Merge branch 'master' into cursed

Dockerfile

@@ -52,11 +52,9 @@ RUN go install google.golang.org/protobuf/cmd/protoc-gen-go@${PROTOC_GEN_GO_VER}
 
 # Go assets
 WORKDIR /go/src/github.com/bishopfox/sliver
-ADD ./go-assets.sh /go/src/github.com/bishopfox/sliver/go-assets.sh
-RUN ./go-assets.sh
-
-# Compile sliver server
 ADD . /go/src/github.com/bishopfox/sliver/
+RUN make clean-all
+RUN ./go-assets.sh
 RUN make \
     && cp -vv sliver-server /opt/sliver-server \
     && /opt/sliver-server unpack --force 

client/command/beacons/beacons.go

@@ -109,7 +109,8 @@ func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regex
 
 	tw := table.NewWriter()
 	tw.SetStyle(settings.GetTableStyle(con))
-	if con.Settings.SmallTermWidth < width {
+	wideTermWidth := con.Settings.SmallTermWidth < width
+	if wideTermWidth {
 		tw.AppendHeader(table.Row{
 			"ID",
 			"Name",
@@ -119,6 +120,7 @@ func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regex
 			"Hostname",
 			"Username",
 			"Operating System",
+			"Locale",
 			"Last Check-in",
 			"Next Check-in",
 		})
@@ -141,42 +143,10 @@ func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regex
 			color = console.Green
 		}
 
-		nextCheckin := time.Unix(beacon.NextCheckin, 0)
-		nextCheckinDateTime := nextCheckin.Format(time.UnixDate)
-
-		var next string
-		var interval string
-
-		if time.Unix(beacon.NextCheckin, 0).Before(time.Now()) {
-			if con.Settings.SmallTermWidth < width {
-				interval = fmt.Sprintf("%s (%s ago)", nextCheckinDateTime, time.Since(nextCheckin).Round(time.Second))
-
-			} else {
-				interval = time.Since(nextCheckin).Round(time.Second).String()
-			}
-			next = fmt.Sprintf("%s%s%s", console.Bold+console.Red, interval, console.Normal)
-		} else {
-			if con.Settings.SmallTermWidth < width {
-				interval = fmt.Sprintf("%s (in %s)", nextCheckinDateTime, time.Until(nextCheckin).Round(time.Second))
-			} else {
-				interval = time.Until(nextCheckin).Round(time.Second).String()
-			}
-
-			next = fmt.Sprintf("%s%s%s", console.Bold+console.Green, interval, console.Normal)
-		}
-
 		// We need a slice of strings so we can apply filters
 		var rowEntries []string
 
-		/*
-			Round the duration to the nearest second to be more output friendly.
-			We deal in seconds for everything, so it makes sense to show outputs
-			in seconds to remain consistent.
-		*/
-		timeSinceLastCheckin := time.Since(time.Unix(beacon.LastCheckin, 0)).Round(time.Second)
-		lastCheckinDateTime := time.Unix(beacon.LastCheckin, 0).Format(time.UnixDate)
-
-		if con.Settings.SmallTermWidth < width {
+		if wideTermWidth {
 			rowEntries = []string{
 				fmt.Sprintf(color+"%s"+console.Normal, strings.Split(beacon.ID, "-")[0]),
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Name),
@@ -186,8 +156,9 @@ func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regex
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Hostname),
 				fmt.Sprintf(color+"%s"+console.Normal, strings.TrimPrefix(beacon.Username, beacon.Hostname+"\\")),
 				fmt.Sprintf(color+"%s/%s"+console.Normal, beacon.OS, beacon.Arch),
-				fmt.Sprintf(color+"%s (%s ago)"+console.Normal, lastCheckinDateTime, timeSinceLastCheckin),
-				next,
+				fmt.Sprintf(color+"%s"+console.Normal, beacon.Locale),
+				con.FormatDateDelta(time.Unix(beacon.LastCheckin, 0), wideTermWidth, false),
+				con.FormatDateDelta(time.Unix(beacon.NextCheckin, 0), wideTermWidth, true),
 			}
 		} else {
 			rowEntries = []string{
@@ -196,8 +167,8 @@ func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regex
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Transport),
 				fmt.Sprintf(color+"%s"+console.Normal, strings.TrimPrefix(beacon.Username, beacon.Hostname+"\\")),
 				fmt.Sprintf(color+"%s/%s"+console.Normal, beacon.OS, beacon.Arch),
-				fmt.Sprintf(color+"%s ago"+console.Normal, timeSinceLastCheckin),
-				next,
+				con.FormatDateDelta(time.Unix(beacon.LastCheckin, 0), wideTermWidth, false),
+				con.FormatDateDelta(time.Unix(beacon.NextCheckin, 0), wideTermWidth, true),
 			}
 		}
 		// Build the row struct

client/command/commands.go

@@ -66,6 +66,7 @@ import (
 	"github.com/bishopfox/sliver/client/command/reaction"
 	"github.com/bishopfox/sliver/client/command/reconfig"
 	"github.com/bishopfox/sliver/client/command/registry"
+	"github.com/bishopfox/sliver/client/command/rportfwd"
 	"github.com/bishopfox/sliver/client/command/screenshot"
 	"github.com/bishopfox/sliver/client/command/sessions"
 	"github.com/bishopfox/sliver/client/command/settings"
@@ -456,6 +457,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("c", "cert", "", "PEM encoded certificate file")
 			f.String("k", "key", "", "PEM encoded private key file")
 			f.Bool("e", "lets-encrypt", false, "attempt to provision a let's encrypt certificate")
+			f.Bool("E", "disable-randomized-jarm", false, "disable randomized jarm fingerprints")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 			f.Bool("p", "persistent", false, "make persistent across restarts")
@@ -482,6 +484,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.StringL("aes-encrypt-key", "", "encrypt stage with AES encryption key")
 			f.StringL("aes-encrypt-iv", "", "encrypt stage with AES encryption iv")
 			f.String("C", "compress", "none", "compress the stage before encrypting (zlib, gzip, deflate9, none)")
+			f.Bool("P", "prepend-size", false, "prepend the size of the stage to the payload (to use with MSF stagers)")
 		},
 		Run: func(ctx *grumble.Context) error {
 			con.Println()
@@ -517,7 +520,6 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Help:     "Reconfigure the active beacon/session",
 		LongHelp: help.GetHelpFor([]string{consts.ReconfigStr}),
 		Flags: func(f *grumble.Flags) {
-			f.String("n", "name", "", "change implant name to")
 			f.String("r", "reconnect-interval", "", "reconnect interval for implant")
 			f.String("i", "beacon-interval", "", "beacon callback interval")
 			f.String("j", "beacon-jitter", "", "beacon callback jitter (random up to)")
@@ -900,6 +902,9 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Args: func(a *grumble.Args) {
 			a.String("session", "session ID", grumble.Default(""))
 		},
+		Completer: func(prefix string, args []string) []string {
+			return use.BeaconAndSessionIDCompleter(prefix, args, con)
+		},
 		Run: func(ctx *grumble.Context) error {
 			con.Println()
 			info.InfoCmd(ctx, con)
@@ -1340,6 +1345,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
 			f.String("F", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
+			f.String("L", "limit-locale", "", "limit execution to hosts that match this locale")
 
 			f.String("f", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 			f.String("s", "save", "", "directory/file to the binary to")
@@ -1397,6 +1403,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
 			f.String("F", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
+			f.String("L", "limit-locale", "", "limit execution to hosts that match this locale")
 
 			f.String("f", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 			f.String("s", "save", "", "directory/file to the binary to")
@@ -1549,6 +1556,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
 			f.String("F", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
+			f.String("L", "limit-locale", "", "limit execution to hosts that match this locale")
 
 			f.String("f", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 
@@ -1612,6 +1620,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("y", "limit-username", "", "limit execution to specified username")
 			f.String("z", "limit-hostname", "", "limit execution to specified hostname")
 			f.String("F", "limit-fileexists", "", "limit execution to hosts with this file in the filesystem")
+			f.String("L", "limit-locale", "", "limit execution to hosts that match this locale")
 
 			f.String("f", "format", "exe", "Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see `psexec` for more info) and 'shellcode' (windows only)")
 
@@ -2529,6 +2538,59 @@ func BindCommands(con *console.SliverConsoleClient) {
 	})
 	con.App.AddCommand(registryCmd)
 
+	// [ Reverse Port Forwarding ] --------------------------------------------------------------
+
+	rportfwdCmd := &grumble.Command{
+		Name:     consts.RportfwdStr,
+		Help:     "reverse port forwardings",
+		LongHelp: help.GetHelpFor([]string{consts.RportfwdStr}),
+		Flags: func(f *grumble.Flags) {
+			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+		},
+		Run: func(ctx *grumble.Context) error {
+			con.Println()
+			rportfwd.RportFwdListenersCmd(ctx, con)
+			con.Println()
+			return nil
+		},
+		HelpGroup: consts.SliverHelpGroup,
+	}
+	rportfwdCmd.AddCommand(&grumble.Command{
+		Name:     consts.AddStr,
+		Help:     "Add and start reverse port forwarding",
+		LongHelp: help.GetHelpFor([]string{consts.RportfwdStr}),
+		Run: func(ctx *grumble.Context) error {
+			con.Println()
+			rportfwd.StartRportFwdListenerCmd(ctx, con)
+			con.Println()
+			return nil
+		},
+		Flags: func(f *grumble.Flags) {
+			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.String("r", "remote", "", "remote address <ip>:<port> connection is forwarded to")
+			f.String("b", "bind", "", "bind address <ip>:<port> implants listen on")
+		},
+		HelpGroup: consts.SliverWinHelpGroup,
+	})
+	rportfwdCmd.AddCommand(&grumble.Command{
+		Name:     consts.RmStr,
+		Help:     "Stop and remove reverse port forwarding",
+		LongHelp: help.GetHelpFor([]string{consts.RportfwdStr}),
+		Run: func(ctx *grumble.Context) error {
+			con.Println()
+			rportfwd.StopRportFwdListenerCmd(ctx, con)
+			con.Println()
+			return nil
+		},
+		Flags: func(f *grumble.Flags) {
+			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
+			f.Int("i", "id", 0, "id of portfwd to remove")
+		},
+		HelpGroup: consts.SliverWinHelpGroup,
+	})
+
+	con.App.AddCommand(rportfwdCmd)
+
 	// [ Pivots ] --------------------------------------------------------------
 
 	pivotsCmd := &grumble.Command{

client/command/generate/generate.go

@@ -249,6 +249,7 @@ func parseCompileFlags(ctx *grumble.Context, con *console.SliverConsoleClient) *
 	limitUsername := ctx.Flags.String("limit-username")
 	limitDatetime := ctx.Flags.String("limit-datetime")
 	limitFileExists := ctx.Flags.String("limit-fileexists")
+	limitLocale := ctx.Flags.String("limit-locale")
 
 	isSharedLib := false
 	isService := false
@@ -337,6 +338,7 @@ func parseCompileFlags(ctx *grumble.Context, con *console.SliverConsoleClient) *
 		LimitUsername:     limitUsername,
 		LimitDatetime:     limitDatetime,
 		LimitFileExists:   limitFileExists,
+		LimitLocale:       limitLocale,
 
 		Format:      configFormat,
 		IsSharedLib: isSharedLib,
@@ -694,6 +696,9 @@ func getLimitsString(config *clientpb.ImplantConfig) string {
 	if config.LimitFileExists != "" {
 		limits = append(limits, fmt.Sprintf("fileexists=%s", config.LimitFileExists))
 	}
+	if config.LimitLocale != "" {
+		limits = append(limits, fmt.Sprintf("locale=%s", config.LimitLocale))
+	}
 	return strings.Join(limits, "; ")
 }
 

client/command/help/long-help.go

@@ -206,10 +206,10 @@ stage-listener --url tcp://1.2.3.4:8080 --profile my-sliver-profile
 
 To create a profile, use the [[.Bold]]profiles new[[.Normal]] command. A common scenario is to create a profile that generates a shellcode, which can act as a stage 2:
 
-profiles new --profile-name windows-shellcode --format shellcode --mtls 1.2.3.4 --skip-symbols
+profiles new --format shellcode --mtls 1.2.3.4 --skip-symbols windows-shellcode
 `
 
-	newProfileHelp = `[[.Bold]]Command:[[.Normal]] new [--profile-name] <options>
+	newProfileHelp = `[[.Bold]]Command:[[.Normal]] new <options> <profile name>
 [[.Bold]]About:[[.Normal]] Create a new profile with a given name and options, a name is required.
 
 [[.Bold]][[.Underline]]++ Profiles ++[[.Normal]]
@@ -464,7 +464,7 @@ The [[.Bold]]psexec[[.Normal]] command will use the credentials of the Windows u
 [[.Bold]]About:[[.Normal]] Inject a sliver shellcode into an existing file on the target system.
 [[.Bold]]Example:[[.Normal]] backdoor --profile windows-shellcode "c:\windows\system32\calc.exe"
 
-[[.Bold]]Remark:[[.Normal]] you must first create a profile that will serve as your base shellcode, with the following command: profiles new --format shellcode --profile-name whatever --http ab.cd
+[[.Bold]]Remark:[[.Normal]] you must first create a profile that will serve as your base shellcode, with the following command: profiles new --format shellcode --http ab.cd windows-shellcode
 `
 	makeTokenHelp = `[[.Bold]]Command:[[.Normal]] make-token -u USERNAME -d DOMAIN -p PASSWORD
 [[.Bold]]About:[[.Normal]] Creates a new Logon Session from the specified credentials and impersonate the resulting token.

client/command/hosts/hosts.go

@@ -26,6 +26,7 @@ import (
 	"sort"
 	"strings"
 	"text/tabwriter"
+	"time"
 
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/bishopfox/sliver/client/command/settings"
@@ -65,10 +66,12 @@ func hostsTable(hosts []*clientpb.Host, con *console.SliverConsoleClient) string
 		"ID",
 		"Hostname",
 		"Operating System",
+		"Locale",
 		"Sessions",
 		"Beacons",
 		"IOCs",
 		"Extensions",
+		"First Contact",
 	})
 	for _, host := range hosts {
 		var shortID string
@@ -81,10 +84,12 @@ func hostsTable(hosts []*clientpb.Host, con *console.SliverConsoleClient) string
 			shortID,
 			host.Hostname,
 			host.OSVersion,
+			host.Locale,
 			hostSessions(host.HostUUID, con),
 			hostBeacons(host.HostUUID, con),
 			len(host.IOCs),
 			len(host.ExtensionData),
+			con.FormatDateDelta(time.Unix(host.FirstContact, 0), true, false),
 		})
 	}
 	return tw.Render()

client/command/info/info.go

@@ -22,6 +22,7 @@ import (
 	"context"
 	"time"
 
+	"github.com/bishopfox/sliver/client/command/use"
 	"github.com/bishopfox/sliver/client/console"
 	consts "github.com/bishopfox/sliver/client/constants"
 	"github.com/bishopfox/sliver/protobuf/clientpb"
@@ -33,10 +34,25 @@ import (
 
 // InfoCmd - Display information about the active session
 func InfoCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
-	session, beacon := con.ActiveTarget.GetInteractive()
-	if session == nil && beacon == nil {
-		return
+	var err error
+
+	// Check if we have an active target via 'use'
+	session, beacon := con.ActiveTarget.Get()
+
+	idArg := ctx.Args.String("session")
+	if idArg != "" {
+		// ID passed via argument takes priority
+		session, beacon, err = use.SessionOrBeaconByID(idArg, con)
+	} else {
+		if session == nil && beacon == nil {
+			session, beacon, err = use.SelectSessionOrBeacon(con)
+			if err != nil {
+				con.PrintErrorf("%s\n", err)
+				return
+			}
+		}
 	}
+
 	if session != nil {
 
 		con.Printf(console.Bold+"        Session ID: %s%s\n", console.Normal, session.ID)
@@ -49,11 +65,14 @@ func InfoCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		con.Printf(console.Bold+"               PID: %s%d\n", console.Normal, session.PID)
 		con.Printf(console.Bold+"                OS: %s%s\n", console.Normal, session.OS)
 		con.Printf(console.Bold+"           Version: %s%s\n", console.Normal, session.Version)
+		con.Printf(console.Bold+"            Locale: %s%s\n", console.Normal, session.Locale)
 		con.Printf(console.Bold+"              Arch: %s%s\n", console.Normal, session.Arch)
 		con.Printf(console.Bold+"         Active C2: %s%s\n", console.Normal, session.ActiveC2)
 		con.Printf(console.Bold+"    Remote Address: %s%s\n", console.Normal, session.RemoteAddress)
 		con.Printf(console.Bold+"         Proxy URL: %s%s\n", console.Normal, session.ProxyURL)
 		con.Printf(console.Bold+"Reconnect Interval: %s%s\n", console.Normal, time.Duration(session.ReconnectInterval).String())
+		con.Printf(console.Bold+"     First Contact: %s%s\n", console.Normal, con.FormatDateDelta(time.Unix(session.FirstContact, 0), true, false))
+		con.Printf(console.Bold+"      Last Checkin: %s%s\n", console.Normal, con.FormatDateDelta(time.Unix(session.LastCheckin, 0), true, false))
 
 	} else if beacon != nil {
 
@@ -67,12 +86,16 @@ func InfoCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		con.Printf(console.Bold+"               PID: %s%d\n", console.Normal, beacon.PID)
 		con.Printf(console.Bold+"                OS: %s%s\n", console.Normal, beacon.OS)
 		con.Printf(console.Bold+"           Version: %s%s\n", console.Normal, beacon.Version)
+		con.Printf(console.Bold+"            Locale: %s%s\n", console.Normal, beacon.Locale)
 		con.Printf(console.Bold+"              Arch: %s%s\n", console.Normal, beacon.Arch)
 		con.Printf(console.Bold+"         Active C2: %s%s\n", console.Normal, beacon.ActiveC2)
 		con.Printf(console.Bold+"    Remote Address: %s%s\n", console.Normal, beacon.RemoteAddress)
 		con.Printf(console.Bold+"         Proxy URL: %s%s\n", console.Normal, beacon.ProxyURL)
 		con.Printf(console.Bold+"          Interval: %s%s\n", console.Normal, time.Duration(beacon.Interval).String())
 		con.Printf(console.Bold+"            Jitter: %s%s\n", console.Normal, time.Duration(beacon.Jitter).String())
+		con.Printf(console.Bold+"     First Contact: %s%s\n", console.Normal, con.FormatDateDelta(time.Unix(beacon.FirstContact, 0), true, false))
+		con.Printf(console.Bold+"      Last Checkin: %s%s\n", console.Normal, con.FormatDateDelta(time.Unix(beacon.LastCheckin, 0), true, false))
+		con.Printf(console.Bold+"      Next Checkin: %s%s\n", console.Normal, con.FormatDateDelta(time.Unix(beacon.NextCheckin, 0), true, true))
 
 	} else {
 		con.PrintErrorf("No target session, see `help %s`\n", consts.InfoStr)

client/command/jobs/https.go

@@ -68,6 +68,7 @@ func HTTPSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		EnforceOTP:      !disableOTP,
 		LongPollTimeout: int64(longPollTimeout),
 		LongPollJitter:  int64(longPollJitter),
+		RandomizeJARM:   !ctx.Flags.Bool("disable-randomized-jarm"),
 	})
 	con.Println()
 	if err != nil {