search

moloch-- / sliver-py

A Python gRPC Client Library for Sliver
GNU General Public License v3.0
62 stars 13 forks source link

registry_write() usage #11

Closed j91321 closed 1 year ago

j91321 commented 1 year ago

Hi,

The registry_write() function seems to be unusable currently. According to documentation it's defined as following:

async registry_write(hive: str, reg_path: str, key: str, hostname: str, string_value: str, byte_value: bytes, dword_value: int, qword_value: int)

The function requires to all arguments to be defined otherwise TypeError: registry_write() missing required positional argument occurs. Documentation under params mentions reg_type which makes sense since you need to know which of these should be used. However this is not a valid argument. It should be type sliver_pb2.RegistryType which I haven't found defined anywhere.

If you just define the _value arguments with whatever valid values, the request timeouts.

Example code:

#!/usr/bin/env python3

import os
import asyncio
from sliver import SliverClientConfig, SliverClient

CONFIG_PATH = 'sliver.cfg'

async def main():
    config = SliverClientConfig.parse_config_file(CONFIG_PATH)
    client = SliverClient(config)
    session_id = "9194d31f-9b1f-4d16-a402-a3e2f7ac2b5c"
    hive = "HKCU"
    reg_path = "Software\\Sliver"
    key_read = "ReadTest"
    key_write = "WriteKey"
    string_value = "Hello World!"
    hostname = "MSEDGEWIN10"
    await client.connect()
    session = await client.interact_session(session_id)
    result = await session.registry_read(hive, reg_path, key_read, hostname)
    print("Read Result:")
    print(result)
    result = await session.registry_write(hive, reg_path, key_write, hostname, string_value=string_value, byte_value=b'\x00', dword_value=0, qword_value=0)
    print("Write Result:")
    print(result)

if __name__ == '__main__':
    asyncio.run(main())
moloch-- commented 1 year ago

Yea I think the missing type is a protobuf enum

daddycocoaman commented 1 year ago

RegistryType isn't defined in the Sliver protobuf files but it's defined in https://github.com/BishopFox/sliver/blob/b621107965a59d5e8dc53bf8f4700bf44e8b9cbe/protobuf/sliverpb/constants.go#L297-L301

Probably should be added to Sliver's sliver.proto first and regenerated here.