Merge pull request #663 from BishopFox/ux/cdc

Ux/cdc

client/command/beacons/beacons.go

@@ -21,6 +21,7 @@ package beacons
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -71,27 +72,36 @@ func BeaconsCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 			con.PrintInfof("Killed %s (%s)\n", beacon.Name, beacon.ID)
 		}
 	}
+	filter := ctx.Flags.String("filter")
+	var filterRegex *regexp.Regexp
+	if ctx.Flags.String("filter-re") != "" {
+		var err error
+		filterRegex, err = regexp.Compile(ctx.Flags.String("filter-re"))
+		if err != nil {
+			con.PrintErrorf("%s\n", err)
+			return
+		}
+	}
 
 	beacons, err := con.Rpc.GetBeacons(context.Background(), &commonpb.Empty{})
 	if err != nil {
 		con.PrintErrorf("%s\n", err)
 		return
 	}
-
-	PrintBeacons(beacons.Beacons, con)
+	PrintBeacons(beacons.Beacons, filter, filterRegex, con)
 }
 
 // PrintBeacons - Display a list of beacons
-func PrintBeacons(beacons []*clientpb.Beacon, con *console.SliverConsoleClient) {
+func PrintBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regexp.Regexp, con *console.SliverConsoleClient) {
 	if len(beacons) == 0 {
 		con.PrintInfof("No beacons 🙁\n")
 		return
 	}
-	tw := renderBeacons(beacons, con)
+	tw := renderBeacons(beacons, filter, filterRegex, con)
 	con.Printf("%s\n", tw.Render())
 }
 
-func renderBeacons(beacons []*clientpb.Beacon, con *console.SliverConsoleClient) table.Writer {
+func renderBeacons(beacons []*clientpb.Beacon, filter string, filterRegex *regexp.Regexp, con *console.SliverConsoleClient) table.Writer {
 	width, _, err := term.GetSize(0)
 	if err != nil {
 		width = 999
@@ -140,8 +150,11 @@ func renderBeacons(beacons []*clientpb.Beacon, con *console.SliverConsoleClient)
 			eta := time.Until(nextCheckin)
 			next = fmt.Sprintf("%s%s%s", console.Bold+console.Green, eta, console.Normal)
 		}
+
+		// We need a slice of strings so we can apply filters
+		var rowEntries []string
 		if con.Settings.SmallTermWidth < width {
-			tw.AppendRow(table.Row{
+			rowEntries = []string{
 				fmt.Sprintf(color+"%s"+console.Normal, strings.Split(beacon.ID, "-")[0]),
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Name),
 				fmt.Sprintf(color+"%d/%d"+console.Normal, beacon.TasksCountCompleted, beacon.TasksCount),
@@ -152,17 +165,41 @@ func renderBeacons(beacons []*clientpb.Beacon, con *console.SliverConsoleClient)
 				fmt.Sprintf(color+"%s/%s"+console.Normal, beacon.OS, beacon.Arch),
 				fmt.Sprintf(color+"%s ago"+console.Normal, time.Since(time.Unix(beacon.LastCheckin, 0))),
 				next,
-			})
+			}
 		} else {
-			tw.AppendRow(table.Row{
+			rowEntries = []string{
 				fmt.Sprintf(color+"%s"+console.Normal, strings.Split(beacon.ID, "-")[0]),
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Name),
 				fmt.Sprintf(color+"%s"+console.Normal, beacon.Transport),
 				fmt.Sprintf(color+"%s"+console.Normal, strings.TrimPrefix(beacon.Username, beacon.Hostname+"\\")),
 				fmt.Sprintf(color+"%s/%s"+console.Normal, beacon.OS, beacon.Arch),
 				fmt.Sprintf(color+"%s ago"+console.Normal, time.Since(time.Unix(beacon.LastCheckin, 0))),
 				next,
-			})
+			}
+		}
+		// Build the row struct
+		row := table.Row{}
+		for _, entry := range rowEntries {
+			row = append(row, entry)
+		}
+		// Apply filters if any
+		if filter == "" && filterRegex == nil {
+			tw.AppendRow(row)
+		} else {
+			for _, rowEntry := range rowEntries {
+				if filter != "" {
+					if strings.Contains(rowEntry, filter) {
+						tw.AppendRow(row)
+						break
+					}
+				}
+				if filterRegex != nil {
+					if filterRegex.MatchString(rowEntry) {
+						tw.AppendRow(row)
+						break
+					}
+				}
+			}
 		}
 	}
 	return tw

client/command/beacons/watch.go

@@ -45,7 +45,7 @@ func BeaconsWatchCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 			if err != nil {
 				panic(err) // If we return we may leak the waiting goroutine, so we panic instead
 			}
-			tw := renderBeacons(beacons.Beacons, con)
+			tw := renderBeacons(beacons.Beacons, "", nil, con)
 			lines := strings.Split(tw.Render(), "\n")
 			for _, line := range lines {
 				con.Printf(console.Clearln+"\r%s\n", line)

client/command/commands.go

@@ -399,6 +399,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.Bool("c", "no-canaries", false, "disable dns canary detection")
 			f.String("L", "lhost", "", "interface to bind server to")
 			f.Int("l", "lport", generate.DefaultDNSLPort, "udp listen port")
+			f.Bool("D", "disable-otp", false, "disable otp authentication")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 			f.Bool("p", "persistent", false, "make persistent across restarts")
@@ -558,7 +559,10 @@ func BindCommands(con *console.SliverConsoleClient) {
 			f.String("k", "kill", "", "kill the designated session")
 			f.Bool("K", "kill-all", false, "kill all the sessions")
 			f.Bool("C", "clean", false, "clean out any sessions marked as [DEAD]")
-			f.Bool("f", "force", false, "force session action without waiting for results")
+			f.Bool("F", "force", false, "force session action without waiting for results")
+
+			f.String("f", "filter", "", "filter sessions by substring")
+			f.String("e", "filter-re", "", "filter sessions by regular expression")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
@@ -575,7 +579,8 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Help:     "Kill all stale/dead sessions",
 		LongHelp: help.GetHelpFor([]string{consts.SessionsStr, consts.PruneStr}),
 		Flags: func(f *grumble.Flags) {
-			f.Bool("f", "force", false, "Force the killing of stale/dead sessions")
+			f.Bool("F", "force", false, "Force the killing of stale/dead sessions")
+
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
 		Run: func(ctx *grumble.Context) error {
@@ -615,7 +620,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			return nil
 		},
 		Flags: func(f *grumble.Flags) {
-			f.Bool("f", "force", false, "Force kill,  does not clean up")
+			f.Bool("F", "force", false, "Force kill,  does not clean up")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
@@ -1677,7 +1682,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 		LongHelp: help.GetHelpFor([]string{consts.RmStr}),
 		Flags: func(f *grumble.Flags) {
 			f.Bool("r", "recursive", false, "recursively remove files")
-			f.Bool("f", "force", false, "ignore safety and forcefully remove files")
+			f.Bool("F", "force", false, "ignore safety and forcefully remove files")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
@@ -1913,7 +1918,7 @@ func BindCommands(con *console.SliverConsoleClient) {
 			a.Uint("pid", "pid")
 		},
 		Flags: func(f *grumble.Flags) {
-			f.Bool("f", "force", false, "disregard safety and kill the PID")
+			f.Bool("F", "force", false, "disregard safety and kill the PID")
 
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
 		},
@@ -2163,8 +2168,11 @@ func BindCommands(con *console.SliverConsoleClient) {
 		Flags: func(f *grumble.Flags) {
 			f.String("k", "kill", "", "kill a beacon")
 			f.Bool("K", "kill-all", false, "kill all beacons")
+			f.Bool("F", "force", false, "force killing of the beacon")
+			f.String("f", "filter", "", "filter beacons by substring")
+			f.String("e", "filter-re", "", "filter beacons by regular expression")
+
 			f.Int("t", "timeout", defaultTimeout, "command timeout in seconds")
-			f.Bool("f", "force", false, "force killing of the beacon")
 		},
 		HelpGroup: consts.GenericHelpGroup,
 		Run: func(ctx *grumble.Context) error {

client/command/jobs/dns.go

@@ -47,6 +47,7 @@ func DNSListenerCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 		Port:       uint32(lport),
 		Canaries:   !ctx.Flags.Bool("no-canaries"),
 		Persistent: ctx.Flags.Bool("persistent"),
+		EnforceOTP: !ctx.Flags.Bool("disable-otp"),
 	})
 	con.Println()
 	if err != nil {

client/command/sessions/sessions.go

@@ -21,6 +21,7 @@ package sessions
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -97,20 +98,31 @@ func SessionsCmd(ctx *grumble.Context, con *console.SliverConsoleClient) {
 			con.PrintErrorf("Invalid session name or session number: %s\n", interact)
 		}
 	} else {
+		filter := ctx.Flags.String("filter")
+		var filterRegex *regexp.Regexp
+		if ctx.Flags.String("filter-re") != "" {
+			var err error
+			filterRegex, err = regexp.Compile(ctx.Flags.String("filter-re"))
+			if err != nil {
+				con.PrintErrorf("%s\n", err)
+				return
+			}
+		}
+
 		sessionsMap := map[string]*clientpb.Session{}
 		for _, session := range sessions.GetSessions() {
 			sessionsMap[session.ID] = session
 		}
 		if 0 < len(sessionsMap) {
-			PrintSessions(sessionsMap, con)
+			PrintSessions(sessionsMap, filter, filterRegex, con)
 		} else {
 			con.PrintInfof("No sessions 🙁\n")
 		}
 	}
 }
 
 // PrintSessions - Print the current sessions
-func PrintSessions(sessions map[string]*clientpb.Session, con *console.SliverConsoleClient) {
+func PrintSessions(sessions map[string]*clientpb.Session, filter string, filterRegex *regexp.Regexp, con *console.SliverConsoleClient) {
 	width, _, err := term.GetSize(0)
 	if err != nil {
 		width = 999
@@ -128,7 +140,7 @@ func PrintSessions(sessions map[string]*clientpb.Session, con *console.SliverCon
 			"Hostname",
 			"Username",
 			"Operating System",
-			"Last Check-in",
+			"Last Message",
 			"Health",
 		})
 	} else {
@@ -164,8 +176,9 @@ func PrintSessions(sessions map[string]*clientpb.Session, con *console.SliverCon
 		}
 		username := strings.TrimPrefix(session.Username, session.Hostname+"\\") // For non-AD Windows users
 
+		var rowEntries []string
 		if con.Settings.SmallTermWidth < width {
-			tw.AppendRow(table.Row{
+			rowEntries = []string{
 				fmt.Sprintf(color+"%s"+console.Normal, ShortSessionID(session.ID)),
 				fmt.Sprintf(color+"%s"+console.Normal, session.Name),
 				fmt.Sprintf(color+"%s"+console.Normal, session.Transport),
@@ -175,17 +188,41 @@ func PrintSessions(sessions map[string]*clientpb.Session, con *console.SliverCon
 				fmt.Sprintf(color+"%s/%s"+console.Normal, session.OS, session.Arch),
 				fmt.Sprintf(color+"%s"+console.Normal, time.Unix(session.LastCheckin, 0).Format(time.RFC1123)),
 				burned + SessionHealth,
-			})
+			}
 		} else {
-			tw.AppendRow(table.Row{
+			rowEntries = []string{
 				fmt.Sprintf(color+"%s"+console.Normal, ShortSessionID(session.ID)),
 				fmt.Sprintf(color+"%s"+console.Normal, session.Transport),
 				fmt.Sprintf(color+"%s"+console.Normal, session.RemoteAddress),
 				fmt.Sprintf(color+"%s"+console.Normal, session.Hostname),
 				fmt.Sprintf(color+"%s"+console.Normal, username),
 				fmt.Sprintf(color+"%s/%s"+console.Normal, session.OS, session.Arch),
 				burned + SessionHealth,
-			})
+			}
+		}
+		// Build the row struct
+		row := table.Row{}
+		for _, entry := range rowEntries {
+			row = append(row, entry)
+		}
+		// Apply filters if any
+		if filter == "" && filterRegex == nil {
+			tw.AppendRow(row)
+		} else {
+			for _, rowEntry := range rowEntries {
+				if filter != "" {
+					if strings.Contains(rowEntry, filter) {
+						tw.AppendRow(row)
+						break
+					}
+				}
+				if filterRegex != nil {
+					if filterRegex.MatchString(rowEntry) {
+						tw.AppendRow(row)
+						break
+					}
+				}
+			}
 		}
 	}
 

protobuf/clientpb/client.proto

@@ -282,6 +282,7 @@ message DNSListenerReq {
   string Host = 3;
   uint32 Port = 4;
   bool Persistent = 5;
+  bool EnforceOTP = 6; 
 }
 
 message DNSListener {