Releases: BishopFox/sliver
Releases · BishopFox/sliver
v1.5.42
v1.5.41
v1.5.41
v1.5.40
This release fixes a vulnerability (CVE-2023-34758) in the Sliver Key Encapsulation Mechanism (KEM), where improper use of Nacl Box (libsodium) could allow a MitM attacker with a copy of the implant binary to recover the session key and arbitrarily encrypt/decrypt C2 messages. Note that the Sliver KEM is only used over insecure protocols such as HTTP and DNS, and does not affect mTLS or Wireguard.
The issue was addressed by switching to a combination age for the KEM and HMAC-SHA2-256 to verify the implant.
More details: GHSA-8jxm-xp43-qh3q
Special thanks to Ting-Wei Hsieh from CHT Security Co. Ltd. for reporting the vulnerability.
v1.5.39
Commits
- ad53f90: Bump github.com/miekg/dns from 1.1.53 to 1.1.54 (dependabot[bot]) #1217
- 5b22e6d: Bump modernc.org/sqlite from 1.22.0 to 1.22.1 (dependabot[bot]) #1218
- d921c3c: Add ESET Internet Security to kwnown security processes (smeukinou) #1220
- 2f9c84c: FIX implant generation with locale limit not compiling when not in debug mode (smeukinou) #1221
- b5e611d: FIX windows screenshot when multiple monitors are used, and they are not exactly side-by-side (smeukinou) #1222
- a468ec8: Allow
migrate
to use process names (rkervella) #1223 - 64c40ba: Bump google.golang.org/grpc from 1.54.0 to 1.55.0 (dependabot[bot]) #1226
- 27c6e8e: Bump golang.org/x/term from 0.7.0 to 0.8.0 (dependabot[bot]) #1227
- d547708: Go v1.20.4 (moloch--) #1229
- 4690430: update installer to symlink sliver/sliver-client (moloch--)
- 38a740a: Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (dependabot[bot]) #1232
- 52daa1a: Adding support for specifying DNS resolvers through advanced options (Raf) #1235
v1.5.38
Commits
- 57ddb1a: Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (dependabot[bot]) #1199
- 8c06b83: Bump gorm.io/gorm from 1.24.7-0.20230306060331-85eaf9eeda11 to 1.25.0 (dependabot[bot]) #1200
- ef1c034: Bump gorm.io/driver/sqlite from 1.4.4 to 1.5.0 (dependabot[bot]) #1201
- 7479e86: Bump gorm.io/driver/mysql from 1.4.7 to 1.5.0 (dependabot[bot]) #1202
- 77ab598: pull latest beacon or session configuration on info command even if a beacon or session is currently selected to avoid displaying outdated values after a reconfiguration (Tim Makram Ghatas) #1207
- 9e12db9: Bump modernc.org/sqlite from 1.21.1 to 1.22.0 (dependabot[bot]) #1212
- 3599af1: Fixed nil pointer (b0yd) #1213
- fce0221: Add Rapid 7 (cmprmsd) #1214
- 7522a0b: Apply XOR to protobuf raw data (rkervella) #1215
- 7c33022: Apply XOR to dnspb and commonpb too (rkervella) #1215
v1.5.37
Commits
- 05a31d9: Bump google.golang.org/grpc from 1.53.0 to 1.54.0 (dependabot[bot]) #1168
- 19b4b0b: Warn user about improper flag usage. (rkervella) #1169
- 8fd9487: Added chmod,chown,timestomp, and added uid:gid to ls (b0yd) #1170
- 03d93b9: Guess I'm supposed to check these in too :P (b0yd) #1170
- 0e5d055: Import ommisions (b0yd) #1170
- a45c996: Made pretty, with goto (b0yd) #1170
- d344e35: Fixed issues caused by adding goto (b0yd) #1170
- 963b3c3: Fixed import...again (b0yd) #1170
- feacb9e: Use implant filename instead of name (rkervella) #1172
- 2bfcaf1: Update handlers_linux.go (rwincey) #1170
- e6645c9: Added file path for debug so it doesn't always goto stdout (b0yd) #1175
- bd57568: Bump github.com/miekg/dns from 1.1.52 to 1.1.53 (dependabot[bot]) #1177
- 246519d: Bump modernc.org/sqlite from 1.21.0 to 1.21.1 (dependabot[bot]) #1178
- d2aaee9: fix implant configuration for external builders (MrAle98) #1180
- 04e8104: minor fix (MrAle98) #1180
- 85f51a8: Initial support for changing C2 when spawning an interactive session from a beacon. Does not support changing transports. (Raf) #1190
- 400c629: Adding support for killing a beacon using the short form of its ID (Raf) #1182
- 7fa1b5c: Bump golang.org/x/sys from 0.6.0 to 0.7.0 (dependabot[bot]) #1184
- 689645d: Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (dependabot[bot]) #1187
- 6c77808: Bump golang.org/x/text from 0.8.0 to 0.9.0 (dependabot[bot]) #1186
- 03183ae: Bump golang.org/x/net from 0.8.0 to 0.9.0 (dependabot[bot]) #1188
- 929e67e: Always show hostname when displaying the list of beacons (Raf) #1191
- f09efe9: Fixing #1192. Waiting to close the job channel until all teardown tasks are done (Raf) #1193
- 7033be8: Bump commonmarker from 0.23.8 to 0.23.9 in /docs (dependabot[bot]) #1194
- c2adb81: Bump nokogiri from 1.14.1 to 1.14.3 in /docs (dependabot[bot]) #1195
v1.5.36
Features
Commits
- 94d8b9f: Bump github.com/jedib0t/go-pretty/v6 from 6.4.4 to 6.4.6 (dependabot[bot]) #1134
- 2f1f81c: Bump golang.org/x/term from 0.5.0 to 0.6.0 (dependabot[bot]) #1135
- 9585b43: Bump github.com/chromedp/chromedp from 0.8.7 to 0.8.8 (dependabot[bot]) #1132
- 9f811f8: Bump golang.org/x/net from 0.7.0 to 0.8.0 (dependabot[bot]) #1131
- 5ab52bc: unblock execute command if no output is requested (Dominic Breuker) #1136
- 3a8017e: Go v1.20.2 (moloch--) #1137
- e6d9740: Go v1.20.2 (moloch--)
- bde3cd6: Bump golang.org/x/crypto from 0.6.0 to 0.7.0 (dependabot[bot]) #1141
- 115f47a: Bump github.com/miekg/dns from 1.1.51 to 1.1.52 (dependabot[bot]) #1142
- 564aeec: Bump gorm.io/gorm from 1.24.5 to 1.24.6 (dependabot[bot]) #1144
- 200a1a9: Bump github.com/fatih/color from 1.14.1 to 1.15.0 (dependabot[bot]) #1145
- 4068faf: Bump github.com/xlab/treeprint from 1.1.0 to 1.2.0 (dependabot[bot]) #1143
- a3ea33b: Bump github.com/chromedp/chromedp from 0.8.8 to 0.9.1 (dependabot[bot]) #1153
- dff24ae: Bump gorm.io/driver/postgres from 1.4.8 to 1.5.0 (dependabot[bot]) #1154
- 8291364: Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 (dependabot[bot]) #1155
- c6e65e6: Bump actions/setup-go from 3 to 4 (dependabot[bot]) #1156
- 9d7d1b7: Bump google.golang.org/protobuf from 1.28.1 to 1.30.0 (dependabot[bot]) #1152
- c506020: Bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 (dependabot[bot]) #1157
- 918d729: Update
DumpCookies
method (rkervella) #1158 - f1613bb: avoid race condition in the extension callback on windows beacons (Dominic Breuker) #1159
- b0e0df1: ensure beacon registers extensions before it calls them (Dominic Breuker) #1164
- c6a29ea: ensure waitgroup in beaconmain can never become negative (Dominic Breuker) #1164
- 3297301: cleanup and variable rename (Dominic Breuker) #1164
- 3d7227e: execute regular tasks and extenions concurrently (Dominic Breuker) #1164
- 99c76c2: C2 http uri lowercased. Fixes #1126 (svl) #1166
v1.5.35
Commits
- b0b4751: Update go-assets.sh (Ronan Kervella) #1094
- cfaa892: Attempt to implement docs/notion (moloch--)
- a8a5368: Bump golang.org/x/net from 0.5.0 to 0.6.0 (dependabot[bot]) #1097
- bca8c13: Bump gorm.io/driver/mysql from 1.4.5 to 1.4.6 (dependabot[bot]) #1101
- 1ddeeb8: Fix missing flag in context for PsCmd (rkervella) #1103
- 988282c: Bump golang.org/x/crypto from 0.5.0 to 0.6.0 (dependabot[bot]) #1107
- 94a4be6: Bump modernc.org/sqlite from 1.19.3 to 1.20.4 (dependabot[bot]) #1110
- 52e296f: Bump golang.org/x/net from 0.6.0 to 0.7.0 (dependabot[bot]) #1106
- 50103d7: Bump gorm.io/driver/postgres from 1.4.6 to 1.4.8 (dependabot[bot]) #1108
- 89f029f: Go v1.20.1 (moloch--) #1111
- bc9bba5: Bump gorm.io/driver/mysql from 1.4.6 to 1.4.7 (dependabot[bot]) #1109
- 5da01d9: Garble v1.20.2 (moloch--) #1111
- 03ba0ea: Return zero guid on hostuuid from mac error (moloch--) #1112
- ba69967: Update README.md (Joe)
- 5d3247d: Bump github.com/miekg/dns from 1.1.50 to 1.1.51 (dependabot[bot]) #1116
- 38206c0: Bump modernc.org/sqlite from 1.20.4 to 1.21.0 (dependabot[bot]) #1119
- 617a392: Bump google.golang.org/grpc (dependabot[bot]) #1117
- 524d584: Bump github.com/things-go/go-socks5 (dependabot[bot]) #1115
- 93a0c15: Update go-clr, merge master (rkervella) #1122
- e3a2ff8: Only try to read keytab if it was supplied as an argument (rkervella) #1128
- 12e6f9a: fix defunct processes on nix (Chris Shields) #1130
v1.5.34
Commits
- 81d8b39: Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (dependabot[bot]) #1061
- 19c6e79: Bump gorm.io/gorm from 1.24.2 to 1.24.3 (dependabot[bot]) #1062
- 72fcd30: Fix build constraints for linux/mips (moloch--) #1066
- 1a8487e: Fix build constraints for linux/mips (moloch--) #1066
- cfa16f7: More specific cross-platform constraints (moloch--) #1066
- d935a03: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
- 72c1de8: Move DisableSGN out of protobuf since its client-side only (moloch--) #1068
- 422d491: Bump gorm.io/driver/mysql from 1.4.4 to 1.4.5 (dependabot[bot]) #1070
- 571a601: Bump github.com/jedib0t/go-pretty/v6 from 6.4.3 to 6.4.4 (dependabot[bot]) #1071
- 973b5bb: Fix GetCookies API call (moloch--) #1073
- e905032: Update vendor/ (moloch--) #1073
- 92df0e4: Style fixes (moloch--) #1073
- 7eb77b0: Go v1.19.5 (moloch--) #1076
- 1469482: Ensure HOME is set, remove large literal ENV (moloch--) #1076
- fa94d98: Update go mod/vendor (moloch--) #1076
- 25f7ac0: Bump github.com/fatih/color from 1.13.0 to 1.14.0 (dependabot[bot]) #1077
- 9f73e63: Added Defender for Endpoint processes (Alexander Georgiev) #1078
- 6b3d95a: Bump commonmarker from 0.23.6 to 0.23.7 in /docs (dependabot[bot]) #1080
- 6efd539: Bump github.com/fatih/color from 1.14.0 to 1.14.1 (dependabot[bot]) #1084
- cc7d5f8: Bump activesupport from 6.0.4.6 to 6.0.6.1 in /docs (dependabot[bot]) #1087
- f21669b: Bump github.com/gofrs/uuid from 4.3.1+incompatible to 4.4.0+incompatible (dependabot[bot]) #1085
- 1a2388a: fix goroutine leak (raymonder jin) #1089
- e47516c: Add printing of two messages (Matthijs Gielen) #1090
- e6a9744: Go v1.20 (moloch--) #1091
- 204519b: Update garble and pb versions (moloch--) #1091
- 4e43f2d: Fix protoc version (moloch--) #1092
- e914850: Bump gorm.io/gorm from 1.24.3 to 1.24.5 (dependabot[bot]) #1093
- d2a6fa8: Go v1.20 (moloch--)