Merge pull request #1652 from BishopFox/zig

Embedded Zig Cross-Compiler

.github/workflows/unit-tests.yml

@@ -31,8 +31,7 @@ jobs:
       - name: OS Packages
         run: |
           sudo apt-get update --fix-missing && sudo apt-get -y install \
-          git build-essential zlib1g zlib1g-dev wget zip unzip \
-          mingw-w64 binutils-mingw-w64 g++-mingw-w64 gcc-multilib
+          git build-essential zlib1g zlib1g-dev wget zip unzip
 
       - name: Check Out Code
         uses: actions/checkout@v4
@@ -75,9 +74,6 @@ jobs:
         run: make macos-amd64
 
       - name: Test MacOS (amd64)
-        env:
-          SLIVER_CC_32: /usr/local/bin/i686-w64-mingw32-gcc
-          SLIVER_CC_64: /usr/local/bin/x86_64-w64-mingw32-gcc
         run: ./sliver-server unpack --force && ./go-tests.sh
 
       - name: Make MacOS (arm64)

Dockerfile

@@ -34,7 +34,7 @@ FROM --platform=linux/amd64 base as test
 RUN apt-get update --fix-missing \
     && apt-get -y upgrade \
     && apt-get -y install \
-    curl gcc-multilib build-essential mingw-w64 binutils-mingw-w64 g++-mingw-w64 
+    curl
 
 RUN /opt/sliver-server unpack --force 
 
@@ -56,8 +56,7 @@ RUN apt-get update --fix-missing \
     postgresql-contrib postgresql-client libpq-dev \
     curl libapr1 libaprutil1 libsvn1 \
     libpcap-dev libsqlite3-dev libgmp3-dev \
-    mingw-w64 binutils-mingw-w64 g++-mingw-w64 \
-    nasm gcc-multilib
+    nasm
 
 ### Install MSF for stager generation
 RUN curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall \

client/command/generate/commands.go

@@ -4,7 +4,6 @@ import (
 	"github.com/bishopfox/sliver/client/command/flags"
 	"github.com/bishopfox/sliver/client/command/help"
 	"github.com/bishopfox/sliver/client/console"
-	"github.com/bishopfox/sliver/client/constants"
 	consts "github.com/bishopfox/sliver/client/constants"
 	"github.com/rsteube/carapace"
 	"github.com/spf13/cobra"
@@ -332,7 +331,7 @@ func coreImplantFlags(name string, cmd *cobra.Command) {
 		f.Int64P("reconnect", "j", DefaultReconnect, "attempt to reconnect every n second(s)")
 		f.Int64P("poll-timeout", "P", DefaultPollTimeout, "long poll request timeout")
 		f.Uint32P("max-errors", "k", DefaultMaxErrors, "max number of connection errors")
-		f.StringP("c2profile", "C", constants.DefaultC2Profile, "HTTP C2 profile to use")
+		f.StringP("c2profile", "C", consts.DefaultC2Profile, "HTTP C2 profile to use")
 
 		// Limits
 		f.StringP("limit-datetime", "w", "", "limit execution to before datetime")

client/command/generate/generate-beacon.go

@@ -22,7 +22,7 @@ func GenerateBeaconCmd(cmd *cobra.Command, con *console.SliverClient, args []str
 		return
 	}
 	config.IsBeacon = true
-	err := parseBeaconFlags(cmd, con, config)
+	err := parseBeaconFlags(cmd, config)
 	if err != nil {
 		con.PrintErrorf("%s\n", err)
 		return
@@ -38,7 +38,7 @@ func GenerateBeaconCmd(cmd *cobra.Command, con *console.SliverClient, args []str
 	}
 }
 
-func parseBeaconFlags(cmd *cobra.Command, con *console.SliverClient, config *clientpb.ImplantConfig) error {
+func parseBeaconFlags(cmd *cobra.Command, config *clientpb.ImplantConfig) error {
 	days, _ := cmd.Flags().GetInt64("days")
 	hours, _ := cmd.Flags().GetInt64("hours")
 	minutes, _ := cmd.Flags().GetInt64("minutes")

client/command/generate/generate.go

@@ -1009,24 +1009,12 @@ func checkBuildTargetCompatibility(format clientpb.OutputFormat, targetOS string
 		return true
 	}
 
-	if runtime.GOOS != "windows" && targetOS == "windows" {
-		if !hasCC(targetOS, targetArch, compilers.CrossCompilers) {
-			return warnMissingCrossCompiler(format, targetOS, targetArch, con)
-		}
-	}
-
 	if runtime.GOOS != "darwin" && targetOS == "darwin" {
 		if !hasCC(targetOS, targetArch, compilers.CrossCompilers) {
 			return warnMissingCrossCompiler(format, targetOS, targetArch, con)
 		}
 	}
 
-	if runtime.GOOS != "linux" && targetOS == "linux" {
-		if !hasCC(targetOS, targetArch, compilers.CrossCompilers) {
-			return warnMissingCrossCompiler(format, targetOS, targetArch, con)
-		}
-	}
-
 	return true
 }
 
@@ -1042,12 +1030,8 @@ func hasCC(targetOS string, targetArch string, crossCompilers []*clientpb.CrossC
 func warnMissingCrossCompiler(format clientpb.OutputFormat, targetOS string, targetArch string, con *console.SliverClient) bool {
 	con.PrintWarnf("Missing cross-compiler for %s on %s/%s\n", nameOfOutputFormat(format), targetOS, targetArch)
 	switch targetOS {
-	case "windows":
-		con.PrintWarnf("The server cannot find an installation of mingw")
 	case "darwin":
 		con.PrintWarnf("The server cannot find an installation of osxcross")
-	case "linux":
-		con.PrintWarnf("The server cannot find an installation of musl-cross")
 	}
 	con.PrintWarnf("For more information please read %s\n", crossCompilerInfoURL)
 
@@ -1083,7 +1067,7 @@ func findExternalBuilders(config *clientpb.ImplantConfig, con *console.SliverCli
 	return validBuilders, nil
 }
 
-func selectExternalBuilder(builders []*clientpb.Builder, con *console.SliverClient) (*clientpb.Builder, error) {
+func selectExternalBuilder(builders []*clientpb.Builder, _ *console.SliverClient) (*clientpb.Builder, error) {
 	choices := []string{}
 	for _, builder := range builders {
 		choices = append(choices, builder.Name)

client/command/generate/implants-stage.go

@@ -1,5 +1,23 @@
 package generate
 
+/*
+	Sliver Implant Framework
+	Copyright (C) 2019  Bishop Fox
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License
+	along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
 import (
 	"context"
 
@@ -20,7 +38,7 @@ func ImplantsStageCmd(cmd *cobra.Command, con *console.SliverClient, args []stri
 	}
 
 	options := []string{}
-	for name, _ := range builds.Configs {
+	for name := range builds.Configs {
 		options = append(options, name)
 	}
 

client/command/generate/profiles-generate.go

@@ -20,8 +20,6 @@ package generate
 
 import (
 	"os"
-	"path/filepath"
-	"strings"
 
 	"github.com/bishopfox/sliver/client/console"
 	"github.com/spf13/cobra"
@@ -56,7 +54,3 @@ func ProfilesGenerateCmd(cmd *cobra.Command, con *console.SliverClient, args []s
 		con.PrintErrorf("No profile with name '%s'", name)
 	}
 }
-
-func buildImplantName(name string) string {
-	return strings.TrimSuffix(name, filepath.Ext(name))
-}

client/command/generate/profiles-new.go

@@ -64,7 +64,7 @@ func ProfilesNewBeaconCmd(cmd *cobra.Command, con *console.SliverClient, args []
 		return
 	}
 	config.IsBeacon = true
-	err := parseBeaconFlags(cmd, con, config)
+	err := parseBeaconFlags(cmd, config)
 	if err != nil {
 		con.PrintErrorf("%s\n", err)
 		return

client/console/console.go

@@ -958,5 +958,53 @@ var asciiLogos = []string{
 | :\/: || (__) || :\/: || ()() || :\/: || ()() |
 | '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|
 ` + "`------'`------'`------'`------'`------'`------'" + `
+` + Normal,
+
+	Purple + `
+     ****@@                                                                      @@****         
+    @@@@@@***@                                                                @***@@@@@@        
+    @%%@@@%%#***@                                                          @***#%%@@@%%@        
+    %%%%%##%%%%****@                                                    @****%%%%##%%%%%        
+    %%%%#####%%%%#*###@                                              @#####%%%%#####%%%%        
+    @%%%*@#####%%%%@####@                                          @####@%%%%#####@#%%%@        
+     %%%+@**#####%%%%#####@                                      @#####%%%%#####**@+%%%@        
+     #%%=+*+**###%#%%%######                                    ######%%%%%###**+*+=%%%         
+     %#%===++@*####%@@@@######                                ######@@@@%####*@++===%%%         
+     @#@--===+**%%%@@@@@@#####%%                            %%#####@@@@@@%%#**+===--@#@         
+      #@----%=+*%%%%@@@%%%####%%%@  @                  @  @%%%####%%%@@@%%%%*+=%----@#          
+      #%----=#++*%%%%@%%%%%@%%%%%%%%%@                @%%%%%%%%%@%%%%%@%%%%*++#=----%#          
+      %+----===+**@%%@#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%@%%@**+===----+%          
+      @=----==++***@%@#%%%%%%%@%%%%@%%%%%%%%%%%%%%%%%%%%@%%%%@%%%%%%%#@%@***++==-----@          
+       -----==+#%**##@@%%%@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%@%%%@@##**%#+==-----           
+       %----==+**%%%%@@@#@%%%%%%%%%%@%%%%%%%%%%%%%%%%%%@%%%%%%%%%%@#@@@%%%%*++==----%           
+        =--#+=+**#@%%####%####%%%%@@@@@%%%%%%##%%%%%%@@@@@@%%%####%####%%@#**+=+#--=            
+         +-==+*%%%%########%#######%@@@@@@%%%%%#%%@@@@@@%#######%########%%%%*+==-=             
+     -----==++**#%######################%@@@%%%%@@@%######################%#**++==-----         
+      =--===+**######@##############%%%%%%%%%%%%%%%%%%%%##############@######**+===--=          
+       %-==+%@@@#######%%%%%%%%%@@%%%%%%%%%%%%%%%%%%%%%%%%@@%%%%%%%%%#######@@@%+==-%           
+        @=@@@@@@@@#%%%%%%%%%%%%%%@@%%%%%%%%%%%%%%%%%%%%%%@@@%%%%%%%%%%%%%#@@@@@@@@=@            
+        @@@@@@@@@@@@@%%%%%%%%%%%%@@@@%%%%%%%%**%%%%%%%%@@@@%%%%%%%%%%%%@@@@@@@@@@@@@            
+      @@@@@@@@@@@@@@@@@%%#%@@%%%%@@@@@%%%%%@#**#@%%%%%@@@@@%%%%@@%#%%@@@@@@@@@@@@@@@@@          
+     @@@@@@@@@@@@@@@@@@@@%#####%#%%%%%%%@%###**###%@%%%%%%%#######%@@@@@@@@@@@@@@@@@@@@         
+    @@@@@@@@@@@@@@@@@@@@@@@*##%%%%%%%%%%%%%##**##%%%%%%%%%%%%###*@@@@@@@@@@@@@@@@@@@@@@@        
+  @%%%%%@@@@@@@@@@@@@@@@@@@   %%%%%%%%%%%%%##**##%%%%%%%%%%%%%   @@@@@@@@@@@@@@@@@@@%%%%%@      
+ @%%%%%%%%%%%%%%@@@@@@@@@@@@  . %%%%%@%%%%%##**##%%%%%@%%%%%    @@@@@@@@@@@@%%%%%%%%%%%%%%@     
+%%%%%%%@+.    % :@%%%%%%%%@@@@@@@@@%@%%@@@@##**##@@@@%%@%@@@@@@@@@%%%%%%%%@: %   ..+@%%%%%%%    
+%#.      .       :    .-@%%%%%@@@@@@@@@@@@@@##**##@@@@@@@@@@@@@@%%%%%@-.    :              .*%   
+ @%%@*             #..:--=++*@%@@@@@@@@@@@@##**##@@@@@@@@@@@@@@*++==-:. #             *@%%@     
+%%%%%%@..*.:+%   ..::+-==++++@-=@@@@@@@@@@@%####%@@@@@@@@@@@=-@++++==-+::..   #+:.*..@%%%%%%    
+@###%.......::%-==++**#@++#*:  .:-+@@@@@@@@@@%####%@@@@@@@@@@+-:.  .*#++@#**++==-%::.......%###@  
+#%..........:::-==%+*******@* .  .:-+@@@@@@@@@@####@@@@@@@@@@+-:     #@*******+%=--:::..........%# 
+@@@+:...::::--=++**@***##*==+    :-+@@@.@@@@%%##%%@@@@.@@@+-:    ++=*##***@**++=--::::...:+@@@   
+  @%%%***###%@#****##@##++++++. .:=*@+ @@@@%%##%%@@@@ =@*=:. .+++++=##@##****#@%###***%%%@      
+@@=====+++++***#####%%%%@++++**#.:=*@  .@@%%####%%@@.  @*=:.#***+++@%%%%#####***+++++=====@@    
+        @@@#+++++***##%%%%%***##%%*#    @@*------*@@    #*%%##***%%%%%##***+++++#@@@            
+                      @@@@%%%@%%%%%.    **--------**    .%%%%%%%%%@@@@                          
+                               @%%%%   %@@@@@@@@@@@@@   %%%%@                                   
+                                  @@  @::@@@@@@@@@@::@  @@                                      
+                                     -::::::@@@@:::::::                                         
+                                    *-----========-----+                                        
+                                     @###%%%@@@@%%%###@                                         
+                                          @%%%%%%@                                              
 ` + Normal,
 }

go-assets.sh

@@ -22,6 +22,7 @@ set -e
 
 GO_VER="1.22.2"
 GARBLE_VER="1.22.2"
+ZIG_VER="0.12.0"
 SGN_VER="0.0.3"
 
 BLOAT_FILES="AUTHORS CONTRIBUTORS PATENTS VERSION favicon.ico robots.txt SECURITY.md CONTRIBUTING.md LICENSE README.md ./doc ./test ./api ./misc"
@@ -149,9 +150,24 @@ rm -rf ./go
 rm -f windows-go.zip go$GO_VER.windows-amd64.zip
 
 echo "-----------------------------------------------------------------"
-echo " Garble"
+echo " Zig"
 echo "-----------------------------------------------------------------"
+echo "curl -L --fail --output $OUTPUT_DIR/darwin/amd64/zig https://ziglang.org/download/$ZIG_VER/zig-macos-x86_64-$ZIG_VER.tar.xz"
+curl -L --fail --output $OUTPUT_DIR/darwin/amd64/zig.tar.xz https://ziglang.org/download/$ZIG_VER/zig-macos-x86_64-$ZIG_VER.tar.xz                                                
+echo "curl -L --fail --output $OUTPUT_DIR/darwin/arm64/zig https://ziglang.org/download/$ZIG_VER/zig-macos-aarch64-$ZIG_VER.tar.xz"
+curl -L --fail --output $OUTPUT_DIR/darwin/arm64/zig.tar.xz https://ziglang.org/download/$ZIG_VER/zig-macos-aarch64-$ZIG_VER.tar.xz
+echo "curl -L --fail --output $OUTPUT_DIR/linux/amd64/zig https://ziglang.org/download/$ZIG_VER/zig-linux-x86_64-$ZIG_VER.tar.xz"
+curl -L --fail --output $OUTPUT_DIR/linux/amd64/zig.tar.xz https://ziglang.org/download/$ZIG_VER/zig-linux-x86_64-$ZIG_VER.tar.xz
+echo "curl -L --fail --output $OUTPUT_DIR/linux/arm64/zig https://ziglang.org/download/$ZIG_VER/zig-linux-aarch64-$ZIG_VER.tar.xz"
+curl -L --fail --output $OUTPUT_DIR/linux/arm64/zig.tar.xz https://ziglang.org/download/$ZIG_VER/zig-linux-aarch64-$ZIG_VER.tar.xz
+# Of course Windows has to be different, because it's awful (zip file instead of a tarball)
+echo "curl -L --fail --output $OUTPUT_DIR/windows/amd64/zig.zip https://ziglang.org/download/$ZIG_VER/zig-windows-x86_64-$ZIG_VER.zip"
+curl -L --fail --output $OUTPUT_DIR/windows/amd64/zig.zip https://ziglang.org/download/$ZIG_VER/zig-windows-x86_64-$ZIG_VER.zip
+
 
+echo "-----------------------------------------------------------------"
+echo " Garble"
+echo "-----------------------------------------------------------------"
 echo "curl -L --fail --output $OUTPUT_DIR/linux/amd64/garble https://github.com/moloch--/garble/releases/download/v$GARBLE_VER/garble_linux"
 curl -L --fail --output $OUTPUT_DIR/linux/amd64/garble https://github.com/moloch--/garble/releases/download/v$GARBLE_VER/garble_linux
 echo "curl -L --fail --output $OUTPUT_DIR/linux/arm64/garble https://github.com/moloch--/garble/releases/download/v$GARBLE_VER/garble_linux-arm64"
@@ -167,28 +183,23 @@ curl -L --fail --output $OUTPUT_DIR/darwin/arm64/garble https://github.com/moloc
 echo "-----------------------------------------------------------------"
 echo " Shikata ga nai (ノ ゜Д゜)ノ ︵ 仕方がない"
 echo "-----------------------------------------------------------------"
-
 # Linux (amd64)
 echo "curl -L --fail --output $OUTPUT_DIR/linux/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_linux-amd64.zip"
 curl -L --fail --output $OUTPUT_DIR/linux/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_linux-amd64.zip
-
 # Linux (arm64)
 echo "curl -L --fail --output $OUTPUT_DIR/linux/arm64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_linux-arm64.zip"
 curl -L --fail --output $OUTPUT_DIR/linux/arm64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_linux-arm64.zip
-
 # Windows (amd64)
 echo "curl -L --fail --output $OUTPUT_DIR/windows/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_windows-amd64.zip"
 curl -L --fail --output $OUTPUT_DIR/windows/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_windows-amd64.zip
-
 # MacOS (amd64)
 echo "curl -L --fail --output $OUTPUT_DIR/darwin/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_macos-amd64.zip"
 curl -L --fail --output $OUTPUT_DIR/darwin/amd64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_macos-amd64.zip
-
 # MacOS (arm64)
 echo "curl -L --fail --output $OUTPUT_DIR/darwin/arm64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_macos-arm64.zip"
 curl -L --fail --output $OUTPUT_DIR/darwin/arm64/sgn.zip https://github.com/moloch--/sgn/releases/download/v$SGN_VER/sgn_macos-arm64.zip
 
-# end
+# --- Cleanup ---
 echo -e "clean up: $WORK_DIR"
 rm -rf $WORK_DIR
 echo -e "\n[*] All done\n"

go.mod

@@ -44,6 +44,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/tetratelabs/wazero v1.3.1
 	github.com/things-go/go-socks5 v0.0.3
+	github.com/ulikunitz/xz v0.5.11
 	github.com/xlab/treeprint v1.2.0
 	github.com/yiya1989/sshkrb5 v0.0.1
 	golang.org/x/crypto v0.21.0

go.sum

@@ -415,6 +415,8 @@ github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
+github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=

implant/sliver/limits/limits_windows.go

@@ -1,4 +1,4 @@
-//go:build 386 || amd64 || arm
+//go:build 386 || amd64 || arm64
 
 package limits