Описание
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Summary
The current cryptography implementation in Sliver up to version 1.5.39 allows a MitM with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. (Reserved CVE ID: CVE-2023-34758)
Details
Please see the PoC repo.
PoC
Please also see the PoC repo. To setup a simple PoC environment,
- Generate an implant with its C2 set to the PoC server's address and copy the embedded private implant key and public server key into the config json.
- Run the implant on a separate VM and a
notepad.exewindow should pop up on the implanted VM.
Impact
A successful attack grants the attacker permission to execute arbitrary code on the implanted device.
References
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go
https://github.com/tangent65536/Slivjacker
Credits
Ссылки
- https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q
- https://nvd.nist.gov/vuln/detail/CVE-2023-34758
- https://nvd.nist.gov/vuln/detail/CVE-2023-35170
- https://github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516
- https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go
- https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go
- https://github.com/BishopFox/sliver/releases/tag/v1.5.40
- https://github.com/tangent65536/Slivjacker
- https://pkg.go.dev/vuln/GO-2023-1866
- https://www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091
Пакеты
github.com/bishopfox/sliver
>= 1.5.0, < 1.5.40
1.5.40
Связанные уязвимости
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.