Proxy
One option is to use a SOCK5 Proxy to pivot our requests through an implant. To start a SOCKS5 proxy, go into the implant. You can start a SOCKS5 proxy by running:
socks5 start
You can list them by running a simple socks5 command. Finally, you can also stop a socks5 proxy running:
socks5 stop --id #
Where you replace the # with the numerical Id value that is provided when listing proxies. The final thing to note is how to connect to the proxy from your local machine. Your local machine may be where you run the sliver client. This is not where the proxy port opens. It opens on the Sliver server. This means you need to ensure that you can access that port you’re your machine. Let's see how to do just that.
Proxychains
Let's look at the Proxychains workflow. Proxychains in a typical deployment will ship with a proxy chains configuration file. Depending on your operating system it could be called "proxychains.conf" or "proxychains4.conf". The only relevant entries are typically at the bottom of the file in which you direct the system to your local proxy.
By default, you may see:
This would be a socks4 proxy pointing to the tor proxy port. We would not want this, we would want whatever Sliver has, which would be a socks5 proxy on port 1081. Your file may end up looking like this:
Now you'll be able to flow through a proxychains setup using the following command:
This however does mean that now your proxy has to be running on localhost which at the moment may be the sliver server. How do you run it through your local system instead? One option is SSH
In the command set above what we can do is port forward through SSH. What does that command set do? It takes the far end localhost port 1081 and forwards it to your system. It also does not start a local listening shell. This means that you have a local portforward without needing to have the full shell. Which is nice.
Last updated