func RegReadCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		con.PrintErrorf("You must provide a path")
 		return
 	}
+
 	if strings.Contains(regPath, "/") {
 		regPath = strings.ReplaceAll(regPath, "/", "\\")
 	}
-	slashIndex := strings.LastIndex(regPath, "\\")
-	key := regPath[slashIndex+1:]
-	regPath = regPath[:slashIndex]
+	pathBaseIdx := strings.LastIndex(regPath, `\`)
+	if pathBaseIdx < 0 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	if len(regPath) < pathBaseIdx+1 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	finalPath = regPath[:pathBaseIdx]
+	key = regPath[pathBaseIdx+1:]
 	regRead, err := con.Rpc.RegistryRead(context.Background(), &sliverpb.RegistryReadReq{
 		Hive:     hive,
-		Path:     regPath,
+		Path:     finalPath,
 		Key:      key,
 		Hostname: hostname,
 		Request:  con.ActiveSession.Request(ctx),

From 9cdb3e6def08332b5695046732e9630beb314b9f Mon Sep 17 00:00:00 2001
From: rkervella <rkervella@bishopfox.com>
Date: Tue, 27 Jul 2021 18:43:07 +0200
Subject: [PATCH 3/3] Apply fix to reg-create and reg-write too

---
 client/command/registry/reg-create.go | 16 ++++++++++++----
 client/command/registry/reg-write.go  | 16 ++++++++++++----
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/client/command/registry/reg-create.go b/client/command/registry/reg-create.go
index 8ef88ceadf..95bdfdff1a 100644
--- a/client/command/registry/reg-create.go
+++ b/client/command/registry/reg-create.go
@@ -49,12 +49,20 @@ func RegCreateKeyCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	if strings.Contains(regPath, "/") {
 		regPath = strings.ReplaceAll(regPath, "/", "\\")
 	}
-	slashIndex := strings.LastIndex(regPath, "\\")
-	key := regPath[slashIndex+1:]
-	regPath = regPath[:slashIndex]
+	pathBaseIdx := strings.LastIndex(regPath, `\`)
+	if pathBaseIdx < 0 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	if len(regPath) < pathBaseIdx+1 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	finalPath := regPath[:pathBaseIdx]
+	key := regPath[pathBaseIdx+1:]
 	createKeyResp, err := con.Rpc.RegistryCreateKey(context.Background(), &sliverpb.RegistryCreateKeyReq{
 		Hive:     hive,
-		Path:     regPath,
+		Path:     finalPath,
 		Key:      key,
 		Hostname: hostname,
 		Request:  con.ActiveSession.Request(ctx),
diff --git a/client/command/registry/reg-write.go b/client/command/registry/reg-write.go
index 82ed5125a9..99af03accf 100644
--- a/client/command/registry/reg-write.go
+++ b/client/command/registry/reg-write.go
@@ -71,9 +71,17 @@ func RegWriteCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 	if strings.Contains(regPath, "/") {
 		regPath = strings.ReplaceAll(regPath, "/", "\\")
 	}
-	slashIndex := strings.LastIndex(regPath, "\\")
-	key := regPath[slashIndex+1:]
-	regPath = regPath[:slashIndex]
+	pathBaseIdx := strings.LastIndex(regPath, `\`)
+	if pathBaseIdx < 0 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	if len(regPath) < pathBaseIdx+1 {
+		con.PrintErrorf("invalid path: %s", regPath)
+		return
+	}
+	finalPath := regPath[:pathBaseIdx]
+	key := regPath[pathBaseIdx+1:]
 	switch valType {
 	case sliverpb.RegistryTypeBinary:
 		var (
@@ -118,7 +126,7 @@ func RegWriteCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		Request:     con.ActiveSession.Request(ctx),
 		Hostname:    hostname,
 		Hive:        hive,
-		Path:        regPath,
+		Path:        finalPath,
 		Type:        valType,
 		Key:         key,
 		StringValue: stringValue,