sliver
sliver copied to clipboard
Reverse PortFwd for implants
Is your feature request related to a problem? Please describe.
Today modern Windows 10 systems come with a full blown sshclient preinstalled.
This also means we can leverage benign functionality like ssh -R
if the client does allow outgoing SSH traffic.
However, often it is not possible to directly communicate to the Internet from a computer that you took over. (UDP, TCP blocked).
Describe the solution you'd like It would be a nice addition to have the possibility to create a single port forwading in order to expose e.g. a SSH server for reverse socks tunneling through the Windows clients SSH software.
Describe alternatives you've considered This could also work with SharpSocks. I haven't tried it myself yet. This would allow to create proxies that do not belong to the implant and detection would only kill SharpSocks. However, I think a builtin functionality in order to forward single ports out of the network would benefit such use cases where you only have this in-band communication.
Additional context Sliver does a very good job on auto detection of the proxy settings thanks to go-get-proxied. Third party tools like SharpSocks might not be able to reach the Internet even if there is some way that Sliver was able to figure out.