Merge pull request #1676 from BishopFox/v1.6.0/package-output

New Output Handler for Extensions and Aliases
BishopFox · May 8, 2024 · 4bfdb7b · 4bfdb7b
2 parents c642bfc + 7e4ba5d
commit 4bfdb7b
Show file tree

Hide file tree

Showing 4 changed files with 369 additions and 35 deletions.
diff --git a/client/command/alias/load.go b/client/command/alias/load.go
@@ -32,6 +32,7 @@ import (
 	"github.com/bishopfox/sliver/client/command/help"
 	"github.com/bishopfox/sliver/client/console"
 	consts "github.com/bishopfox/sliver/client/constants"
+	"github.com/bishopfox/sliver/client/packages"
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
 	"github.com/bishopfox/sliver/util"
@@ -85,12 +86,13 @@ type AliasManifest struct {
 	Help           string `json:"help"`
 	LongHelp       string `json:"long_help"`
 
-	Entrypoint   string       `json:"entrypoint"`
-	AllowArgs    bool         `json:"allow_args"`
-	DefaultArgs  string       `json:"default_args"`
-	Files        []*AliasFile `json:"files"`
-	IsReflective bool         `json:"is_reflective"`
-	IsAssembly   bool         `json:"is_assembly"`
+	Entrypoint   string                 `json:"entrypoint"`
+	AllowArgs    bool                   `json:"allow_args"`
+	DefaultArgs  string                 `json:"default_args"`
+	Files        []*AliasFile           `json:"files"`
+	IsReflective bool                   `json:"is_reflective"`
+	IsAssembly   bool                   `json:"is_assembly"`
+	Schema       *packages.OutputSchema `json:"schema"`
 
 	RootPath   string `json:"-"`
 	ArmoryName string `json:"-"`
@@ -239,6 +241,13 @@ func ParseAliasManifest(data []byte) (*AliasManifest, error) {
 		}
 	}
 
+	if alias.Schema != nil {
+		if !packages.IsValidSchemaType(alias.Schema.Name) {
+			return nil, fmt.Errorf("%s is not a valid schema type", alias.Schema.Name)
+		}
+		alias.Schema.IngestColumns()
+	}
+
 	return alias, nil
 }
 
@@ -387,11 +396,11 @@ func runAliasCommand(cmd *cobra.Command, con *console.SliverClient, args []strin
 					con.PrintErrorf("Failed to decode call ext response %s\n", err)
 					return
 				}
-				PrintAssemblyOutput(cmd.Name(), executeAssemblyResp, outFilePath, con)
+				PrintAssemblyOutput(cmd.Name(), aliasManifest.Schema, executeAssemblyResp, outFilePath, con)
 			})
 			con.PrintAsyncResponse(executeAssemblyResp.Response)
 		} else {
-			PrintAssemblyOutput(cmd.Name(), executeAssemblyResp, outFilePath, con)
+			PrintAssemblyOutput(cmd.Name(), aliasManifest.Schema, executeAssemblyResp, outFilePath, con)
 		}
 
 	} else if aliasManifest.IsReflective {
@@ -426,11 +435,11 @@ func runAliasCommand(cmd *cobra.Command, con *console.SliverClient, args []strin
 					con.PrintErrorf("Failed to decode call ext response %s\n", err)
 					return
 				}
-				PrintSpawnDLLOutput(cmd.Name(), spawnDllResp, outFilePath, con)
+				PrintSpawnDLLOutput(cmd.Name(), aliasManifest.Schema, spawnDllResp, outFilePath, con)
 			})
 			con.PrintAsyncResponse(spawnDllResp.Response)
 		} else {
-			PrintSpawnDLLOutput(cmd.Name(), spawnDllResp, outFilePath, con)
+			PrintSpawnDLLOutput(cmd.Name(), aliasManifest.Schema, spawnDllResp, outFilePath, con)
 		}
 
 	} else {
@@ -466,36 +475,80 @@ func runAliasCommand(cmd *cobra.Command, con *console.SliverClient, args []strin
 					con.PrintErrorf("Failed to decode call ext response %s\n", err)
 					return
 				}
-				PrintSideloadOutput(cmd.Name(), sideloadResp, outFilePath, con)
+				PrintSideloadOutput(cmd.Name(), aliasManifest.Schema, sideloadResp, outFilePath, con)
 			})
 			con.PrintAsyncResponse(sideloadResp.Response)
 		} else {
-			PrintSideloadOutput(cmd.Name(), sideloadResp, outFilePath, con)
+			PrintSideloadOutput(cmd.Name(), aliasManifest.Schema, sideloadResp, outFilePath, con)
 		}
 	}
 }
 
+func getOutputWithSchema(schema *packages.OutputSchema, result string) string {
+	if schema == nil {
+		return result
+	}
+
+	outputSchema := packages.GetNewPackageOutput(schema.Name)
+	if outputSchema == nil {
+		return result
+	}
+
+	err := outputSchema.IngestData([]byte(result), schema.Columns(), schema.GroupBy)
+	if err != nil {
+		return result
+	}
+	return outputSchema.CreateTable()
+}
+
 // PrintSpawnDLLOutput - Prints the output of a spawn dll command.
-func PrintSpawnDLLOutput(cmdName string, spawnDllResp *sliverpb.SpawnDll, outFilePath *os.File, con *console.SliverClient) {
-	con.PrintInfof("%s output:\n%s", cmdName, spawnDllResp.GetResult())
+func PrintSpawnDLLOutput(cmdName string, schema *packages.OutputSchema, spawnDllResp *sliverpb.SpawnDll, outFilePath *os.File, con *console.SliverClient) {
+	var result string
+
+	if schema != nil {
+		result = getOutputWithSchema(schema, spawnDllResp.GetResult())
+	} else {
+		result = spawnDllResp.GetResult()
+	}
+	con.PrintInfof("%s output:\n%s", cmdName, result)
+
+	// Output the raw result to the file
 	if outFilePath != nil {
 		outFilePath.WriteString(spawnDllResp.GetResult())
 		con.PrintInfof("Output saved to %s\n", outFilePath.Name())
 	}
 }
 
 // PrintSideloadOutput - Prints the output of a sideload command.
-func PrintSideloadOutput(cmdName string, sideloadResp *sliverpb.Sideload, outFilePath *os.File, con *console.SliverClient) {
-	con.PrintInfof("%s output:\n%s", cmdName, sideloadResp.GetResult())
+func PrintSideloadOutput(cmdName string, schema *packages.OutputSchema, sideloadResp *sliverpb.Sideload, outFilePath *os.File, con *console.SliverClient) {
+	var result string
+
+	if schema != nil {
+		result = getOutputWithSchema(schema, sideloadResp.GetResult())
+	} else {
+		result = sideloadResp.GetResult()
+	}
+	con.PrintInfof("%s output:\n%s", cmdName, result)
+
+	// Output the raw result to the file
 	if outFilePath != nil {
 		outFilePath.WriteString(sideloadResp.GetResult())
 		con.PrintInfof("Output saved to %s\n", outFilePath.Name())
 	}
 }
 
 // PrintAssemblyOutput - Prints the output of an execute-assembly command.
-func PrintAssemblyOutput(cmdName string, execAsmResp *sliverpb.ExecuteAssembly, outFilePath *os.File, con *console.SliverClient) {
-	con.PrintInfof("%s output:\n%s", cmdName, string(execAsmResp.GetOutput()))
+func PrintAssemblyOutput(cmdName string, schema *packages.OutputSchema, execAsmResp *sliverpb.ExecuteAssembly, outFilePath *os.File, con *console.SliverClient) {
+	var result string
+
+	if schema != nil {
+		result = getOutputWithSchema(schema, string(execAsmResp.GetOutput()))
+	} else {
+		result = string(execAsmResp.GetOutput())
+	}
+	con.PrintInfof("%s output:\n%s", cmdName, result)
+
+	// Output the raw result to the file
 	if outFilePath != nil {
 		outFilePath.Write(execAsmResp.GetOutput())
 		con.PrintInfof("Output saved to %s\n", outFilePath.Name())

diff --git a/client/command/extensions/load.go b/client/command/extensions/load.go
@@ -39,6 +39,7 @@ import (
 	"github.com/bishopfox/sliver/client/console"
 	consts "github.com/bishopfox/sliver/client/constants"
 	"github.com/bishopfox/sliver/client/core"
+	"github.com/bishopfox/sliver/client/packages"
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
 	"github.com/bishopfox/sliver/util"
@@ -92,14 +93,15 @@ type ExtensionManifest struct {
 }
 
 type ExtCommand struct {
-	CommandName string               `json:"command_name"`
-	Help        string               `json:"help"`
-	LongHelp    string               `json:"long_help"`
-	Files       []*extensionFile     `json:"files"`
-	Arguments   []*extensionArgument `json:"arguments"`
-	Entrypoint  string               `json:"entrypoint"`
-	DependsOn   string               `json:"depends_on"`
-	Init        string               `json:"init"`
+	CommandName string                 `json:"command_name"`
+	Help        string                 `json:"help"`
+	LongHelp    string                 `json:"long_help"`
+	Files       []*extensionFile       `json:"files"`
+	Arguments   []*extensionArgument   `json:"arguments"`
+	Entrypoint  string                 `json:"entrypoint"`
+	DependsOn   string                 `json:"depends_on"`
+	Init        string                 `json:"init"`
+	Schema      *packages.OutputSchema `json:"schema"`
 
 	Manifest *ExtensionManifest
 }
@@ -201,6 +203,7 @@ func convertOldManifest(old *ExtensionManifest_) *ExtensionManifest {
 				Entrypoint:  old.Entrypoint,
 				Files:       old.Files,
 				Arguments:   old.Arguments,
+				Schema:      nil,
 			},
 		},
 	}
@@ -228,9 +231,13 @@ func ParseExtensionManifest(data []byte) (*ExtensionManifest, error) {
 		//yes, ok, lets jigger it to a new manifest
 		extManifest = convertOldManifest(oldmanifest)
 	}
-	//pass ref to manifest to each command
+	//pass ref to manifest to each command and initialize output schema if applicable
 	for i := range extManifest.ExtCommand {
-		extManifest.ExtCommand[i].Manifest = extManifest
+		command := extManifest.ExtCommand[i]
+		command.Manifest = extManifest
+		if command.Schema != nil {
+			command.Schema.IngestColumns()
+		}
 	}
 	return extManifest, validManifest(extManifest)
 }
@@ -263,6 +270,11 @@ func validManifest(manifest *ExtensionManifest) error {
 		if extManifest.Help == "" {
 			return errors.New("missing `help` field in extension manifest")
 		}
+		if extManifest.Schema != nil {
+			if !packages.IsValidSchemaType(extManifest.Schema.Name) {
+				return fmt.Errorf("%s is not a valid schema type", extManifest.Schema.Name)
+			}
+		}
 	}
 	return nil
 }
@@ -613,23 +625,38 @@ func runExtensionCmd(cmd *cobra.Command, con *console.SliverClient, args []strin
 				con.PrintErrorf("Failed to decode call ext response %s\n", err)
 				return
 			}
-			PrintExtOutput(extName, ext.CommandName, callExtResp, con)
+			PrintExtOutput(extName, ext.CommandName, ext.Schema, callExtResp, con)
 		})
 		con.PrintAsyncResponse(callExtResp.Response)
 	} else {
-		PrintExtOutput(extName, ext.CommandName, callExtResp, con)
+		PrintExtOutput(extName, ext.CommandName, ext.Schema, callExtResp, con)
 	}
 }
 
 // PrintExtOutput - Print the ext execution output.
-func PrintExtOutput(extName string, commandName string, callExtension *sliverpb.CallExtension, con *console.SliverClient) {
+func PrintExtOutput(extName string, commandName string, outputSchema *packages.OutputSchema, callExtension *sliverpb.CallExtension, con *console.SliverClient) {
 	if extName == commandName {
-		con.PrintInfof("Successfully executed %s", extName)
+		con.PrintInfof("Successfully executed %s\n", extName)
 	} else {
-		con.PrintInfof("Successfully executed %s (%s)", commandName, extName)
+		con.PrintInfof("Successfully executed %s (%s)\n", commandName, extName)
 	}
 	if 0 < len(string(callExtension.Output)) {
-		con.PrintInfof("Got output:\n%s", callExtension.Output)
+		if outputSchema == nil {
+			con.PrintInfof("Got output:\n%s", callExtension.Output)
+		} else {
+			// Get output schema
+			schema := packages.GetNewPackageOutput(outputSchema.Name)
+			if schema != nil {
+				ingestErr := schema.IngestData(callExtension.Output, outputSchema.Columns(), outputSchema.GroupBy)
+				if ingestErr != nil {
+					con.PrintInfof("Got output:\n%s", callExtension.Output)
+				} else {
+					con.Printf("%s\n", schema.CreateTable())
+				}
+			} else {
+				con.PrintInfof("Got output:\n%s", callExtension.Output)
+			}
+		}
 	}
 	if callExtension.Response != nil && callExtension.Response.Err != "" {
 		con.PrintErrorf(callExtension.Response.Err)

diff --git a/client/command/tasks/fetch.go b/client/command/tasks/fetch.go
@@ -227,7 +227,7 @@ func renderTaskResponse(task *clientpb.BeaconTask, con *console.SliverClient) {
 			con.PrintErrorf("Failed to decode task response: %s\n", err)
 			return
 		}
-		extensions.PrintExtOutput("", "", callExtension, con)
+		extensions.PrintExtOutput("", "", nil, callExtension, con)
 
 	// ---------------------
 	// Exec commands