Merge branch 'master' into 378ddependabot/go_modules/gorm.io/driver/m…

…ysql-1.5.7

Dockerfile

@@ -9,7 +9,7 @@
 
 # STAGE: base
 ## Compiles Sliver for use
-FROM golang:1.22.2 as base
+FROM golang:1.22.5 AS base
 
 ### Base packages
 RUN apt-get update --fix-missing && apt-get -y install \
@@ -29,7 +29,7 @@ RUN cp -vv sliver-server /opt/sliver-server
 # STAGE: test
 ## Run unit tests against the compiled instance
 ## Use `--target test` in the docker build command to run this stage
-FROM base as test
+FROM base AS test
 
 RUN apt-get update --fix-missing \
     && apt-get -y upgrade \
@@ -43,7 +43,7 @@ RUN /go/src/github.com/bishopfox/sliver/go-tests.sh
 
 # STAGE: production
 ## Final dockerized form of Sliver
-FROM debian:bookworm-slim as production
+FROM debian:bookworm-slim AS production
 
 ### Install production packages
 RUN apt-get update --fix-missing \

README.md

@@ -8,7 +8,7 @@ The server and client support MacOS, Windows, and Linux. Implants are supported
 
 # v1.6.0 / `master`
 
-**NOTE:** You are looking the latest master branch of Sliver v1.6.0; new PRs should target this branch. However, this branch is NOT RECOMMENDED for production use yet. Please use release tagged versions for the best experience.
+**NOTE:** You are looking at the latest master branch of Sliver v1.6.0; new PRs should target this branch. However, this branch is NOT RECOMMENDED for production use yet. Please use release tagged versions for the best experience.
 
 For PRs containing bug fixes specific to Sliver v1.5, please target the [`v1.5.x/master` branch](https://github.com/BishopFox/sliver/tree/v1.5.x/master).
 
@@ -47,7 +47,7 @@ See the [wiki](https://sliver.sh/docs?name=Compile+from+Source).
 
 ### Feedback
 
-Please take a moment and fill out [our survey](https://forms.gle/SwVsHFNh24ChG58C6)
+Please take a moment and fill out [our survey](https://forms.gle/SwVsHFNh24ChG58C6).
 
 ### License - GPLv3
 

client/assets/c2profiles.go

@@ -32,10 +32,10 @@ type HTTPC2ServerConfig struct {
 }
 
 type NameValueProbability struct {
-	Name        string `json:"name"`
-	Value       string `json:"value"`
-	Probability int    `json:"probability"`
-	Methods     []string
+	Name        string   `json:"name"`
+	Value       string   `json:"value"`
+	Probability int      `json:"probability"`
+	Methods     []string `json:"methods"`
 }
 
 // HTTPC2ImplantConfig - Implant configuration options
@@ -56,7 +56,7 @@ type HTTPC2ImplantConfig struct {
 
 	NonceQueryArgChars string                 `json:"nonce_query_args"`
 	URLParameters      []NameValueProbability `json:"url_parameters"`
-	Headers            []NameValueProbability `json:"headers"`
+	Headers            []NameValueProbability `json:"client_headers"`
 
 	MaxFiles int `json:"max_files"`
 	MinFiles int `json:"min_files"`

client/command/c2profiles/c2profiles.go

@@ -453,6 +453,17 @@ func C2ConfigToProtobuf(profileName string, config *assets.HTTPC2Config) *client
 		})
 	}
 
+	for _, clientHeader := range config.ImplantConfig.Headers {
+		for _, method := range clientHeader.Methods {
+			httpC2Headers = append(httpC2Headers, &clientpb.HTTPC2Header{
+				Method:      method,
+				Name:        clientHeader.Name,
+				Value:       clientHeader.Value,
+				Probability: int32(clientHeader.Probability),
+			})
+		}
+	}
+
 	implantConfig := &clientpb.HTTPC2ImplantConfig{
 		UserAgent:                 config.ImplantConfig.UserAgent,
 		ChromeBaseVersion:         int32(config.ImplantConfig.ChromeBaseVersion),

docs/sliver-docs/package.json

@@ -21,7 +21,7 @@
     "framer-motion": "^10.16.16",
     "fuse.js": "^7.0.0",
     "lunr": "^2.3.9",
-    "next": "^14.2.3",
+    "next": "^14.2.12",
     "next-themes": "^0.2.1",
     "react": "18.2.0",
     "react-dom": "18.2.0",

docs/sliver-docs/pages/docs/md/Community Guides.md

@@ -15,7 +15,7 @@
 ### Blogs
 
 - https://bishopfox.com/blog/passing-the-osep-exam-using-sliver
-- https://notateamserver.xyz/sliver-101/
+- https://notateamserver.xyz/blog/sliver-101/
 - https://dominicbreuker.com/post/learning_sliver_c2_01_installation/
 - https://vk9-sec.com/how-to-set-up-use-c2-sliver/
 - https://0x90-1.gitbook.io/sliver/
@@ -38,6 +38,7 @@
 
 ### Detection & Analysis
 
+- https://medium.com/@unsec.monitor/how-to-use-zeek-detect-sliver-http-beacon-traffic-f05b214c4056
 - https://www.immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
 - https://blogs.vmware.com/security/2023/01/detection-of-lateral-movement-with-the-sliver-c2-framework.html
 - https://michaelkoczwara.medium.com/sliver-c2-implant-analysis-62773928097f

docs/sliver-docs/pages/docs/md/Compile from Source.md

@@ -120,7 +120,7 @@ $ make macos
 $ make macos-arm64
 $ make linux
 $ make linux-arm64
-$ make windows
+$ make windows-amd64
 ```
 
 ### Docker Build
@@ -140,4 +140,4 @@ The Docker build includes mingw and Metasploit, so it can take a while to build
 - Kali/Ubuntu/Debian `sudo apt install mingw-w64`
 - MacOS `brew install mingw-w64`
 
-If all you have is a Windows machine, the easiest way to build Sliver is using [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10) and following the Linux/cross-compile instructions above. To cross-compile a native Windows binary use `make windows` and copy it to your Windows file system (i.e. `/mnt/c/Users/foo/Desktop`) and run it using a terminal that supports ANSI sequences such as the [Windows Terminal](https://github.com/microsoft/terminal).
+If all you have is a Windows machine, the easiest way to build Sliver is using [WSL](https://docs.microsoft.com/en-us/windows/wsl/install-win10) and following the Linux/cross-compile instructions above. To cross-compile a native Windows binary use `make windows-amd64` and copy it to your Windows file system (i.e. `/mnt/c/Users/foo/Desktop`) and run it using a terminal that supports ANSI sequences such as the [Windows Terminal](https://github.com/microsoft/terminal).

docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md

@@ -1,14 +1,14 @@
-# This course is intented for the 1.6 version of Sliver, which is not yet published
+# This course is intended for the 1.6 version of Sliver, which is not yet published
 
 `sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.
 
-First time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.
+First time running Sliver will take a couple seconds as it's retrieving its dependencies. Consecutive executions will be much faster. Go ahead and launch the `sliver-server`.
 
 ```asciinema
 {"src": "/asciinema/startup.cast", "cols": "132", "rows": "28", "idleTimeLimit": 8}
 ```
 
-Let's take a couple minutes to discuss what Sliver actually is and how its setup.
+Let's take a couple minutes to discuss what Sliver actually is and how it's set up.
 
 ![Alt text](/images/Architecture.png)
 
@@ -36,7 +36,7 @@ SESSION  1884a365  RELATED_EARDRUM  [::1]:49153      test.local  tester  darwin/
 [*] /Users/tester/tools
 ```
 
-Once you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!
+Once you have reached this point, go ahead and explore some of the commands listed below. In each case, first check out the command's help using the **`-h`** flag then try it out!
 
 ```bash
 Exploring and interacting with the filesystem

docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md

@@ -1,8 +1,8 @@
-# This course is intented for the 1.6 version of Sliver, which is not yet published
+# This course is intended for the 1.6 version of Sliver, which is not yet published
 
 Sliver implants support two types of connections, sessions and beacons.
 
-Sessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.
+Sessions use long-polling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.
 
 Typically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.
 
@@ -60,25 +60,24 @@ The example below sets the callback time to 5s with a 1s jitter.
       Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)
 ```
 
-Commands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not.  The results of previously run tasks can be viewed using `tasks fetch`.
+Commands issued for beacons can be viewed using `tasks`, the task state will indicate whether the command has completed or not.  The results of previously run tasks can be viewed using `tasks fetch`.
 
 ```asciinema
 {"src": "/asciinema/beacon_tasks.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8}
 ```
 
-Session can be spun up using the `interractive` command.
+Session can be spun up using the `interactive` command.
 
 ```asciinema
 {"src": "/asciinema/beacon_interractive.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8}
 ```
 
-Because of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.
+Because of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwidth should be run from a session.
 
 Let’s switch to our newly created session and spin-up a `socks5` proxy.
 
 ```bash
 
-socks
 [server] sliver (TIRED_GIRAFFE) > use
 
 ? Select a session or beacon: SESSION  131a60b9  TIRED_GIRAFFE  127.0.0.1:51969  tester.local  tester  darwin/amd64