search

moloch-- / sliver-py

A Python gRPC Client Library for Sliver
GNU General Public License v3.0
62 stars 13 forks source link

fix #11 - registry_write #15

Closed daddycocoaman closed 1 year ago

daddycocoaman commented 1 year ago

Sliver proto was fixed with RegistryTypeEnum so regenerated protobuf files and fixed function. Verified all RegistryTypes worked as expected.

import asyncio
from pathlib import Path
from sliver import SliverClientConfig, SliverClient
from sliver.pb.sliverpb import sliver_pb2

CONFIG_PATH = Path("~/.sliver-client/configs/dcm_localhost.cfg").expanduser()

print(sliver_pb2.RegistryType.items())

async def main():
    config = SliverClientConfig.parse_config_file(CONFIG_PATH)
    client = SliverClient(config)
    session_id = "073dc995-18c8-4b5f-a0a1-3dddfa9a2a3b"
    hive = "HKCU"
    reg_path = "Environment"
    key_name = "SLIVERPY"
    string_value = "TESTING-2"
    await client.connect()
    sessions = await client.sessions()

    session = await client.interact_session(session_id)
    result = await session.registry_write(
        hive,
        reg_path,
        key_name,
        session.hostname,
        string_value=string_value,
        byte_value=b"\x00",
        dword_value=4,
        qword_value=8,
        reg_type=sliver_pb2.RegistryType.String,
    )
    print("Write Result:")
    print(result)

    result = await session.registry_read(hive, reg_path, key_name, session.hostname)
    print("Read Result:")
    print(result)

if __name__ == "__main__":
    asyncio.run(main())

Result:

[('Unknown', 0), ('Binary', 1), ('String', 2), ('DWORD', 3), ('QWORD', 4)]
Write Result:
Response {
}

Read Result:
Value: "TESTING-2"
Response {
}