Merge pull request #362 from BishopFox/kill

Rework the force flag for `kill`
BishopFox · Mar 29, 2021 · 9508092 · 9508092
2 parents 8e23f3b + 3ce83c0
commit 9508092
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 15 deletions.
diff --git a/client/command/sessions.go b/client/command/sessions.go
@@ -51,7 +51,7 @@ func sessions(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 	if killAll {
 		ActiveSession.Background()
 		for _, session := range sessions.Sessions {
-			err := killSession(session, rpc)
+			err := killSession(session, true, rpc)
 			if err != nil {
 				fmt.Printf(Warn+"%s\n", err)
 			}
@@ -64,7 +64,7 @@ func sessions(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 		ActiveSession.Background()
 		for _, session := range sessions.Sessions {
 			if session.IsDead {
-				err := killSession(session, rpc)
+				err := killSession(session, true, rpc)
 				if err != nil {
 					fmt.Printf(Warn+"%s\n", err)
 				}
@@ -79,7 +79,7 @@ func sessions(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 		if activeSession != nil && session.ID == activeSession.ID {
 			ActiveSession.Background()
 		}
-		err := killSession(session, rpc)
+		err := killSession(session, true, rpc)
 		if err != nil {
 			fmt.Printf(Warn+"%s\n", err)
 		}
@@ -210,7 +210,7 @@ func kill(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 		return
 	}
 
-	err := killSession(session, rpc)
+	err := killSession(session, ctx.Flags.Bool("force"), rpc)
 	if err != nil {
 		fmt.Printf(Warn+"%s\n", err)
 		return
@@ -219,15 +219,15 @@ func kill(ctx *grumble.Context, rpc rpcpb.SliverRPCClient) {
 	ActiveSession.Background()
 }
 
-func killSession(session *clientpb.Session, rpc rpcpb.SliverRPCClient) error {
+func killSession(session *clientpb.Session, force bool, rpc rpcpb.SliverRPCClient) error {
 	if session == nil {
 		return errors.New("Session does not exist")
 	}
 	_, err := rpc.KillSession(context.Background(), &sliverpb.KillSessionReq{
 		Request: &commonpb.Request{
 			SessionID: session.ID,
 		},
-		Force: true,
+		Force: force,
 	})
 	return err
 }
diff --git a/implant/sliver/handlers/special-handlers.go b/implant/sliver/handlers/special-handlers.go
@@ -26,7 +26,7 @@ import (
 	"github.com/bishopfox/sliver/implant/sliver/transports"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
 
-	// {{if .Config.IsSharedLib}}
+	// {{if or .Config.IsSharedLib .Config.IsShellcode}}
 	// {{if eq .Config.GOOS "windows"}}
 	"runtime"
 	"syscall"
@@ -55,22 +55,23 @@ func killHandler(data []byte, connection *transports.Connection) error {
 	if err != nil {
 		return err
 	}
-	// {{if .Config.IsSharedLib}}
 	// {{if eq .Config.GOOS "windows"}}
+	// {{if or .Config.IsSharedLib .Config.IsShellcode}}
 	if runtime.GOOS == "windows" {
 		// Windows only: ExitThread() instead of os.Exit() for DLL/shellcode slivers
 		// so that the parent process is not killed
-		exitFunc := syscall.MustLoadDLL("kernel32.dll").MustFindProc("ExitThread")
+		var exitFunc *syscall.Proc
+		if killReq.Force {
+			exitFunc = syscall.MustLoadDLL("kernel32.dll").MustFindProc("ExitProcess")
+		} else {
+			exitFunc = syscall.MustLoadDLL("kernel32.dll").MustFindProc("ExitThread")
+		}
 		exitFunc.Call(uintptr(0))
 		return nil
 	}
-	// {{end}}
 	// {{else}}
-	// Exit now if we've received a force request
-	if killReq.Force {
-		os.Exit(0)
-	}
-	//{{end}}
+	// {{end}}
+	// {{end}}
 	// Cleanup connection
 	connection.Cleanup()
 	// {{if .Config.Debug}}