Sliver implant build failing when using docker

[khast3x]

Describe the bug

The sliver server outputs the following when building:

*] v0.0.7 - ef949916b80c67eba5f5bdf3f2f2dc836bfc2b6c - Dirty
[*] Welcome to the sliver shell, please type 'help' for options

sliver > generate --mtls 11.22.33.44 --skip-symbols

[*] Generating new windows/amd64 Sliver binary
[!] Symbol obfuscation is disabled
[*] Build completed in 00:01:15
[!] Build failed, no file data

To Reproduce

On a new server, running 4x x84 64bit CPUs/8GB RAM/50 GB SSD:

# Install docker
$ git clone https://github.com/BishopFox/sliver.git
$ cd sliver
$ python3 build.py #OK 
$ docker run -it -p 8888:8888 -p 443:443 -p 80:80 sliver:latest
$ sliver > generate --mtls IPADRESS [--skip-symbols] # stops with or without

Expected behavior

• An executable

Desktop (please complete the following information):

• OS: [e.g. MacOS] Ubuntu Server
• Version [e.g. v0.0.5] 18 LTS

Additional context

Tried performing binary build on other server types that were less powerful, did not work either.

Cheers! 👋

[rkervella]

Can you provide the logs ? You should be able to find them in $HOME/.sliver/logs/sliver.log. My best bet right now is that you forgot to run ./go-assets.sh, see this link for details.

[moloch--]

I was able to reproduce, looks like it's a file permission issue:

INFO[0012] [sliver/server/generate/binaries.go:473] Obfuscating source code ...
INFO[0012] [sliver/server/gobfuscate/main.go:52] Copying GOPATH (/home/sliver/.sliver/slivers/windows/amd64/SUNNY_CHAUVINIST) ...
INFO[0043] [sliver/server/gobfuscate/main.go:61] Obfuscating strings ...
ERRO[0043] [sliver/server/gobfuscate/main.go:63] Failed to obfuscate strings: open /home/sliver/.sliver/slivers/windows/amd64/SUNNY_CHAUVINIST/obfuscated/pkg/mod/github.com/google/[email protected]/driver/driver.go: permission denied
INFO[0043] [sliver/server/generate/binaries.go:479] Error while obfuscating sliver open /home/sliver/.sliver/slivers/windows/amd64/SUNNY_CHAUVINIST/obfuscated/pkg/mod/github.com/google/[email protected]/driver/driver.go: permission denied

[moloch--]

There's a 2nd bug here too in that the unit tests did not catch this.

[moloch--]

We erroneously copy certain files as ~400:

-r--r--r-- 1 sliver sliver 9.9K Oct 31 13:01 driver.go

[rkervella]

Hm, been there, I'm pretty sure it's linked to golang/go#27161.
TL;DR: go cache is readonly to prevent tests from removing $GOPATH/pkg, which is a shitty excuse tbh.

[moloch--]

We could just chmod -R 777 / ... :)

[rkervella]

Yeah, or just u+rw.

[khast3x]

Hello,
Thank you for the quick response & code push.

I have restarted the general procedure since, but still to no avail:

root@docker:~/sliver# git log -q
commit c2876a95fd2941b8ae2e741a090c2285688dc7c0 (HEAD -> master, origin/master, origin/HEAD)
Merge: c4252e0 ef94991
Author: moloch-- <[email protected]>
Date:   Thu Oct 31 17:33:59 2019 -0500

    Merge branch 'master' of github.com:BishopFox/sliver

commit c4252e0147ee831bd41456e5296675929df91b18
Author: moloch-- <[email protected]>
Date:   Thu Oct 31 17:33:52 2019 -0500

    Fix issue #130
[...]
root@docker:~/sliver# python3 build.py #OK
root@docker:~/sliver# docker run -it -p 8888:8888 -p 443:443 -p 80:80 -v outdata:/out sliver:latest
Unpacking assets ...

    ███████╗██╗     ██╗██╗   ██╗███████╗██████╗
    ██╔════╝██║     ██║██║   ██║██╔════╝██╔══██╗
    ███████╗██║     ██║██║   ██║█████╗  ██████╔╝
    ╚════██║██║     ██║╚██╗ ██╔╝██╔══╝  ██╔══██╗
    ███████║███████╗██║ ╚████╔╝ ███████╗██║  ██║
    ╚══════╝╚══════╝╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝

All hackers gain haste
[*] v0.0.7 - c2876a95fd2941b8ae2e741a090c2285688dc7c0 - Dirty
[*] Welcome to the sliver shell, please type 'help' for options

sliver > generate --mtls IPADRESS --skip-symbols

[*] Generating new windows/amd64 Sliver binary
[!] Symbol obfuscation is disabled
[*] Build completed in 00:00:26
[!] Failed to write to: /go/src/github.com/bishopfox/sliver/IDENTICAL_BRATWURST.exe

sliver > generate --mtls IPADRESS --skip-symbols -o /out/

[*] Generating new /out//amd64 Sliver binary
[!] Symbol obfuscation is disabled
[*] Build completed in 00:00:00
[!] Build failed, no file data

sliver > 

Here is a log output (not exactly the same operation but same bug)

Should I open a new issue or keep this one alive?

Cheers!

[moloch--]

Okay builds should be working in Docker again, however it's important to note with some of the new code we've added and with the performance hit of running in Docker (at least on my Mac, running native Docker will have less of an impact) builds may take much longer:

sliver > generate --mtls 1.2.3.4

[*] Generating new windows/amd64 Sliver binary
[*] Symbol obfuscation is enabled, this process takes about 15 minutes
[*] Build completed in 02:17:00

[moloch--]

Hey @khast3x that's because the Sliver server runs as an unprivileged user in Docker, and the CWD is not writable by that user. Try using --save to specify a location the sliver user has write access to:

sliver > generate --mtls 1.2.3.4 --save /home/sliver

Alternatively you can connect with the sliver-client and save the binaries to your local file system. You should also be able to access the previously generated slivers (that failed to write) with the rengerate command (again just specify a writable -o location).