From ea06daa5acda49c1edbf42edca69d31a5cb078bb Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Fri, 31 May 2024 11:46:54 +0200 Subject: [PATCH 1/2] add clean command and function definitions --- client/command/clean/clean.go | 129 ++++++++++++++++++++++++++++++++++ client/command/server.go | 2 + 2 files changed, 131 insertions(+) create mode 100644 client/command/clean/clean.go diff --git a/client/command/clean/clean.go b/client/command/clean/clean.go new file mode 100644 index 0000000000..cf3da2f4b1 --- /dev/null +++ b/client/command/clean/clean.go @@ -0,0 +1,129 @@ +package clean + +/* + Sliver Implant Framework + Copyright (C) 2023 Bishop Fox + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +import ( + "context" + + "github.com/AlecAivazis/survey/v2" + "github.com/bishopfox/sliver/client/command/flags" + "github.com/bishopfox/sliver/client/console" + "github.com/bishopfox/sliver/client/constants" + "github.com/bishopfox/sliver/protobuf/commonpb" + "github.com/bishopfox/sliver/protobuf/sliverpb" + "github.com/spf13/cobra" +) + +// CleanCmd - Remove all profiles, beacons, sessions, implant builds and HTTP profiles (Builds and logs will still exist on disk in .sliver) +func CleanCmd(cmd *cobra.Command, con *console.SliverClient, args []string) { + con.Printf("This command will kill and remove all sessions, beacons and profiles \n") + confirm := false + prompt := &survey.Confirm{Message: "Are you sure you want to destroy everything?"} + survey.AskOne(prompt, &confirm) + if !confirm { + return + } + err := killSessionsAndBeacons(con) + if err != nil { + con.PrintErrorf("%s\n", err) + return + } + + err = removeImplantBuilds(con) + if err != nil { + con.PrintErrorf("%s\n", err) + return + } + + err = removeNetworkProfiles(con) + if err != nil { + con.PrintErrorf("%s\n", err) + return + } + + err = removeProfiles(con) + if err != nil { + con.PrintErrorf("%s\n", err) + return + } + con.Printf("All done !\n") +} + +func removeImplantBuilds(con *console.SliverClient) error { + return nil +} + +func removeProfiles(con *console.SliverClient) error { + return nil +} + +func removeNetworkProfiles(con *console.SliverClient) error { + return nil +} + +func killSessionsAndBeacons(con *console.SliverClient) error { + sessions, err := con.Rpc.GetSessions(context.Background(), &commonpb.Empty{}) + if err != nil { + return err + } + + for _, session := range sessions.Sessions { + _, err := con.Rpc.Kill(context.Background(), &sliverpb.KillReq{ + Request: &commonpb.Request{ + SessionID: session.ID, + Timeout: flags.DefaultTimeout, + }, + Force: false, + }) + if err != nil { + return err + } + } + + beacons, err := con.Rpc.GetBeacons(context.Background(), &commonpb.Empty{}) + if err != nil { + return err + } + + for _, beacon := range beacons.Beacons { + _, err := con.Rpc.Kill(context.Background(), &sliverpb.KillReq{ + Request: &commonpb.Request{ + BeaconID: beacon.ID, + Timeout: flags.DefaultTimeout, + }, + Force: false, + }) + if err != nil { + return err + } + } + return nil +} + +// Commands returns the `exit` command. +func Command(con *console.SliverClient) []*cobra.Command { + return []*cobra.Command{{ + Use: "clean", + Short: "Remove all profiles, beacons, sessions, implant builds and HTTP profiles (Builds and logs will still exist on disk in .sliver)", + Run: func(cmd *cobra.Command, args []string) { + CleanCmd(cmd, con, args) + }, + GroupID: constants.GenericHelpGroup, + }} +} diff --git a/client/command/server.go b/client/command/server.go index f297b30235..5e4603a47e 100644 --- a/client/command/server.go +++ b/client/command/server.go @@ -27,6 +27,7 @@ import ( "github.com/bishopfox/sliver/client/command/builders" "github.com/bishopfox/sliver/client/command/c2profiles" "github.com/bishopfox/sliver/client/command/certificates" + "github.com/bishopfox/sliver/client/command/clean" "github.com/bishopfox/sliver/client/command/crack" "github.com/bishopfox/sliver/client/command/creds" "github.com/bishopfox/sliver/client/command/exit" @@ -95,6 +96,7 @@ func ServerCommands(con *client.SliverClient, serverCmds func() []*cobra.Command creds.Commands, crack.Commands, certificates.Commands, + clean.Command, ) // C2 Network From 2407b4dd2e9555e7d05267657717624f26e95232 Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Fri, 31 May 2024 12:10:49 +0200 Subject: [PATCH 2/2] remove profiles and implants. Beacons are just removed instead of killing them. --- client/command/clean/clean.go | 50 ++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/client/command/clean/clean.go b/client/command/clean/clean.go index cf3da2f4b1..e49be6b54d 100644 --- a/client/command/clean/clean.go +++ b/client/command/clean/clean.go @@ -25,12 +25,13 @@ import ( "github.com/bishopfox/sliver/client/command/flags" "github.com/bishopfox/sliver/client/console" "github.com/bishopfox/sliver/client/constants" + "github.com/bishopfox/sliver/protobuf/clientpb" "github.com/bishopfox/sliver/protobuf/commonpb" "github.com/bishopfox/sliver/protobuf/sliverpb" "github.com/spf13/cobra" ) -// CleanCmd - Remove all profiles, beacons, sessions, implant builds and HTTP profiles (Builds and logs will still exist on disk in .sliver) +// CleanCmd - Remove all profiles, beacons, sessions and implant builds (Builds and logs will still exist on disk in .sliver) func CleanCmd(cmd *cobra.Command, con *console.SliverClient, args []string) { con.Printf("This command will kill and remove all sessions, beacons and profiles \n") confirm := false @@ -39,7 +40,7 @@ func CleanCmd(cmd *cobra.Command, con *console.SliverClient, args []string) { if !confirm { return } - err := killSessionsAndBeacons(con) + err := removeSessionsAndBeacons(con) if err != nil { con.PrintErrorf("%s\n", err) return @@ -51,12 +52,6 @@ func CleanCmd(cmd *cobra.Command, con *console.SliverClient, args []string) { return } - err = removeNetworkProfiles(con) - if err != nil { - con.PrintErrorf("%s\n", err) - return - } - err = removeProfiles(con) if err != nil { con.PrintErrorf("%s\n", err) @@ -66,18 +61,41 @@ func CleanCmd(cmd *cobra.Command, con *console.SliverClient, args []string) { } func removeImplantBuilds(con *console.SliverClient) error { + builds, err := con.Rpc.ImplantBuilds(context.Background(), &commonpb.Empty{}) + if err != nil { + return err + } + for name, _ := range builds.Configs { + _, err := con.Rpc.DeleteImplantBuild(context.Background(), &clientpb.DeleteReq{ + Name: name, + }) + if err != nil { + return err + } + } + return nil } func removeProfiles(con *console.SliverClient) error { - return nil -} + profiles, err := con.Rpc.ImplantProfiles(context.Background(), &commonpb.Empty{}) + if err != nil { + return err + } + + for _, profile := range profiles.Profiles { + _, err := con.Rpc.DeleteImplantProfile(context.Background(), &clientpb.DeleteReq{ + Name: profile.Name, + }) + if err != nil { + return err + } + } -func removeNetworkProfiles(con *console.SliverClient) error { return nil } -func killSessionsAndBeacons(con *console.SliverClient) error { +func removeSessionsAndBeacons(con *console.SliverClient) error { sessions, err := con.Rpc.GetSessions(context.Background(), &commonpb.Empty{}) if err != nil { return err @@ -102,13 +120,7 @@ func killSessionsAndBeacons(con *console.SliverClient) error { } for _, beacon := range beacons.Beacons { - _, err := con.Rpc.Kill(context.Background(), &sliverpb.KillReq{ - Request: &commonpb.Request{ - BeaconID: beacon.ID, - Timeout: flags.DefaultTimeout, - }, - Force: false, - }) + _, err = con.Rpc.RmBeacon(context.Background(), &clientpb.Beacon{ID: beacon.ID}) if err != nil { return err }