Merge branch 'master' into v1.6.0/certificate-management

docs/sliver-docs/pages/docs/md/Getting Started.md

@@ -10,7 +10,7 @@ For a Linux server, you can also use the one liner installation `curl https://sl
 {"src": "/asciinema/install-1.cast", "cols": "132"}
 ```
 
-If you install Sliver via the one liner, you can check that the server service is running using `systemctl status sliver`. Note that the Sliver service is not configured to start automatically on boot by default (i.e., if you reboot the server you'll need to start the service again using `systemctrl start sliver`):
+If you install Sliver via the one liner, you can check that the server service is running using `systemctl status sliver`. Note that the Sliver service is not configured to start automatically on boot by default (i.e., if you reboot the server you'll need to start the service again using `systemctl start sliver`):
 
 ```asciinema
 {"src": "/asciinema/service-status-1.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8}

docs/sliver-docs/public/install

@@ -22,8 +22,8 @@ elif command -v yum &> /dev/null; then # Redhat-based OS (Fedora, CentOS, RHEL)
 	INSTALLER=(yum -y)
 elif command -v pacman &>/dev/null; then # Arch-based (Manjaro, Garuda, Blackarch)
 	echo "Installing dependencies using pacman..."
-	pacman -S mingw-w64-gcc mingw-w64-binutils mingw-w64-headers
-    INSTALLER=(pacman -S)
+	pacman --noconfirm -S mingw-w64-gcc mingw-w64-binutils mingw-w64-headers
+    INSTALLER=(pacman --noconfirm -S)
 else
     echo "Unsupported OS, exiting"
     exit

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/Binject/universal v0.0.0-20220519011857-bea739e758c0
 	github.com/Ne0nd0g/go-clr v1.0.3
 	github.com/alecthomas/chroma v0.10.0
-	github.com/cheggaaa/pb/v3 v3.1.2
+	github.com/cheggaaa/pb/v3 v3.1.5
 	github.com/chromedp/cdproto v0.0.0-20240426225625-909263490071
 	github.com/chromedp/chromedp v0.9.5
 	github.com/fatih/color v1.16.0
@@ -49,7 +49,7 @@ require (
 	github.com/yiya1989/sshkrb5 v0.0.1
 	golang.org/x/crypto v0.23.0
 	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
-	golang.org/x/net v0.24.0
+	golang.org/x/net v0.25.0
 	golang.org/x/sys v0.20.0
 	golang.org/x/term v0.20.0
 	golang.org/x/text v0.15.0

go.sum

@@ -86,8 +86,8 @@ github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZx
 github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
 github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cheggaaa/pb/v3 v3.1.2 h1:FIxT3ZjOj9XJl0U4o2XbEhjFfZl7jCVCDOGq1ZAB7wQ=
-github.com/cheggaaa/pb/v3 v3.1.2/go.mod h1:SNjnd0yKcW+kw0brSusraeDd5Bf1zBfxAzTL2ss3yQ4=
+github.com/cheggaaa/pb/v3 v3.1.5 h1:QuuUzeM2WsAqG2gMqtzaWithDJv0i+i6UlnwSCI4QLk=
+github.com/cheggaaa/pb/v3 v3.1.5/go.mod h1:CrxkeghYTXi1lQBEI7jSn+3svI3cuc19haAj6jM60XI=
 github.com/chromedp/cdproto v0.0.0-20240202021202-6d0b6a386732/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
 github.com/chromedp/cdproto v0.0.0-20240426225625-909263490071 h1:RdCf9hH3xq5vJifrjGB7zQlFkdRB3pAppcX2helDq2U=
 github.com/chromedp/cdproto v0.0.0-20240426225625-909263490071/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
@@ -454,8 +454,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
 golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=

server/db/helpers.go

@@ -27,6 +27,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -258,7 +259,7 @@ func ImplantProfileByName(name string) (*clientpb.ImplantProfile, error) {
 		return nil, err
 	}
 	err = Session().Where(models.ImplantConfig{
-		ImplantProfileID: profile.ID,
+		ImplantProfileID: &profile.ID,
 	}).First(&config).Error
 	if err != nil {
 		return nil, err
@@ -367,7 +368,7 @@ func LoadHTTPC2ConfigByName(name string) (*clientpb.HTTPC2Config, error) {
 	// load headers
 	c2ImplantHeaders := []models.HttpC2Header{}
 	err = Session().Where(&models.HttpC2Header{
-		HttpC2ImplantConfigID: c2ImplantConfig.ID,
+		HttpC2ImplantConfigID: &c2ImplantConfig.ID,
 	}).Find(&c2ImplantHeaders).Error
 	if err != nil {
 		return nil, err
@@ -397,7 +398,7 @@ func LoadHTTPC2ConfigByName(name string) (*clientpb.HTTPC2Config, error) {
 	// load headers
 	c2ServerHeaders := []models.HttpC2Header{}
 	err = Session().Where(&models.HttpC2Header{
-		HttpC2ServerConfigID: c2ServerConfig.ID,
+		HttpC2ServerConfigID: &c2ServerConfig.ID,
 	}).Find(&c2ServerHeaders).Error
 	if err != nil {
 		return nil, err
@@ -471,7 +472,7 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2
 	}
 
 	err = Session().Where(&models.HttpC2Header{
-		HttpC2ServerConfigID: serverID,
+		HttpC2ServerConfigID: &serverID,
 	}).Delete(&models.HttpC2Header{})
 	if err.Error != nil {
 		return err.Error
@@ -495,7 +496,7 @@ func HTTPC2ConfigUpdate(newConf *clientpb.HTTPC2Config, oldConf *clientpb.HTTPC2
 	}
 
 	for _, header := range c2Config.ServerConfig.Headers {
-		header.HttpC2ServerConfigID = serverID
+		header.HttpC2ServerConfigID = &serverID
 		err = Session().Clauses(clause.OnConflict{
 			UpdateAll: true,
 		}).Create(&header)
@@ -591,6 +592,35 @@ func ListenerJobs() ([]*clientpb.ListenerJob, error) {
 }
 
 func DeleteListener(JobID uint32) error {
+	// Determine which type of listener this is and delete its record from the corresponding table
+	var deleteErr error
+	// JobID is unique so if the JobID exists, it is the only record in the table with that JobID
+	listener := &models.ListenerJob{}
+	result := Session().Where(&models.ListenerJob{JobID: JobID}).First(&listener)
+	if result.Error != nil {
+		return result.Error
+	}
+	if listener == nil {
+		return fmt.Errorf("Job ID %d not found in database", JobID)
+	}
+	listenerID := listener.ID
+	switch listener.Type {
+	case constants.HttpStr, constants.HttpsStr:
+		deleteErr = Session().Where(&models.HTTPListener{ListenerJobID: listenerID}).Delete(&models.HTTPListener{}).Error
+	case constants.DnsStr:
+		deleteErr = Session().Where(&models.DNSListener{ListenerJobID: listenerID}).Delete(&models.DNSListener{}).Error
+	case constants.MtlsStr:
+		deleteErr = Session().Where(&models.MtlsListener{ListenerJobID: listenerID}).Delete(&models.MtlsListener{}).Error
+	case constants.WGStr:
+		deleteErr = Session().Where(&models.WGListener{ListenerJobID: listenerID}).Delete(&models.WGListener{}).Error
+	case constants.MultiplayerModeStr:
+		deleteErr = Session().Where(&models.MultiplayerListener{ListenerJobID: listenerID}).Delete(&models.MultiplayerListener{}).Error
+	}
+
+	if deleteErr != nil {
+		return deleteErr
+	}
+
 	return Session().Where(&models.ListenerJob{JobID: JobID}).Delete(&models.ListenerJob{}).Error
 }
 
@@ -641,6 +671,9 @@ func DeleteProfile(name string) error {
 
 	uuid, _ := uuid.FromString(profile.Config.ID)
 
+	// delete linked ImplantC2
+	err = Session().Where(&models.ImplantC2{ImplantConfigID: uuid}).Delete(&models.ImplantC2{}).Error
+
 	// delete linked ImplantConfig
 	err = Session().Where(&models.ImplantConfig{ID: uuid}).Delete(&models.ImplantConfig{}).Error
 

server/db/models/host.go

@@ -29,7 +29,7 @@ import (
 // Host - Represents a host machine
 type Host struct {
 	ID        uuid.UUID `gorm:"primaryKey;->;<-:create;type:uuid;"`
-	HostUUID  uuid.UUID `gorm:"type:uuid;"`
+	HostUUID  uuid.UUID `gorm:"type:uuid;unique"`
 	CreatedAt time.Time `gorm:"->;<-:create;"`
 
 	Hostname  string

server/db/models/http-c2.go

@@ -203,9 +203,9 @@ func (h *HttpC2Cookie) ToProtobuf() *clientpb.HTTPC2Cookie {
 
 // HttpC2Header - HTTP C2 Header (server and implant)
 type HttpC2Header struct {
-	ID                    uuid.UUID `gorm:"primaryKey;->;<-:create;type:uuid;"`
-	HttpC2ServerConfigID  uuid.UUID `gorm:"type:uuid;"`
-	HttpC2ImplantConfigID uuid.UUID `gorm:"type:uuid;"`
+	ID                    uuid.UUID  `gorm:"primaryKey;->;<-:create;type:uuid;"`
+	HttpC2ServerConfigID  *uuid.UUID `gorm:"type:uuid;"`
+	HttpC2ImplantConfigID *uuid.UUID `gorm:"type:uuid;"`
 
 	Method      string
 	Name        string

server/db/models/implant.go

@@ -144,7 +144,7 @@ func ImplantBuildFromProtobuf(ib *clientpb.ImplantBuild) *ImplantBuild {
 // ImplantConfig - An implant build configuration
 type ImplantConfig struct {
 	ID               uuid.UUID `gorm:"primaryKey;->;<-:create;type:uuid;"`
-	ImplantProfileID uuid.UUID
+	ImplantProfileID *uuid.UUID
 
 	ImplantBuilds []ImplantBuild
 	CreatedAt     time.Time `gorm:"->;<-:create;"`
@@ -237,9 +237,8 @@ func (ic *ImplantConfig) ToProtobuf() *clientpb.ImplantConfig {
 		implantBuilds = append(implantBuilds, implantBuild.ToProtobuf())
 	}
 	config := &clientpb.ImplantConfig{
-		ID:               ic.ID.String(),
-		ImplantBuilds:    implantBuilds,
-		ImplantProfileID: ic.ImplantProfileID.String(),
+		ID:            ic.ID.String(),
+		ImplantBuilds: implantBuilds,
 
 		IsBeacon:       ic.IsBeacon,
 		BeaconInterval: ic.BeaconInterval,
@@ -286,6 +285,11 @@ func (ic *ImplantConfig) ToProtobuf() *clientpb.ImplantConfig {
 		IncludeWG:       ic.IncludeWG,
 		IncludeTCP:      ic.IncludeTCP,
 	}
+
+	if ic.ImplantProfileID != nil {
+		config.ImplantProfileID = ic.ImplantProfileID.String()
+	}
+
 	// Copy Canary Domains
 	config.CanaryDomains = []string{}
 	for _, canaryDomain := range ic.CanaryDomains {
@@ -432,7 +436,11 @@ func ImplantConfigFromProtobuf(pbConfig *clientpb.ImplantConfig) *ImplantConfig
 	cfg.ID = id
 	cfg.ImplantBuilds = implantBuilds
 	profileID, _ := uuid.FromString(pbConfig.ImplantProfileID)
-	cfg.ImplantProfileID = profileID
+	if profileID == uuid.Nil {
+		cfg.ImplantProfileID = nil
+	} else {
+		cfg.ImplantProfileID = &profileID
+	}
 
 	cfg.IsBeacon = pbConfig.IsBeacon
 	cfg.BeaconInterval = pbConfig.BeaconInterval

server/db/sql.go

@@ -50,7 +50,14 @@ func newDBClient() *gorm.DB {
 		panic(fmt.Sprintf("Unknown DB Dialect: '%s'", dbConfig.Dialect))
 	}
 
-	err := dbClient.AutoMigrate(
+	// We cannot pass all of these into AutoMigrate at once because if one fails, subsequent models will not be created
+	var allDBModels []interface{} = append(make([]interface{}, 0),
+		&models.HttpC2Header{},
+		&models.HttpC2ServerConfig{},
+		&models.HttpC2ImplantConfig{},
+		&models.HttpC2Config{},
+		&models.HttpC2URLParameter{},
+		&models.HttpC2PathSegment{},
 		&models.Beacon{},
 		&models.BeaconTask{},
 		&models.DNSCanary{},
@@ -62,30 +69,25 @@ func newDBClient() *gorm.DB {
 		&models.CrackFileChunk{},
 		&models.Certificate{},
 		&models.Host{},
-		&models.HttpC2Config{},
-		&models.HttpC2ImplantConfig{},
-		&models.HttpC2ServerConfig{},
-		&models.HttpC2Header{},
-		&models.HttpC2PathSegment{},
+		&models.KeyValue{},
+		&models.WGKeys{},
+		&models.WGPeer{},
+		&models.ResourceID{},
 		&models.HttpC2Cookie{},
-		&models.HttpC2URLParameter{},
 		&models.IOC{},
 		&models.ExtensionData{},
-		&models.ImplantBuild{},
 		&models.ImplantProfile{},
 		&models.ImplantConfig{},
+		&models.ImplantBuild{},
 		&models.ImplantC2{},
 		&models.EncoderAsset{},
 		&models.KeyExHistory{},
-		&models.KeyValue{},
 		&models.CanaryDomain{},
 		&models.Loot{},
 		&models.Credential{},
 		&models.Operator{},
 		&models.Website{},
 		&models.WebContent{},
-		&models.WGKeys{},
-		&models.WGPeer{},
 		&models.ListenerJob{},
 		&models.HTTPListener{},
 		&models.DNSListener{},
@@ -94,10 +96,15 @@ func newDBClient() *gorm.DB {
 		&models.MtlsListener{},
 		&models.DnsDomain{},
 		&models.MonitoringProvider{},
-		&models.ResourceID{},
 	)
-	if err != nil {
-		clientLog.Error(err)
+
+	var err error
+
+	for _, model := range allDBModels {
+		err = dbClient.AutoMigrate(model)
+		if err != nil {
+			clientLog.Error(err)
+		}
 	}
 
 	// Get generic database object sql.DB to use its functions

server/generate/implants.go

@@ -77,7 +77,11 @@ func ImplantConfigSave(config *clientpb.ImplantConfig) (*clientpb.ImplantConfig,
 
 	} else {
 		id, _ := uuid.FromString(dbConfig.ImplantProfileID)
-		modelConfig.ImplantProfileID = id
+		if id == uuid.Nil {
+			modelConfig.ImplantProfileID = nil
+		} else {
+			modelConfig.ImplantProfileID = &id
+		}
 
 		// this avoids gorm saving duplicate c2 objects ...
 		tempC2 := modelConfig.C2

server/generate/profiles.go

@@ -54,7 +54,11 @@ func SaveImplantProfile(pbProfile *clientpb.ImplantProfile) (*clientpb.ImplantPr
 		profile.ImplantConfig.ID = configID
 
 		profileID, _ := uuid.FromString(dbProfile.ID)
-		profile.ImplantConfig.ImplantProfileID = profileID
+		if profileID == uuid.Nil {
+			profile.ImplantConfig.ImplantProfileID = nil
+		} else {
+			profile.ImplantConfig.ImplantProfileID = &profileID
+		}
 
 		for _, c2 := range dbProfile.Config.C2 {
 			id, _ := uuid.FromString(c2.ID)