Secure Rand Utils

client/assets/assets.go

@@ -96,7 +96,7 @@ func Setup(force bool, echo bool) {
 	if force || localVer == "" || localVer != ver.GitCommit {
 		if echo {
 			fmt.Printf(`
-Sliver  Copyright (C) 2022  Bishop Fox
+Sliver  Copyright (C) 2025  Bishop Fox
 This program comes with ABSOLUTELY NO WARRANTY; for details type 'licenses'.
 This is free software, and you are welcome to redistribute it
 under certain conditions; type 'licenses' for details.`)

client/command/cursed/cursed-chrome.go

@@ -23,7 +23,6 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	insecureRand "math/rand"
 	"os"
 	"strings"
 	"time"
@@ -36,6 +35,7 @@ import (
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
+	"github.com/bishopfox/sliver/util"
 	"github.com/spf13/cobra"
 )
 
@@ -213,7 +213,7 @@ func startCursedChromeProcess(isEdge bool, session *clientpb.Session, cmd *cobra
 	con.PrintInfof("Waiting for %s process to initialize ... ", name)
 	time.Sleep(2 * time.Second)
 
-	bindPort := insecureRand.Intn(10000) + 40000
+	bindPort := util.Intn(10000) + 40000
 	bindAddr := fmt.Sprintf("127.0.0.1:%d", bindPort)
 
 	remoteAddr := fmt.Sprintf("127.0.0.1:%d", debugPort)

client/command/cursed/cursed-electron.go

@@ -22,7 +22,6 @@ import (
 	"context"
 	"fmt"
 	"log"
-	insecureRand "math/rand"
 	"path"
 	"time"
 
@@ -34,6 +33,7 @@ import (
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
+	"github.com/bishopfox/sliver/util"
 	"github.com/spf13/cobra"
 )
 
@@ -118,7 +118,7 @@ func avadaKedavraElectron(electronExe string, session *clientpb.Session, cmd *co
 	return curse
 }
 
-func checkElectronPath(electronExe string, session *clientpb.Session, cmd *cobra.Command, con *console.SliverClient) (bool, error) {
+func checkElectronPath(electronExe string, _ *clientpb.Session, cmd *cobra.Command, con *console.SliverClient) (bool, error) {
 	ls, err := con.Rpc.Ls(context.Background(), &sliverpb.LsReq{
 		Request: con.ActiveTarget.Request(cmd),
 		Path:    electronExe,
@@ -175,7 +175,7 @@ func startCursedElectronProcess(electronExe string, session *clientpb.Session, c
 	con.PrintInfof("Waiting for process to initialize ... ")
 	time.Sleep(2 * time.Second)
 
-	bindPort := insecureRand.Intn(10000) + 40000
+	bindPort := util.Intn(10000) + 40000
 	bindAddr := fmt.Sprintf("127.0.0.1:%d", bindPort)
 
 	remoteAddr := fmt.Sprintf("127.0.0.1:%d", debugPort)

client/command/cursed/cursed.go

@@ -21,7 +21,6 @@ package cursed
 import (
 	"bytes"
 	"fmt"
-	insecureRand "math/rand"
 	"strconv"
 	"strings"
 	"text/tabwriter"
@@ -30,6 +29,7 @@ import (
 	"github.com/bishopfox/sliver/client/command/settings"
 	"github.com/bishopfox/sliver/client/console"
 	"github.com/bishopfox/sliver/client/core"
+	"github.com/bishopfox/sliver/util"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/spf13/cobra"
 )
@@ -115,7 +115,7 @@ func selectCursedProcess(con *console.SliverClient) *core.CursedProcess {
 func getRemoteDebuggerPort(cmd *cobra.Command) int {
 	port, _ := cmd.Flags().GetInt("remote-debugging-port")
 	if port == 0 {
-		port = insecureRand.Intn(30000) + 10000
+		port = util.Intn(30000) + 10000
 	}
 	return port
 }

client/command/exec/psexec.go

@@ -21,7 +21,6 @@ package exec
 import (
 	"context"
 	"fmt"
-	insecureRand "math/rand"
 	"os"
 	"strings"
 	"time"
@@ -32,6 +31,7 @@ import (
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
+	"github.com/bishopfox/sliver/util"
 	"github.com/bishopfox/sliver/util/encoders"
 	"github.com/spf13/cobra"
 )
@@ -175,33 +175,33 @@ func PsExecCmd(cmd *cobra.Command, con *console.SliverClient, args []string) {
 func randomString() string {
 	alphanumeric := "abcdefghijklmnopqrstuvwxyz0123456789"
 	str := ""
-	for index := 0; index < insecureRand.Intn(8)+1; index++ {
-		str += string(alphanumeric[insecureRand.Intn(len(alphanumeric))])
+	for index := 0; index < util.Intn(8)+1; index++ {
+		str += string(alphanumeric[util.Intn(len(alphanumeric))])
 	}
 	return str
 }
 
 func randomFileName() string {
 	noun := randomString()
 	noun = strings.ToLower(noun)
-	switch insecureRand.Intn(3) {
+	switch util.Intn(3) {
 	case 0:
 		noun = strings.ToUpper(noun)
 	case 1:
 		noun = strings.ToTitle(noun)
 	}
 
 	separators := []string{"", "", "", "", "", ".", "-", "_", "--", "__"}
-	sep := separators[insecureRand.Intn(len(separators))]
+	sep := separators[util.Intn(len(separators))]
 
 	alphanumeric := "abcdefghijklmnopqrstuvwxyz0123456789"
 	prefix := ""
-	for index := 0; index < insecureRand.Intn(3); index++ {
-		prefix += string(alphanumeric[insecureRand.Intn(len(alphanumeric))])
+	for index := 0; index < util.Intn(3); index++ {
+		prefix += string(alphanumeric[util.Intn(len(alphanumeric))])
 	}
 	suffix := ""
-	for index := 0; index < insecureRand.Intn(6)+1; index++ {
-		suffix += string(alphanumeric[insecureRand.Intn(len(alphanumeric))])
+	for index := 0; index < util.Intn(6)+1; index++ {
+		suffix += string(alphanumeric[util.Intn(len(alphanumeric))])
 	}
 
 	return fmt.Sprintf("%s%s%s%s%s", prefix, sep, noun, sep, suffix)

client/command/info/ping.go

@@ -2,10 +2,10 @@ package info
 
 import (
 	"context"
-	insecureRand "math/rand"
 
 	"github.com/bishopfox/sliver/client/console"
 	"github.com/bishopfox/sliver/protobuf/sliverpb"
+	"github.com/bishopfox/sliver/util"
 	"github.com/spf13/cobra"
 )
 
@@ -16,7 +16,7 @@ func PingCmd(cmd *cobra.Command, con *console.SliverClient, args []string) {
 		return
 	}
 
-	nonce := insecureRand.Intn(999999)
+	nonce := util.Intn(999999)
 	con.PrintInfof("Ping %d\n", nonce)
 	pong, err := con.Rpc.Ping(context.Background(), &sliverpb.Ping{
 		Nonce:   int32(nonce),

client/console/console.go

@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"io"
 	"log"
-	insecureRand "math/rand"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -40,6 +39,7 @@ import (
 	"github.com/bishopfox/sliver/protobuf/clientpb"
 	"github.com/bishopfox/sliver/protobuf/commonpb"
 	"github.com/bishopfox/sliver/protobuf/rpcpb"
+	"github.com/bishopfox/sliver/util"
 	"github.com/gofrs/uuid"
 	"github.com/reeflective/console"
 	"github.com/reeflective/readline"
@@ -431,9 +431,9 @@ func (con *SliverClient) PrintLogo() {
 	}
 	serverSemVer := fmt.Sprintf("%d.%d.%d", serverVer.Major, serverVer.Minor, serverVer.Patch)
 
-	logo := asciiLogos[insecureRand.Intn(len(asciiLogos))]
+	logo := asciiLogos[util.Intn(len(asciiLogos))]
 	fmt.Println(strings.ReplaceAll(logo, "\n", "\r\n"))
-	fmt.Println("All hackers gain " + abilities[insecureRand.Intn(len(abilities))] + "\r")
+	fmt.Println("All hackers gain " + abilities[util.Intn(len(abilities))] + "\r")
 	fmt.Printf(Info+"Server v%s - %s%s\r\n", serverSemVer, serverVer.Commit, dirty)
 	if version.GitCommit != serverVer.Commit {
 		fmt.Printf(Info+"Client %s\r\n", version.FullVersion())

client/main.go

@@ -19,26 +19,9 @@ package main
 */
 
 import (
-	"crypto/rand"
-	"encoding/binary"
-	insecureRand "math/rand"
-	"time"
-
 	"github.com/bishopfox/sliver/client/cli"
 )
 
-// Attempt to seed insecure rand with secure rand, but we really
-// don't care that much if it fails since it's insecure anyways
-func init() {
-	buf := make([]byte, 8)
-	_, err := rand.Read(buf)
-	if err != nil {
-		insecureRand.Seed(int64(time.Now().Unix()))
-	} else {
-		insecureRand.Seed(int64(binary.LittleEndian.Uint64(buf)))
-	}
-}
-
 func main() {
 	cli.Execute()
 }

docs/sliver-docs/pages/docs/md/HTTPS C2.md

@@ -204,7 +204,7 @@ Each of these encoders has a unique "Encoder ID," which is currently hardcoded b
 3. Generate a `nonce`, the nonce is equal to a random number times the `EncoderModulus` plus the encoder ID; the `EncoderModulus` is currently a hardcoded constant value, but we may generate this per-server in the future. The server does the opposite (nonce modulo `EncoderModulus`) to determine the original Encoder ID. In code this looks like:
 
 ```
-nonce := (insecureRand.Intn(maxN) * EncoderModulus) + encoderID
+nonce := (util.Intn(maxN) * EncoderModulus) + encoderID
 encoderId := nonce % EncoderModulus
 ```
 

implant/sliver/encoders/encoders.go

@@ -23,10 +23,11 @@ import (
 	"embed"
 	"encoding/binary"
 	"errors"
-	insecureRand "math/rand"
 	"strconv"
 	"strings"
 
+	"github.com/bishopfox/sliver/implant/sliver/util"
+
 	// {{if .Config.Debug}}
 	"log"
 	// {{end}}
@@ -139,7 +140,7 @@ func randomEncoderFromMap(encoderMap map[uint64]Encoder) (uint64, Encoder) {
 	for k := range encoderMap {
 		keys = append(keys, k)
 	}
-	encoderID := keys[insecureRand.Intn(len(keys))]
+	encoderID := keys[util.Intn(len(keys))]
 	nonce := (randomUint64(MaxN) * EncoderModulus) + encoderID
 	return nonce, encoderMap[encoderID]
 }

implant/sliver/encoders/english.go

@@ -19,8 +19,9 @@ package encoders
 */
 
 import (
-	insecureRand "math/rand"
 	"strings"
+
+	"github.com/bishopfox/sliver/implant/sliver/util"
 )
 
 var dictionary map[int][]string
@@ -42,7 +43,7 @@ func (e EnglishEncoder) Encode(data []byte) ([]byte, error) {
 	words := []string{}
 	for _, b := range data {
 		possibleWords := dictionary[int(b)]
-		index := insecureRand.Intn(len(possibleWords))
+		index := util.Intn(len(possibleWords))
 		words = append(words, possibleWords[index])
 	}
 	return []byte(strings.Join(words, " ")), nil

implant/sliver/taskrunner/task.go

@@ -19,21 +19,20 @@ package taskrunner
 */
 
 import (
-	insecureRand "math/rand"
 	"os/exec"
 	"sync"
 	"syscall"
-	"time"
 	"unsafe"
+
+	"github.com/bishopfox/sliver/implant/sliver/util"
 )
 
 // Utility functions
 
 func stringWithCharset(length int, charset string) string {
-	seededRand := insecureRand.New(insecureRand.NewSource(time.Now().UnixNano()))
 	b := make([]byte, length)
 	for i := range b {
-		b[i] = charset[seededRand.Intn(len(charset))]
+		b[i] = charset[util.Intn(len(charset))]
 	}
 	return string(b)
 }

implant/sliver/transports/beacon.go

@@ -26,7 +26,6 @@ import (
 
 	// {{end}}
 
-	insecureRand "math/rand"
 	"net/url"
 	"time"
 
@@ -59,6 +58,7 @@ import (
 	"github.com/bishopfox/sliver/implant/sliver/transports/dnsclient"
 	// {{end}}
 
+	"github.com/bishopfox/sliver/implant/sliver/util"
 	pb "github.com/bishopfox/sliver/protobuf/sliverpb"
 )
 
@@ -103,7 +103,7 @@ func (b *Beacon) Duration() time.Duration {
 	// {{end}}
 	jitterDuration := time.Duration(0)
 	if 0 < b.Jitter() {
-		jitterDuration = time.Duration(insecureRand.Int63n(b.Jitter()))
+		jitterDuration = time.Duration(util.Int63n(b.Jitter()))
 	}
 	duration := time.Duration(b.Interval()) + jitterDuration
 	// {{if .Config.Debug}}

implant/sliver/transports/dnsclient/dnsclient.go

@@ -57,7 +57,6 @@ import (
 	"encoding/binary"
 	"errors"
 	"hash/crc32"
-	insecureRand "math/rand"
 	"net/url"
 	"strconv"
 	"strings"
@@ -70,6 +69,7 @@ import (
 
 	"github.com/bishopfox/sliver/implant/sliver/cryptography"
 	"github.com/bishopfox/sliver/implant/sliver/encoders"
+	"github.com/bishopfox/sliver/implant/sliver/util"
 	"github.com/bishopfox/sliver/protobuf/dnspb"
 	pb "github.com/bishopfox/sliver/protobuf/sliverpb"
 	"github.com/miekg/dns"
@@ -1097,7 +1097,7 @@ func (s *SliverDNSClient) averageRtt(meta *ResolverMetadata) time.Duration {
 }
 
 func (s *SliverDNSClient) randomResolver() (DNSResolver, *ResolverMetadata) {
-	resolver := s.resolvers[insecureRand.Intn(len(s.resolvers))]
+	resolver := s.resolvers[util.Intn(len(s.resolvers))]
 	return resolver, s.metadata[resolver.Address()]
 }