v1.5.40

⚠️ Backwards incompatible changes ⚠️

This release fixes a vulnerability (CVE-2023-34758) in the Sliver Key Encapsulation Mechanism (KEM), where improper use of Nacl Box (libsodium) could allow a MitM attacker with a copy of the implant binary to recover the session key and arbitrarily encrypt/decrypt C2 messages. Note that the Sliver KEM is only used over insecure protocols such as HTTP and DNS, and does not affect mTLS or Wireguard.

The issue was addressed by switching to a combination age for the KEM and HMAC-SHA2-256 to verify the implant.

More details: GHSA-8jxm-xp43-qh3q

Special thanks to Ting-Wei Hsieh from CHT Security Co. Ltd. for reporting the vulnerability.

v1.5.39

Commits

• ad53f90: Bump github.com/miekg/dns from 1.1.53 to 1.1.54 (dependabot[bot]) #1217
• 5b22e6d: Bump modernc.org/sqlite from 1.22.0 to 1.22.1 (dependabot[bot]) #1218
• d921c3c: Add ESET Internet Security to kwnown security processes (smeukinou) #1220
• 2f9c84c: FIX implant generation with locale limit not compiling when not in debug mode (smeukinou) #1221
• b5e611d: FIX windows screenshot when multiple monitors are used, and they are not exactly side-by-side (smeukinou) #1222
• a468ec8: Allow migrate to use process names (rkervella) #1223
• 64c40ba: Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (dependabot[bot]) #1226
• 27c6e8e: Bump golang.org/x/term from 0.7.0 to 0.8.0 (dependabot[bot]) #1227
• d547708: Go v1.20.4 (moloch--) #1229
• 4690430: update installer to symlink sliver/sliver-client (moloch--)
• 38a740a: Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (dependabot[bot]) #1232
• 52daa1a: Adding support for specifying DNS resolvers through advanced options (Raf) #1235

v1.5.38

Commits

• 57ddb1a: Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (dependabot[bot]) #1199
• 8c06b83: Bump gorm.io/gorm from 1.24.7-0.20230306060331-85eaf9eeda11 to 1.25.0 (dependabot[bot]) #1200
• ef1c034: Bump gorm.io/driver/sqlite from 1.4.4 to 1.5.0 (dependabot[bot]) #1201
• 7479e86: Bump gorm.io/driver/mysql from 1.4.7 to 1.5.0 (dependabot[bot]) #1202
• 77ab598: pull latest beacon or session configuration on info command even if a beacon or session is currently selected to avoid displaying outdated values after a reconfiguration (Tim Makram Ghatas) #1207
• 9e12db9: Bump modernc.org/sqlite from 1.21.1 to 1.22.0 (dependabot[bot]) #1212
• 3599af1: Fixed nil pointer (b0yd) #1213
• fce0221: Add Rapid 7 (cmprmsd) #1214
• 7522a0b: Apply XOR to protobuf raw data (rkervella) #1215
• 7c33022: Apply XOR to dnspb and commonpb too (rkervella) #1215

v1.5.37

Commits

• 05a31d9: Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (dependabot[bot]) #1168
• 19b4b0b: Warn user about improper flag usage. (rkervella) #1169
• 8fd9487: Added chmod,chown,timestomp, and added uid:gid to ls (b0yd) #1170
• 03d93b9: Guess I'm supposed to check these in too :P (b0yd) #1170
• 0e5d055: Import ommisions (b0yd) #1170
• a45c996: Made pretty, with goto (b0yd) #1170
• d344e35: Fixed issues caused by adding goto (b0yd) #1170
• 963b3c3: Fixed import...again (b0yd) #1170
• feacb9e: Use implant filename instead of name (rkervella) #1172
• 2bfcaf1: Update handlers_linux.go (rwincey) #1170
• e6645c9: Added file path for debug so it doesn't always goto stdout (b0yd) #1175
• bd57568: Bump github.com/miekg/dns from 1.1.52 to 1.1.53 (dependabot[bot]) #1177
• 246519d: Bump modernc.org/sqlite from 1.21.0 to 1.21.1 (dependabot[bot]) #1178
• d2aaee9: fix implant configuration for external builders (MrAle98) #1180
• 04e8104: minor fix (MrAle98) #1180
• 85f51a8: Initial support for changing C2 when spawning an interactive session from a beacon. Does not support changing transports. (Raf) #1190
• 400c629: Adding support for killing a beacon using the short form of its ID (Raf) #1182
• 7fa1b5c: Bump golang.org/x/sys from 0.6.0 to 0.7.0 (dependabot[bot]) #1184
• 689645d: Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (dependabot[bot]) #1187
• 6c77808: Bump golang.org/x/text from 0.8.0 to 0.9.0 (dependabot[bot]) #1186
• 03183ae: Bump golang.org/x/net from 0.8.0 to 0.9.0 (dependabot[bot]) #1188
• 929e67e: Always show hostname when displaying the list of beacons (Raf) #1191
• f09efe9: Fixing #1192. Waiting to close the job channel until all teardown tasks are done (Raf) #1193
• 7033be8: Bump commonmarker from 0.23.8 to 0.23.9 in /docs (dependabot[bot]) #1194
• c2adb81: Bump nokogiri from 1.14.1 to 1.14.3 in /docs (dependabot[bot]) #1195

v1.5.36

Features

• add armory support for private Github apis #1162 (jpts)

Commits

• 94d8b9f: Bump github.com/jedib0t/go-pretty/v6 from 6.4.4 to 6.4.6 (dependabot[bot]) #1134
• 2f1f81c: Bump golang.org/x/term from 0.5.0 to 0.6.0 (dependabot[bot]) #1135
• 9585b43: Bump github.com/chromedp/chromedp from 0.8.7 to 0.8.8 (dependabot[bot]) #1132
• 9f811f8: Bump golang.org/x/net from 0.7.0 to 0.8.0 (dependabot[bot]) #1131
• 5ab52bc: unblock execute command if no output is requested (Dominic Breuker) #1136
• 3a8017e: Go v1.20.2 (moloch--) #1137
• e6d9740: Go v1.20.2 (moloch--)
• bde3cd6: Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (dependabot[bot]) #1141
• 115f47a: Bump github.com/miekg/dns from 1.1.51 to 1.1.52 (dependabot[bot]) #1142
• 564aeec: Bump gorm.io/gorm from 1.24.5 to 1.24.6 (dependabot[bot]) #1144
• 200a1a9: Bump github.com/fatih/color from 1.14.1 to 1.15.0 (dependabot[bot]) #1145
• 4068faf: Bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (dependabot[bot]) #1143
• a3ea33b: Bump github.com/chromedp/chromedp from 0.8.8 to 0.9.1 (dependabot[bot]) #1153
• dff24ae: Bump gorm.io/driver/postgres from 1.4.8 to 1.5.0 (dependabot[bot]) #1154
• 8291364: Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 (dependabot[bot]) #1155
• c6e65e6: Bump actions/setup-go from 3 to 4 (dependabot[bot]) #1156
• 9d7d1b7: Bump google.golang.org/protobuf from 1.28.1 to 1.30.0 (dependabot[bot]) #1152
• c506020: Bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (dependabot[bot]) #1157
• 918d729: Update DumpCookies method (rkervella) #1158
• f1613bb: avoid race condition in the extension callback on windows beacons (Dominic Breuker) #1159
• b0e0df1: ensure beacon registers extensions before it calls them (Dominic Breuker) #1164
• c6a29ea: ensure waitgroup in beaconmain can never become negative (Dominic Breuker) #1164
• 3297301: cleanup and variable rename (Dominic Breuker) #1164
• 3d7227e: execute regular tasks and extenions concurrently (Dominic Breuker) #1164
• 99c76c2: C2 http uri lowercased. Fixes #1126 (svl) #1166

v1.5.35

Commits

• b0b4751: Update go-assets.sh (Ronan Kervella) #1094
• cfaa892: Attempt to implement docs/notion (moloch--)
• a8a5368: Bump golang.org/x/net from 0.5.0 to 0.6.0 (dependabot[bot]) #1097
• bca8c13: Bump gorm.io/driver/mysql from 1.4.5 to 1.4.6 (dependabot[bot]) #1101
• 1ddeeb8: Fix missing flag in context for PsCmd (rkervella) #1103
• 988282c: Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (dependabot[bot]) #1107
• 94a4be6: Bump modernc.org/sqlite from 1.19.3 to 1.20.4 (dependabot[bot]) #1110
• 52e296f: Bump golang.org/x/net from 0.6.0 to 0.7.0 (dependabot[bot]) #1106
• 50103d7: Bump gorm.io/driver/postgres from 1.4.6 to 1.4.8 (dependabot[bot]) #1108
• 89f029f: Go v1.20.1 (moloch--) #1111
• bc9bba5: Bump gorm.io/driver/mysql from 1.4.6 to 1.4.7 (dependabot[bot]) #1109
• 5da01d9: Garble v1.20.2 (moloch--) #1111
• 03ba0ea: Return zero guid on hostuuid from mac error (moloch--) #1112
• ba69967: Update README.md (Joe)
• 5d3247d: Bump github.com/miekg/dns from 1.1.50 to 1.1.51 (dependabot[bot]) #1116
• 38206c0: Bump modernc.org/sqlite from 1.20.4 to 1.21.0 (dependabot[bot]) #1119
• 617a392: Bump google.golang.org/grpc (dependabot[bot]) #1117
• 524d584: Bump github.com/things-go/go-socks5 (dependabot[bot]) #1115
• 93a0c15: Update go-clr, merge master (rkervella) #1122
• e3a2ff8: Only try to read keytab if it was supplied as an argument (rkervella) #1128
• 12e6f9a: fix defunct processes on nix (Chris Shields) #1130

v1.5.34

Commits

• 81d8b39: Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (dependabot[bot]) #1061
• 19c6e79: Bump gorm.io/gorm from 1.24.2 to 1.24.3 (dependabot[bot]) #1062
• 72fcd30: Fix build constraints for linux/mips (moloch--) #1066
• 1a8487e: Fix build constraints for linux/mips (moloch--) #1066
• cfa16f7: More specific cross-platform constraints (moloch--) #1066
• d935a03: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
• 72c1de8: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
• 422d491: Bump gorm.io/driver/mysql from 1.4.4 to 1.4.5 (dependabot[bot]) #1070
• 571a601: Bump github.com/jedib0t/go-pretty/v6 from 6.4.3 to 6.4.4 (dependabot[bot]) #1071
• 973b5bb: Fix GetCookies API call (moloch--) #1073
• e905032: Update vendor/ (moloch--) #1073
• 92df0e4: Style fixes (moloch--) #1073
• 7eb77b0: Go v1.19.5 (moloch--) #1076
• 1469482: Ensure HOME is set, remove large literal ENV (moloch--) #1076
• fa94d98: Update go mod/vendor (moloch--) #1076
• 25f7ac0: Bump github.com/fatih/color from 1.13.0 to 1.14.0 (dependabot[bot]) #1077
• 9f73e63: Added Defender for Endpoint processes (Alexander Georgiev) #1078
• 6b3d95a: Bump commonmarker from 0.23.6 to 0.23.7 in /docs (dependabot[bot]) #1080
• 6efd539: Bump github.com/fatih/color from 1.14.0 to 1.14.1 (dependabot[bot]) #1084
• cc7d5f8: Bump activesupport from 6.0.4.6 to 6.0.6.1 in /docs (dependabot[bot]) #1087
• f21669b: Bump github.com/gofrs/uuid from 4.3.1+incompatible to 4.4.0+incompatible (dependabot[bot]) #1085
• 1a2388a: fix goroutine leak (raymonder jin) #1089
• e47516c: Add printing of two messages (Matthijs Gielen) #1090
• e6a9744: Go v1.20 (moloch--) #1091
• 204519b: Update garble and pb versions (moloch--) #1091
• 4e43f2d: Fix protoc version (moloch--) #1092
• e914850: Bump gorm.io/gorm from 1.24.3 to 1.24.5 (dependabot[bot]) #1093
• d2a6fa8: Go v1.20 (moloch--)

v1.5.33

Commits

• 4a996b5: Fix issue #1055 and #1054 (moloch--) #1057

v1.5.32

Commits

• d13e3fc: Fix terminate to support beacons (rkervella) #990
• dd91251: Add debug target (rkervella) #990
• cef27f6: Use IP instead of Sockaddr (rkervella) #990
• 5d8ee38: Allow user to skip reverse lookup (rkervella) #990
• ead6b48: Add default flag value for netstat (rkervella) #990
• a676cb3: Bump github.com/jedib0t/go-pretty/v6 from 6.4.0 to 6.4.2 (dependabot[bot]) #992
• 4052093: Bump github.com/gofrs/uuid from 4.3.0+incompatible to 4.3.1+incompatible (dependabot[bot]) #993
• 7e6abd2: Bump github.com/shirou/gopsutil/v3 from 3.22.9 to 3.22.10 (dependabot[bot]) #994
• 5e6148b: improved token management (MrAle98) #996
• 77148d0: Generate name when none has been assigned (rkervella) #998
• 6afdad6: Bump gorm.io/driver/mysql from 1.4.3 to 1.4.4 (dependabot[bot]) #1001
• de8c6cb: Bump github.com/Ne0nd0g/go-clr from 1.0.2 to 1.0.3 (dependabot[bot]) #1002
• 702c237: Fix #1003 (rkervella) #1004
• 51aa00e: Update SECURITY.md (Joe) #1008
• 419c58e: Switch to unsafe.Slice (rkervella) #1009
• 748407a: Update implant vendor (rkervella) #1015
• 2a0efd1: Refactor to remove ioutil dep (rkervella) #1018
• d778ada: Wrap filepath.Match into a custom package for windows specific code. (rkervella) #1018
• 82cb879: Apply new logic to the downloadHandler (rkervella) #1018
• 0ec79a8: gzip frequent object creation can lead to memory leaks (a3sroot) #1053
• 7b6ff79: Automatically run go-assets.sh from Makefile if it hasn't been run already (James Golovich) #1052
• 8d1dc47: Bump github.com/shirou/gopsutil/v3 from 3.22.10 to 3.22.11 (dependabot[bot]) #1020
• a37e8d6: Bump github.com/jedib0t/go-pretty/v6 from 6.4.2 to 6.4.3 (dependabot[bot]) #1021
• cdd941b: Bump golang.org/x/text from 0.4.0 to 0.5.0 (dependabot[bot]) #1022
• 2fefb63: Ensure Wireguard endpoint is valid before trying to use it (James Golovich) #1024
• 0cf021d: Bump nokogiri from 1.13.9 to 1.13.10 in /docs (dependabot[bot]) #1028
• ec2fc66: Bump golang.org/x/sys from 0.2.0 to 0.3.0 (dependabot[bot]) #1035
• 8d1ce4c: Only alert user when --in-process is not used. (rkervella) #1038
• 4845dfe: Bump github.com/pquerna/otp from 1.3.0 to 1.4.0 (dependabot[bot]) #1041
• 57a4cb6: Fix the bug of the corresponding relationship between dwLogonType and dwLogonProvider in MakeToken (s3cst4rs) #1043
• d1d2415: install script- use users' primary group name (Tom Samstag) #1046
• d15afa2: Bump gorm.io/driver/sqlite from 1.4.3 to 1.4.4 (dependabot[bot]) #1047
• ea045fb: Add flag to disable sgn when generating beacon shellcode (necroph0s) #1050
• f0de5eb: Bump gorm.io/driver/postgres from 1.4.5 to 1.4.6 (dependabot[bot]) #1048
• bf36195: Signed fix for pr #995 (moloch--) #1051
• b900af8: Bump golang.org/x/text from 0.4.0 to 0.5.0 (dependabot[bot]) #1052
• 19ccc10: Bump github.com/jedib0t/go-pretty/v6 from 6.4.2 to 6.4.3 (dependabot[bot]) #1052
• 35f1fdd: Bump github.com/shirou/gopsutil/v3 from 3.22.10 to 3.22.11 (dependabot[bot]) #1052
• 4df0e87: Bump nokogiri from 1.13.9 to 1.13.10 in /docs (dependabot[bot]) #1052
• 7bea0ee: Ensure Wireguard endpoint is valid before trying to use it (James Golovich) #1052
• 0bf19f5: Bump golang.org/x/sys from 0.2.0 to 0.3.0 (dependabot[bot]) #1052
• f48dfa0: Only alert user when --in-process is not used. (rkervella) #1052
• d809a28: install script- use users' primary group name (Tom Samstag) #1052
• 885387b: Fix the bug of the corresponding relationship between dwLogonType and dwLogonProvider in MakeToken (s3cst4rs) #1052
• c04f3f0: Bump gorm.io/driver/sqlite from 1.4.3 to 1.4.4 (dependabot[bot]) #1052
• a5a60a5: Bump github.com/pquerna/otp from 1.3.0 to 1.4.0 (dependabot[bot]) #1052
• 8d97ba3: Tweak downloaded flag file, and add it to make clean-all (moloch--) #1052
• 0796409: Bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 (dependabot[bot]) #1049
• 362efc8: Update implant vendor (rkervella) #1053
• 206ab56: Refactor to remove ioutil dep (rkervella) #1053
• 2a2b7db: Wrap filepath.Match into a custom package for windows specific code. (rkervella) #1053
• 645e5e0: Apply new logic to the downloadHandler (rkervella) #1053
• 96d242b: Bump golang.org/x/text from 0.4.0 to 0.5.0 (dependabot[bot]) #1053
• b8723d9: Bump github.com/jedib0t/go-pretty/v6 from 6.4.2 to 6.4.3 (dependabot[bot]) #1053
• 0c827c6: Bump github.com/shirou/gopsutil/v3 from 3.22.10 to 3.22.11 (dependabot[bot]) #1053
• bf7ac39: Bump nokogiri from 1.13.9 to 1.13.10 in /docs (dependabot[bot]) #1053
• 98f2340: Ensure Wireguard endpoint is valid before trying to use it (James Golovich) #1053
• 0d1c64a: Bump golang.org/x/sys from 0.2.0 to 0.3.0 (dependabot[bot]) #1053
• 5067333: Only alert user when --in-process is not used. (rkervella) #1053
• 35eedd7: install script- use users' primary group name (Tom Samstag) #1053
• cc55f38: Fix the bug of the corresponding relationship between dwLogonType and dwLogonProvider in MakeToken (s3cst4rs) #1053
• 3ac0ff1: Bump gorm.io/driver/sqlite from 1.4.3 to 1.4.4 (dependabot[bot]) #1053
• fa58a52: Bump github.com/pquerna/otp from 1.3.0 to 1.4.0 (dependabot[bot]) #1053
• 067eb58: Signed fix for pr #995 (moloch--) #1053
• 29340ac: Add flag to disable sgn when generating beacon shellcode (necroph0s) #1053
• 7e8d228: Automatically run go-assets.sh from Makefile if it hasn't been run already (James Golovich) #1053
• db9bc13: Tweak downloaded flag file, and add it to make clean-all (moloch--) #1053
• 06b2e4e: Bump gorm.io/driver/postgres from 1.4.5 to 1.4.6 (dependabot[bot]) #1053
• 6e87b94: Bump github.com/shirou/gopsutil/v3 from 3.22.11 to 3.22.12 (dependabot[bot]) #1053
• 41c95a9: Minor tweaks (moloch--) #1053
• ff3e370: Fix hex unit test (moloch--) #1053

v1.5.31

Commits

• c41fc30: Handle execute-assembly in task fetch (rkervella) #952
• 88ca9cf: Handle in-process execute assembly in task fetch (rkervella) #952
• 15b5b7c: Update pure go sqlite3 (moloch--) #956
• 8b58648: Use gosqlite by default for linux-arm64 builds (moloch--) #956
• 47d1f0d: Bump nokogiri from 1.13.6 to 1.13.9 in /docs (dependabot[bot]) #957
• 0bb5ea5: Switch actions to Go ^1.19 (moloch--) #958
• a144991: Update codeql config (moloch--) #959
• eb70ed2: Tweak codeql config, fix db logging issue (moloch--) #959
• 30b1cb8: Appease codeql's zip/path traversal false detection (moloch--) #959
• 97dbae5: Update badge (Joe) #960
• 8c6fe18: Download the correct garble executable for linux arm64 (moloch--) #961
• 3cfe643: Remove status badge until github fixes (Joe) #962
• 567e51c: Remove ioutil usage (rkervella) #964
• 0f5262e: Update autorelease.yml (Joe) #965
• 9f72364: Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (dependabot[bot]) #968
• c5b3250: Bump gorm.io/driver/sqlite from 1.4.2 to 1.4.3 (dependabot[bot]) #969
• 901e9fd: Bump golang.org/x/text from 0.3.8 to 0.4.0 (dependabot[bot]) #970
• 0417fc1: Bump gorm.io/driver/mysql from 1.4.1 to 1.4.3 (dependabot[bot]) #971
• 14553f9: Bump gorm.io/driver/postgres from 1.4.4 to 1.4.5 (dependabot[bot]) #967
• 125a4ac: Bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (dependabot[bot]) #976
• 40a9b74: Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (dependabot[bot]) #977
• 1e2e3ca: Bump modernc.org/sqlite from 1.19.2 to 1.19.3 (dependabot[bot]) #978
• 430b5ff: Go v1.19.3 (moloch--) #980
• 95ea7d8: Fix indentation (rkervella) #982
• 418b061: Add support for ps tree (rkervella) #982
• 6c7814c: Fix pstree (rkervella) #984
• ac56a98: Safely delete nodes (rkervella) #984
• 170c2bc: Use nodes vs branches when it makes sense. (rkervella) #984
• e9945d7: Let user choose the logon type (rkervella) #985
• eb96269: Add CreateProcessWithLogonW (rkervella) #986
• e083fa6: Reworked runas (rkervella) #986
• 5908033: Fix const package (rkervella) #985
• f8ae372: Reworked runas to act as the windows utility (rkervella) #986
• 0e66a56: Fix website content table (moloch--) #987