BishopFox · rkervella · Jan 5, 2024 · Jan 5, 2024 · Jan 5, 2024 · Jan 5, 2024
@@ -26,6 +26,7 @@ import (
 	"google.golang.org/protobuf/proto"
 
 	"github.com/bishopfox/sliver/client/console"
+	consts "github.com/bishopfox/sliver/client/constants"
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 )
 
@@ -66,6 +67,16 @@ func MigrateCmd(cmd *cobra.Command, con *console.SliverClient, args []string) {
 		con.SpinUntil(fmt.Sprintf("Migrating into %s...", procName), ctrl)
 	}
 
+	/* If the HTTP C2 Config name is not defined, then put in the default value
+	   This will have no effect on implants that do not use HTTP C2
+	   Also this should be overridden when the build info is pulled from the
+	   database, but if there is no build info and we have to create the build
+	   from scratch, we need to have something in here.
+	*/
+	if config.HTTPC2ConfigName == "" {
+		config.HTTPC2ConfigName = consts.DefaultC2Profile
+	}
+
 	migrate, err := con.Rpc.Migrate(context.Background(), &clientpb.MigrateReq{
 		Pid:      pid,
 		Config:   config,

@@ -560,6 +560,23 @@ func (con *SliverClient) GetActiveSessionConfig() *clientpb.ImplantConfig {
 		IsSharedLib:         true,
 		C2:                  c2s,
 	}
+	/* If this config will be used to build an implant,
+	we need to make sure to include the correct transport
+	for the build */
+	switch session.Transport {
+	case "mtls":
+		config.IncludeMTLS = true
+	case "http(s)":
+		config.IncludeHTTP = true
+	case "dns":
+		config.IncludeDNS = true
+	case "wg":
+		config.IncludeWG = true
+	case "namedpipe":
+		config.IncludeNamePipe = true
+	case "tcppivot":
+		config.IncludeTCP = true
+	}
 	return config
 }
 
@@ -590,7 +607,23 @@ func (con *SliverClient) GetActiveBeaconConfig() *clientpb.ImplantConfig {
 		IsSharedLib:         true,
 		C2:                  c2s,
 	}
-
+	/* If this config will be used to build an implant,
+	we need to make sure to include the correct transport
+	for the build */
+	switch beacon.Transport {
+	case "mtls":
+		config.IncludeMTLS = true
+	case "http":
+		config.IncludeHTTP = true
+	case "dns":
+		config.IncludeDNS = true
+	case "wg":
+		config.IncludeWG = true
+	case "namedpipe":
+		config.IncludeNamePipe = true
+	case "tcppivot":
+		config.IncludeTCP = true
+	}
 	return config
 }
 

@@ -220,6 +220,11 @@ func SliverShellcode(name string, build *clientpb.ImplantBuild, config *clientpb
 	dest := filepath.Join(goConfig.ProjectDir, "bin", filepath.Base(name))
 	dest += ".bin"
 
+	// if the destination already exists, delete it
+	if _, err := os.Stat(dest); err == nil {
+		os.Remove(dest)
+	}
+
 	tags := []string{}
 	if config.NetGoEnabled {
 		tags = append(tags, "netgo")

@@ -26,6 +26,7 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
 
 	"github.com/Binject/debug/pe"
 	"github.com/bishopfox/sliver/protobuf/clientpb"
@@ -98,6 +99,10 @@ func (rpc *Server) Migrate(ctx context.Context, req *clientpb.MigrateReq) (*sliv
 			name = req.Name
 		}
 		config.Format = clientpb.OutputFormat_SHELLCODE
+		// Tweak some of the config parameters
+		config.IsShellcode = true
+		config.IsSharedLib = false
+		config.TemplateName = "sliver"
 		config.ObfuscateSymbols = true
 		build, err := generate.GenerateConfig(name, config)
 		if err != nil {
@@ -115,6 +120,24 @@ func (rpc *Server) Migrate(ctx context.Context, req *clientpb.MigrateReq) (*sliv
 			return nil, err
 		}
 		shellcode, _ = os.ReadFile(shellcodePath)
+		// Save the implant config in the database so that the server recognizes it when it tries to connect
+		config.ID = ""
+		savedConfig, err := db.SaveImplantConfig(config)
+		if err != nil {
+			return nil, err
+		}
+		build.ImplantConfigID = savedConfig.ID
+
+		/* Save the build in the database so that the server recognizes it when it tries to connect
+		   This build will have the same name as the implant it is being spawned from, so
+		   we need to create a unique name for the database
+		*/
+		build.Name = fmt.Sprintf("%s_%d", build.Name, time.Now().Unix())
+		_, err = db.SaveImplantBuild(build)
+		if err != nil {
+			return nil, err
+		}
+
 	}
 
 	if len(shellcode) < 1 {