Storing Shikata Ga Nai (SGN) preference with implant profile

BishopFox · Jun 14, 2023 · 888d447 · 888d447
1 parent fd7585e
commit 888d447
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 9 deletions.
diff --git a/client/command/generate/generate-beacon.go b/client/command/generate/generate-beacon.go
@@ -33,8 +33,7 @@ func GenerateBeaconCmd(cmd *cobra.Command, con *console.SliverConsoleClient, arg
 		save, _ = os.Getwd()
 	}
 	if external, _ := cmd.Flags().GetBool("external-builder"); !external {
-		disableSGN, _ := cmd.Flags().GetBool("disable-sgn")
-		compile(config, disableSGN, save, con)
+		compile(config, save, con)
 	} else {
 		externalBuild(config, save, con)
 	}

diff --git a/client/command/generate/generate.go b/client/command/generate/generate.go
@@ -99,8 +99,7 @@ func GenerateCmd(cmd *cobra.Command, con *console.SliverConsoleClient, args []st
 		save, _ = os.Getwd()
 	}
 	if external, _ := cmd.Flags().GetBool("external-builder"); !external {
-		disableSGN, _ := cmd.Flags().GetBool("disable-sgn")
-		compile(config, disableSGN, save, con)
+		compile(config, save, con)
 	} else {
 		_, err := externalBuild(config, save, con)
 		if err != nil {
@@ -290,6 +289,7 @@ func parseCompileFlags(cmd *cobra.Command, con *console.SliverConsoleClient) *cl
 	isSharedLib := false
 	isService := false
 	isShellcode := false
+	sgnEnabled := false
 
 	format, _ := cmd.Flags().GetString("format")
 	runAtLoad := false
@@ -304,6 +304,8 @@ func parseCompileFlags(cmd *cobra.Command, con *console.SliverConsoleClient) *cl
 	case "shellcode":
 		configFormat = clientpb.OutputFormat_SHELLCODE
 		isShellcode = true
+		sgnEnabled, _ = cmd.Flags().GetBool("disable-sgn")
+		sgnEnabled = !sgnEnabled
 	case "service":
 		configFormat = clientpb.OutputFormat_SERVICE
 		isService = true
@@ -364,6 +366,7 @@ func parseCompileFlags(cmd *cobra.Command, con *console.SliverConsoleClient) *cl
 		Name:             name,
 		Debug:            debug,
 		Evasion:          evasion,
+		SGNEnabled:       sgnEnabled,
 		ObfuscateSymbols: symbolObfuscation,
 		C2:               c2s,
 		CanaryDomains:    canaryDomains,
@@ -866,7 +869,7 @@ func externalBuild(config *clientpb.ImplantConfig, save string, con *console.Sli
 	return nil, nil
 }
 
-func compile(config *clientpb.ImplantConfig, disableSGN bool, save string, con *console.SliverConsoleClient) (*commonpb.File, error) {
+func compile(config *clientpb.ImplantConfig, save string, con *console.SliverConsoleClient) (*commonpb.File, error) {
 	if config.IsBeacon {
 		interval := time.Duration(config.BeaconInterval)
 		con.PrintInfof("Generating new %s/%s beacon implant binary (%v)\n", config.GOOS, config.GOARCH, interval)
@@ -902,7 +905,7 @@ func compile(config *clientpb.ImplantConfig, disableSGN bool, save string, con *
 
 	fileData := generated.File.Data
 	if config.IsShellcode {
-		if disableSGN {
+		if !config.SGNEnabled {
 			con.PrintErrorf("Shikata ga nai encoder is %sdisabled%s\n", console.Bold, console.Normal)
 		} else {
 			con.PrintInfof("Encoding shellcode with shikata ga nai ... ")

diff --git a/client/command/generate/profiles-generate.go b/client/command/generate/profiles-generate.go
@@ -46,8 +46,11 @@ func ProfilesGenerateCmd(cmd *cobra.Command, con *console.SliverConsoleClient, a
 	}
 	profile := GetImplantProfileByName(name, con)
 	if profile != nil {
-		disableSGN, _ := cmd.Flags().GetBool("disable-sgn")
-		implantFile, err := compile(profile.Config, disableSGN, save, con)
+		// If SGN is explicitly disabled, make sure this compilation reflects that despite whatever is set in the profile
+		if SGNDisabled, _ := cmd.Flags().GetBool("disable-sgn"); SGNDisabled {
+			profile.Config.SGNEnabled = !SGNDisabled
+		}
+		implantFile, err := compile(profile.Config, save, con)
 		if err != nil {
 			return
 		}

diff --git a/protobuf/clientpb/client.pb.go b/protobuf/clientpb/client.pb.go
diff --git a/protobuf/clientpb/client.proto b/protobuf/clientpb/client.proto
@@ -137,6 +137,7 @@ message ImplantConfig {
   bool Evasion = 9;
   bool ObfuscateSymbols = 10;
   string TemplateName = 11;
+  bool SGNEnabled = 12;
 
   string MtlsCACert = 20;
   string MtlsCert = 21;

diff --git a/server/db/models/implant.go b/server/db/models/implant.go
@@ -94,6 +94,7 @@ type ImplantConfig struct {
 	ReconnectInterval   int64
 	MaxConnectionErrors uint32
 	ConnectionStrategy  string
+	SGNEnabled          bool
 
 	// WireGuard
 	WGImplantPrivKey  string
@@ -171,6 +172,7 @@ func (ic *ImplantConfig) ToProtobuf() *clientpb.ImplantConfig {
 		Evasion:          ic.Evasion,
 		ObfuscateSymbols: ic.ObfuscateSymbols,
 		TemplateName:     ic.TemplateName,
+		SGNEnabled:       ic.SGNEnabled,
 
 		ReconnectInterval:   ic.ReconnectInterval,
 		MaxConnectionErrors: ic.MaxConnectionErrors,

diff --git a/server/generate/binaries.go b/server/generate/binaries.go
@@ -160,6 +160,7 @@ func ImplantConfigFromProtobuf(pbConfig *clientpb.ImplantConfig) (string, *model
 	cfg.DebugFile = pbConfig.DebugFile
 	cfg.Evasion = pbConfig.Evasion
 	cfg.ObfuscateSymbols = pbConfig.ObfuscateSymbols
+	cfg.SGNEnabled = pbConfig.SGNEnabled
 	cfg.TemplateName = pbConfig.TemplateName
 	if cfg.TemplateName == "" {
 		cfg.TemplateName = SliverTemplateName