Comments (4)
Also:
- Linux
/etc/rc.local
- MacOS
/etc/rc.common
from sliver.
Persistence is inherently not op-sec safe due to the requirements of storing information on disk.
However I think we should decide on the best methods of persisting on the 3 major OS's. (Linux, MacOS, and Windows)
Possible Options:
- Linux
/tmp/...
Cron is the most common way to persist on Linux.
printf "*/5 * * * * /tmp/..." | crontab
- MacOS
- Windows
- User: Registry Keys or Scheduled Tasks
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
schtasks /create /rp "" /tn "" /tr C:\Windows\System32\mshta.exe js-DotNet-Go /sc onlogon
- Root: Registry Keys or at.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
C:\Windows\System32\at.exe at 08:00 /every:m,t,w,th,f,s,su C:\Windows\System32\mshta.exe js-DotNet-Go
- User: Registry Keys or Scheduled Tasks
from sliver.
These may not all be deemed op safe but, just to give some ideas for other possible Linux options:
/etc/bash.bashrc
/etc/profile
/etc/profile.d/*
~/.profile
~/.bash_login
Also:
- SSH Authorized Keys
- Compromise Client Software Binary
- Create Account
- Create Account: Local Account
- Create or Modify System Process
- Create or Modify System Process: Systemd Service
- Event Triggered Execution: Trap
- Event Triggered Execution
- Event Triggered Execution: .bash_profile and .bashrc
- External Remote Services
- Hijack Execution Flow
- Hijack Execution Flow: LD_PRELOAD
- Pre-OS Boot
- Pre-OS Boot: Bootkit
- Scheduled Task/Job
- Scheduled Task/Job: At (Linux)
- Scheduled Task/Job: Cron
- Server Software Component
- Server Software Component: SQL Stored Procedures
- Server Software Component: Transport Agent
- Server Software Component: Web Shell
- Traffic Signaling
- Traffic Signaling: Port Knocking
- Valid Accounts: Default Accounts
- Valid Accounts: Domain Accounts 2
from sliver.
How is going the development of this feature? Could I help you with any thing?
from sliver.
Related Issues (20)
- Named pipe stager error HOT 1
- winrm extension issue with WSL
- sideload does not parse well the blank spaces HOT 2
- Multiplayer Mode not functioning (context deadline exceeded) HOT 8
- Beacons renaming HOT 1
- Postgres FK constraint errors with fresh install HOT 3
- [!] Error: rpc error: code = Unknown desc = Invalid format: shellcode - Please make sure Metasploit framework >= v6.2 is installed and msfvenom/msfconsole are in your PATH HOT 3
- DNS still not working in latest sliver
- `armory install` drives me crazy with repetition of `? Overwrite current install (y/N)` HOT 3
- armory install failured on windows but linux successfully HOT 1
- armory segmentation fault HOT 1
- Exec format error on install HOT 1
- Linux session terminates immediately HOT 1
- When a panic occurs on sliver, all beacons' Name will be reset after beacons reconnect.
- Adding readline capabilities to `shell` (like keyboard shortcuts for editing text, history, and auto-completion) HOT 3
- Best way to use cached tickets HOT 1
- Adding a `clean` method to delete every implants, beacons and profiles HOT 1
- 'ls' does not report info on root directory '/' HOT 5
- Having a `socks` control panel
- Closing sliver client terminate all the `socks` started before HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sliver.