sliver icon indicating copy to clipboard operation
sliver copied to clipboard
verified publisher icon BishopFox

[Question] Stageless Sliver doesn't execute as expected

Open nullsection opened this issue 6 months ago • 2 comments

This is more a question because I can't get sliver to work as expected.

Generate shellcode: generate -a amd64 -f shellcode --http 192.168.120.162:8080

Hosting this on a python3 https webserver, and I wrote a custom loader using wininet. Confirmed the payload fully gets downloaded into a buffer as the shellcode size matches.

VirtualProtect RWX -> Either CreateThread or statically cast and execute ((void(*)())address)();

Neither seem to work. I've tried https beacon, mtls, symbol obfuscation on and off. It either sys exits or throws access violations.

Has anyone successfully executed stageless sliver recently in a similar way?

Works with meterpreter stageless off the bat.

nullsection avatar Jun 20 '25 03:06 nullsection

The same problem here. My loader executes shellcode (from popcalc to my own implants) normally, but no luck with injecting sliver's shellcode. Ping me if you find any solution.

khazovP avatar Aug 22 '25 11:08 khazovP

I was able to inject sliver shellcode, which was generated with --debug flag.

khazovP avatar Aug 22 '25 12:08 khazovP