sliver icon indicating copy to clipboard operation
sliver copied to clipboard

Published 20 hours ago verified publisher icon BishopFox

Restructuring of some command subtrees

Open maxlandon opened this issue 10 months ago • 0 comments

Note that this took me only an hour, it's just to illustrate something that I think would be quite wise on the longer run. I also know this will break compatibility with some users scripts/autoruns. I think it's worth doing this now, however, as the window would be that wide open before long.

Discard if needed, didn't cost me much :)

Card

The present PR is a single-commit one aimed at moving some commands/subcommands somewhere else in the tree, sometimes with a different verb.

Two objectives with this:

  • More elegant command tree discovery, or more generic approach with some commands. (example: generate traffic-encoders becomes transports encoders in the server menu, which in turn enables to change reconfig to transports reconfig in the sliver implant menu.)

  • Ensure a domain/activity-coherent tree of commands, so that any future development and new functionality can easily fit into it. This is mainly aimed at everything transports/C2 related, where one might see new dialers (bind) or staging stacks.

1) Changes (Server menu and excluding C2 stacks):
generate traffic-encoders   # becomes
tranports                   # Generic transport management.
        encoders
2) Changes (Sliver menu):
reconfig --jitter ...       # becomes
tranports                   # Our generic transport command has different uses for different contexts
        reconfig

msf --flags     # Both of these
msf-inject      # refactored into.

msf
    execute    # implementation of the former `msf` command
    inject     #
Changes (C2 commands):

This last section is where most changes take place, since its whole purpose is to enable forward development within a consistent/coherent tree.

# The `stage-listener` disappears, and is now reused in all protocol commands that support it.
http
    listen      # Classic Sliver listener: "stage" listener in Metasploit parlance.
    serve       # "Stager" listener in Msf parlance: We have content to serve (a stage).

https        # Same for https
    listen  
    serve

tcp          # The TCP protocol can only stage
    serve    # So here it is

mtls
    listen   # Contrarily to mTLS.

named-pipe
    listen

dns
    listen

# Same for Wireguard
wg-config   # both become
wg          
    config
    listen
    ...     # I didn't add portforwarders/socks however, would be a bit too much...

That enables to insert new stacks/tools like this:

mtls
    listen
    dial    # Someone writes a bind handler for mtLS

https
    listen
    dial    # Someone writes an HTTP server on the implant.
    serve
    send    # Someone writes a bind stager handler on the implant.

# In Sliver menu
tcp
    listen
    dial    # Bind handlers on pivots

maxlandon avatar Aug 27 '23 15:08 maxlandon