Sliver Installation

In recent years, Sliver has gained significant popularity as an open-source C2 (Command and Control) tool, benefiting from constant enhancements since its initial release. Its cross-platform compatibility and user-friendly setup were particularly attractive to me when I began utilizing it. With a desire to understand how to establish Sliver as a C2 server for red teams, I took the initiative to document the process for my personal reference and for the benefit of others who share similar interests. In this documentation, we will delve into the following topics:

Download the sliver client package.

wget -O /usr/local/bin/sliver-client \
    https://github.com/BishopFox/sliver/releases/download/v1.5.41/sliver-client_linux && \
    chmod 755 /usr/local/bin/sliver-client

Download the sliver server package

wget -O /usr/local/bin/sliver-server \
    https://github.com/BishopFox/sliver/releases/download/v1.5.41/sliver-server_linux && \
    chmod 755 /usr/local/bin/sliver-server

Next, lets unpack sliver and create a new sliver service.

sliver-server unpack --force

After we unpack our assets lets create a sliver service we can manage.

nano /etc/systemd/system/sliver.service

[Unit]
Description=Sliver
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=on-failure
RestartSec=3
User=root
ExecStart=/usr/local/bin/sliver-server daemon

[Install]
WantedBy=multi-user.target

After the service is created lets see if we can start the new sliver service and observer its listening port.

systemctl start sliver

netstat -antop | grep 31337

Moving forward, our next step involves generating operator configurations to establish a secure remote connection with our Sliver server. Operators will be required to authenticate themselves to the server using mutual TLS. To achieve this, client certificates can be issued by the server through the operator command. Let's begin by creating a new operator, named "hackerman," who will connect to the server directly from the localhost:

sliver-server operator --name hackerman --lhost localhost --save /tmp

cat /tmp/hackerman_localhost.cfg  | jq

Create a .sliver-client and config diretory if you don't already have one and move the config over to the correct dir for use.

mkdir -p /home/kali/.sliver-client/configs
mv /tmp/hackerman_localhost.cfg /home/kali/.sliver-client/configs/
ls /home/kali/.sliver-client/configs/
chown -R kali:kali /home/kali/.sliver-client/ && chmod 600 /home/kali/.sliver-client/configs/hackerman_localhost.cfg

After switching to the user "kali," proceed to run the client. If all the previous steps were successful, you should now be able to establish a connection and witness a screen that appears similar to the following. When you execute the "version" command in the interactive prompt, it should display the server and client versions: