Comments (4)
usiegl00
commented on May 22, 2024
1
Also:
- Linux
/etc/rc.local - MacOS
/etc/rc.common
from sliver.
usiegl00
commented on May 22, 2024
Persistence is inherently not op-sec safe due to the requirements of storing information on disk.
However I think we should decide on the best methods of persisting on the 3 major OS's. (Linux, MacOS, and Windows)
Possible Options:
- Linux
/tmp/...
Cron is the most common way to persist on Linux.
printf "*/5 * * * * /tmp/..." | crontab - MacOS
- Windows
- User: Registry Keys or Scheduled Tasks
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]schtasks /create /rp "" /tn "" /tr C:\Windows\System32\mshta.exe js-DotNet-Go /sc onlogon - Root: Registry Keys or at.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]C:\Windows\System32\at.exe at 08:00 /every:m,t,w,th,f,s,su C:\Windows\System32\mshta.exe js-DotNet-Go
- User: Registry Keys or Scheduled Tasks
from sliver.
zero77
commented on May 22, 2024
These may not all be deemed op safe but, just to give some ideas for other possible Linux options:
/etc/bash.bashrc
/etc/profile
/etc/profile.d/*
~/.profile
~/.bash_login
Also:
- SSH Authorized Keys
- Compromise Client Software Binary
- Create Account
- Create Account: Local Account
- Create or Modify System Process
- Create or Modify System Process: Systemd Service
- Event Triggered Execution: Trap
- Event Triggered Execution
- Event Triggered Execution: .bash_profile and .bashrc
- External Remote Services
- Hijack Execution Flow
- Hijack Execution Flow: LD_PRELOAD
- Pre-OS Boot
- Pre-OS Boot: Bootkit
- Scheduled Task/Job
- Scheduled Task/Job: At (Linux)
- Scheduled Task/Job: Cron
- Server Software Component
- Server Software Component: SQL Stored Procedures
- Server Software Component: Transport Agent
- Server Software Component: Web Shell
- Traffic Signaling
- Traffic Signaling: Port Knocking
- Valid Accounts: Default Accounts
- Valid Accounts: Domain Accounts 2
from sliver.
vctrferreira
commented on May 22, 2024
How is going the development of this feature? Could I help you with any thing?
from sliver.
Related Issues (20)
- Named pipe stager error HOT 1
- winrm extension issue with WSL
- sideload does not parse well the blank spaces HOT 2
- Multiplayer Mode not functioning (context deadline exceeded) HOT 8
- Beacons renaming HOT 1
- Postgres FK constraint errors with fresh install HOT 3
- [!] Error: rpc error: code = Unknown desc = Invalid format: shellcode - Please make sure Metasploit framework >= v6.2 is installed and msfvenom/msfconsole are in your PATH HOT 3
- DNS still not working in latest sliver
- `armory install` drives me crazy with repetition of `? Overwrite current install (y/N)` HOT 3
- armory install failured on windows but linux successfully HOT 1
- armory segmentation fault HOT 1
- Exec format error on install HOT 1
- Linux session terminates immediately HOT 1
- When a panic occurs on sliver, all beacons' Name will be reset after beacons reconnect.
- Adding readline capabilities to `shell` (like keyboard shortcuts for editing text, history, and auto-completion) HOT 3
- Best way to use cached tickets HOT 1
- Adding a `clean` method to delete every implants, beacons and profiles HOT 1
- 'ls' does not report info on root directory '/' HOT 5
- Having a `socks` control panel
- Closing sliver client terminate all the `socks` started before HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sliver.