BishopFox
Sliver server for Windows missing asset file
Describe the bug Running the latest windows server 1.5.41, is failing. The go compiler is not uncompressed at install time/.
To Reproduce Install the server on windows, run the server and try to generate an implant:
ll hackers gain persist
[*] Server v1.5.41 - f2a3915c79b31ab31c0c2f0428bbd53d9e93c54b
[*] Welcome to the sliver shell, please type 'help' for options
[server] sliver > generate --mtls xxxxxxx
[*] Generating new windows/amd64 implant binary
[*] Symbol obfuscation is enabled
[!] rpc error: code = Unknown desc = invalid compiler target: windows/amd64
[server] sliver > generate info
Server: windows/amd64
Cross Compilers
Supported Targets
windows/amd64 - Executable
darwin/amd64 - Executable
darwin/arm64 - Executable
linux/386 - Executable
linux/amd64 - Executable
windows/386 - Executable
windows/386 - Shared Library
windows/amd64 - Shared Library
windows/386 - Service
windows/amd64 - Service
windows/386 - Shellcode
windows/amd64 - Shellcode
Default Builds Only
Expected behavior Should generate an implant
Screenshots from sliver.log:
[31mERRO[0m[2023-07-25T10:32:38+02:00] [sliver/server/assets/assets.go:185] static asset not found: fs\windows\amd64\go.zip
[36mINFO[0m[2023-07-25T10:32:38+02:00] [sliver/server/certs/ca.go:62] Generating certificate authority for 'mtls-implant'
[36mINFO[0m[2023-07-25T10:32:38+02:00] [sliver/server/certs/certs.go:140] Generating TLS certificate (ECC) for '' ...
Addtitionnaly, there is no bin dir in
Alright finally found the issue: https://github.com/BishopFox/sliver/blob/f2a3915c79b31ab31c0c2f0428bbd53d9e93c54b/server/assets/assets.go#L182-L187
We need to use path.Join() instead of filepath.Join() here because embed.fs doesn't care about platform specific paths, and uses Unix notation. So we end up looking for Windows paths in the embedded filesystem, and since they don't exist we return an error. I'll need to check other places where we do that before pushing a fix, but TL;DR is it's Windows specific.
Looks like there's another bug with GOPATH not being set on Windows:
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:164] go cmd: 'C:\Users\lab\.sliver\go\bin\go tool dist list'
INFO[2023-08-04T13:03:57-07:00] [sliver/server/rpc/rpc-client-logs.go:117] Received 22 bytes of client console log data for stream asciicast
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:167] --- env ---
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] CC=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] CGO_ENABLED=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOOS=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOARCH=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOPATH=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOCACHE=C:\Users\lab\.sliver\go\cache
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOMODCACHE=C:\Users\lab\.sliver\go\modcache
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] GOPROXY=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] HTTP_PROXY=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] HTTPS_PROXY=
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:169] PATH=C:\Users\lab\.sliver\go\bin:C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Users\lab\AppData\Local\Microsoft\WindowsApps;C:\Users\lab\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\lab\.dotnet\tools
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:171] --- stdout ---
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:172] --- stderr ---
go tool dist: mkdir C:\Windows\go-tool-dist-3250880400: Access is denied.
INFO[2023-08-04T13:03:57-07:00] [sliver/server/gogo/go.go:173] exit status 1
So much this lol, I raged quit this afternoon honestly. I'll have another look next week.