Sliver Versions Save

Fix for DNS C2, and other small backports. Hoping to have a v1.6 release soon with many more updates!

⚠️ Backwards incompatible changes ⚠️

This release fixes a vulnerability (CVE-2023-34758) in the Sliver Key Encapsulation Mechanism (KEM), where improper use of Nacl Box (libsodium) could allow a MitM attacker with a copy of the implant binary to recover the session key and arbitrarily encrypt/decrypt C2 messages. Note that the Sliver KEM is only used over insecure protocols such as HTTP and DNS, and does not affect mTLS or Wireguard.

The issue was addressed by switching to a combination age for the KEM and HMAC-SHA2-256 to verify the implant.

More details: https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q

Special thanks to Ting-Wei Hsieh from CHT Security Co. Ltd. for reporting the vulnerability.

Commits

• ad53f90: Bump github.com/miekg/dns from 1.1.53 to 1.1.54 (dependabot[bot]) #1217
• 5b22e6d: Bump modernc.org/sqlite from 1.22.0 to 1.22.1 (dependabot[bot]) #1218
• d921c3c: Add ESET Internet Security to kwnown security processes (smeukinou) #1220
• 2f9c84c: FIX implant generation with locale limit not compiling when not in debug mode (smeukinou) #1221
• b5e611d: FIX windows screenshot when multiple monitors are used, and they are not exactly side-by-side (smeukinou) #1222
• a468ec8: Allow migrate to use process names (rkervella) #1223
• 64c40ba: Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (dependabot[bot]) #1226
• 27c6e8e: Bump golang.org/x/term from 0.7.0 to 0.8.0 (dependabot[bot]) #1227
• d547708: Go v1.20.4 (moloch--) #1229
• 4690430: update installer to symlink sliver/sliver-client (moloch--)
• 38a740a: Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (dependabot[bot]) #1232
• 52daa1a: Adding support for specifying DNS resolvers through advanced options (Raf) #1235

Commits

• 57ddb1a: Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (dependabot[bot]) #1199
• 8c06b83: Bump gorm.io/gorm from 1.24.7-0.20230306060331-85eaf9eeda11 to 1.25.0 (dependabot[bot]) #1200
• ef1c034: Bump gorm.io/driver/sqlite from 1.4.4 to 1.5.0 (dependabot[bot]) #1201
• 7479e86: Bump gorm.io/driver/mysql from 1.4.7 to 1.5.0 (dependabot[bot]) #1202
• 77ab598: pull latest beacon or session configuration on info command even if a beacon or session is currently selected to avoid displaying outdated values after a reconfiguration (Tim Makram Ghatas) #1207
• 9e12db9: Bump modernc.org/sqlite from 1.21.1 to 1.22.0 (dependabot[bot]) #1212
• 3599af1: Fixed nil pointer (b0yd) #1213
• fce0221: Add Rapid 7 (cmprmsd) #1214
• 7522a0b: Apply XOR to protobuf raw data (rkervella) #1215
• 7c33022: Apply XOR to dnspb and commonpb too (rkervella) #1215

Commits

• 05a31d9: Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (dependabot[bot]) #1168
• 19b4b0b: Warn user about improper flag usage. (rkervella) #1169
• 8fd9487: Added chmod,chown,timestomp, and added uid:gid to ls (b0yd) #1170
• 03d93b9: Guess I'm supposed to check these in too :P (b0yd) #1170
• 0e5d055: Import ommisions (b0yd) #1170
• a45c996: Made pretty, with goto (b0yd) #1170
• d344e35: Fixed issues caused by adding goto (b0yd) #1170
• 963b3c3: Fixed import...again (b0yd) #1170
• feacb9e: Use implant filename instead of name (rkervella) #1172
• 2bfcaf1: Update handlers_linux.go (rwincey) #1170
• e6645c9: Added file path for debug so it doesn't always goto stdout (b0yd) #1175
• bd57568: Bump github.com/miekg/dns from 1.1.52 to 1.1.53 (dependabot[bot]) #1177
• 246519d: Bump modernc.org/sqlite from 1.21.0 to 1.21.1 (dependabot[bot]) #1178
• d2aaee9: fix implant configuration for external builders (MrAle98) #1180
• 04e8104: minor fix (MrAle98) #1180
• 85f51a8: Initial support for changing C2 when spawning an interactive session from a beacon. Does not support changing transports. (Raf) #1190
• 400c629: Adding support for killing a beacon using the short form of its ID (Raf) #1182
• 7fa1b5c: Bump golang.org/x/sys from 0.6.0 to 0.7.0 (dependabot[bot]) #1184
• 689645d: Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (dependabot[bot]) #1187
• 6c77808: Bump golang.org/x/text from 0.8.0 to 0.9.0 (dependabot[bot]) #1186
• 03183ae: Bump golang.org/x/net from 0.8.0 to 0.9.0 (dependabot[bot]) #1188
• 929e67e: Always show hostname when displaying the list of beacons (Raf) #1191
• f09efe9: Fixing #1192. Waiting to close the job channel until all teardown tasks are done (Raf) #1193
• 7033be8: Bump commonmarker from 0.23.8 to 0.23.9 in /docs (dependabot[bot]) #1194
• c2adb81: Bump nokogiri from 1.14.1 to 1.14.3 in /docs (dependabot[bot]) #1195

Features

• add armory support for private Github apis #1162 (jpts)

Commits

• 94d8b9f: Bump github.com/jedib0t/go-pretty/v6 from 6.4.4 to 6.4.6 (dependabot[bot]) #1134
• 2f1f81c: Bump golang.org/x/term from 0.5.0 to 0.6.0 (dependabot[bot]) #1135
• 9585b43: Bump github.com/chromedp/chromedp from 0.8.7 to 0.8.8 (dependabot[bot]) #1132
• 9f811f8: Bump golang.org/x/net from 0.7.0 to 0.8.0 (dependabot[bot]) #1131
• 5ab52bc: unblock execute command if no output is requested (Dominic Breuker) #1136
• 3a8017e: Go v1.20.2 (moloch--) #1137
• e6d9740: Go v1.20.2 (moloch--)
• bde3cd6: Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (dependabot[bot]) #1141
• 115f47a: Bump github.com/miekg/dns from 1.1.51 to 1.1.52 (dependabot[bot]) #1142
• 564aeec: Bump gorm.io/gorm from 1.24.5 to 1.24.6 (dependabot[bot]) #1144
• 200a1a9: Bump github.com/fatih/color from 1.14.1 to 1.15.0 (dependabot[bot]) #1145
• 4068faf: Bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (dependabot[bot]) #1143
• a3ea33b: Bump github.com/chromedp/chromedp from 0.8.8 to 0.9.1 (dependabot[bot]) #1153
• dff24ae: Bump gorm.io/driver/postgres from 1.4.8 to 1.5.0 (dependabot[bot]) #1154
• 8291364: Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 (dependabot[bot]) #1155
• c6e65e6: Bump actions/setup-go from 3 to 4 (dependabot[bot]) #1156
• 9d7d1b7: Bump google.golang.org/protobuf from 1.28.1 to 1.30.0 (dependabot[bot]) #1152
• c506020: Bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (dependabot[bot]) #1157
• 918d729: Update DumpCookies method (rkervella) #1158
• f1613bb: avoid race condition in the extension callback on windows beacons (Dominic Breuker) #1159
• b0e0df1: ensure beacon registers extensions before it calls them (Dominic Breuker) #1164
• c6a29ea: ensure waitgroup in beaconmain can never become negative (Dominic Breuker) #1164
• 3297301: cleanup and variable rename (Dominic Breuker) #1164
• 3d7227e: execute regular tasks and extenions concurrently (Dominic Breuker) #1164
• 99c76c2: C2 http uri lowercased. Fixes #1126 (svl) #1166

Commits

• b0b4751: Update go-assets.sh (Ronan Kervella) #1094
• cfaa892: Attempt to implement docs/notion (moloch--)
• a8a5368: Bump golang.org/x/net from 0.5.0 to 0.6.0 (dependabot[bot]) #1097
• bca8c13: Bump gorm.io/driver/mysql from 1.4.5 to 1.4.6 (dependabot[bot]) #1101
• 1ddeeb8: Fix missing flag in context for PsCmd (rkervella) #1103
• 988282c: Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (dependabot[bot]) #1107
• 94a4be6: Bump modernc.org/sqlite from 1.19.3 to 1.20.4 (dependabot[bot]) #1110
• 52e296f: Bump golang.org/x/net from 0.6.0 to 0.7.0 (dependabot[bot]) #1106
• 50103d7: Bump gorm.io/driver/postgres from 1.4.6 to 1.4.8 (dependabot[bot]) #1108
• 89f029f: Go v1.20.1 (moloch--) #1111
• bc9bba5: Bump gorm.io/driver/mysql from 1.4.6 to 1.4.7 (dependabot[bot]) #1109
• 5da01d9: Garble v1.20.2 (moloch--) #1111
• 03ba0ea: Return zero guid on hostuuid from mac error (moloch--) #1112
• ba69967: Update README.md (Joe)
• 5d3247d: Bump github.com/miekg/dns from 1.1.50 to 1.1.51 (dependabot[bot]) #1116
• 38206c0: Bump modernc.org/sqlite from 1.20.4 to 1.21.0 (dependabot[bot]) #1119
• 617a392: Bump google.golang.org/grpc (dependabot[bot]) #1117
• 524d584: Bump github.com/things-go/go-socks5 (dependabot[bot]) #1115
• 93a0c15: Update go-clr, merge master (rkervella) #1122
• e3a2ff8: Only try to read keytab if it was supplied as an argument (rkervella) #1128
• 12e6f9a: fix defunct processes on nix (Chris Shields) #1130

Commits

• 81d8b39: Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (dependabot[bot]) #1061
• 19c6e79: Bump gorm.io/gorm from 1.24.2 to 1.24.3 (dependabot[bot]) #1062
• 72fcd30: Fix build constraints for linux/mips (moloch--) #1066
• 1a8487e: Fix build constraints for linux/mips (moloch--) #1066
• cfa16f7: More specific cross-platform constraints (moloch--) #1066
• d935a03: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
• 72c1de8: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
• 422d491: Bump gorm.io/driver/mysql from 1.4.4 to 1.4.5 (dependabot[bot]) #1070
• 571a601: Bump github.com/jedib0t/go-pretty/v6 from 6.4.3 to 6.4.4 (dependabot[bot]) #1071
• 973b5bb: Fix GetCookies API call (moloch--) #1073
• e905032: Update vendor/ (moloch--) #1073
• 92df0e4: Style fixes (moloch--) #1073
• 7eb77b0: Go v1.19.5 (moloch--) #1076
• 1469482: Ensure HOME is set, remove large literal ENV (moloch--) #1076
• fa94d98: Update go mod/vendor (moloch--) #1076
• 25f7ac0: Bump github.com/fatih/color from 1.13.0 to 1.14.0 (dependabot[bot]) #1077
• 9f73e63: Added Defender for Endpoint processes (Alexander Georgiev) #1078
• 6b3d95a: Bump commonmarker from 0.23.6 to 0.23.7 in /docs (dependabot[bot]) #1080
• 6efd539: Bump github.com/fatih/color from 1.14.0 to 1.14.1 (dependabot[bot]) #1084
• cc7d5f8: Bump activesupport from 6.0.4.6 to 6.0.6.1 in /docs (dependabot[bot]) #1087
• f21669b: Bump github.com/gofrs/uuid from 4.3.1+incompatible to 4.4.0+incompatible (dependabot[bot]) #1085
• 1a2388a: fix goroutine leak (raymonder jin) #1089
• e47516c: Add printing of two messages (Matthijs Gielen) #1090
• e6a9744: Go v1.20 (moloch--) #1091
• 204519b: Update garble and pb versions (moloch--) #1091
• 4e43f2d: Fix protoc version (moloch--) #1092
• e914850: Bump gorm.io/gorm from 1.24.3 to 1.24.5 (dependabot[bot]) #1093
• d2a6fa8: Go v1.20 (moloch--)

Commits

• 4a996b5: Fix issue #1055 and #1054 (moloch--) #1057