Hello I report here another extension that you may find useful.
I decided to modify chisel project to a windows DLL that can be loaded as an extension of a sliver agent, and manage multiple socks/port forwarding operations. Here the link to the repository with modified version of chisel supporting loading as sliver extension: https://github.com/MrAle98/chisel
The project now has two additional commands:
list: shows currently running tasks in chisel
stop taskId: stop a task identified by taskId (taskId are retrieved through list command)
I hope this extension to be useful when it is necessary to have a more powerful socks proxy without dropping anything to disk nor injecting in other processes.
It might be also considered as an example for showing how to introduce go tooling in C2s supporting the execution of DLLs in memory.
Build
Requires mingw-w64, it is already install on a kali linux instance.
With the following commands, chisel dlls are generated and is automatically created the extension chisel in sliver.
$ mkdir ~/.sliver-client/extensions/chisel
$ cp extension.json ~/.sliver-client/extensions/chisel
$ make windowsdll_64
$ make windowsdll_32
Run
Reverse socks proxy (server running on attacker box)
Start chisel server on attacker box.
Start chisel client in sliver agent.
Now on port 1080 on attacker box there is a socks proxy towards internal network.
Listing chisel tasks currently running.
Stop chisel client in sliver agent.
socks proxy (server running inside sliver agent)
start sliver server in sliver agent.
start client on attacker box.
Now on port 1081 on attacker box there is a socks proxy towards internal network.
Here output of netstat on attacker box.
Testing
I tested only x64 version of the dll not x86.
I just tested the extension on a x64 windows 10 pro build 10.0.19044.
Hello I report here another extension that you may find useful.
I decided to modify chisel project to a windows DLL that can be loaded as an extension of a sliver agent, and manage multiple socks/port forwarding operations. Here the link to the repository with modified version of chisel supporting loading as sliver extension: https://github.com/MrAle98/chisel
The project now has two additional commands:
list
: shows currently running tasks in chiselstop taskId
: stop a task identified by taskId (taskId are retrieved through list command)I hope this extension to be useful when it is necessary to have a more powerful socks proxy without dropping anything to disk nor injecting in other processes.
It might be also considered as an example for showing how to introduce go tooling in C2s supporting the execution of DLLs in memory.
Build
Requires mingw-w64, it is already install on a kali linux instance.
With the following commands, chisel dlls are generated and is automatically created the extension
chisel
in sliver.Run
Reverse socks proxy (server running on attacker box)
Now on port 1080 on attacker box there is a socks proxy towards internal network.
Listing chisel tasks currently running.
Stop chisel client in sliver agent.
socks proxy (server running inside sliver agent)
Now on port 1081 on attacker box there is a socks proxy towards internal network.
Here output of netstat on attacker box.
Testing
I tested only x64 version of the dll not x86. I just tested the extension on a x64 windows 10 pro build 10.0.19044.