Source: https://github.com/BishopFox/sliver/wiki/Home/45ad91871d5ddd36100714936fa8ca1fad12e89a
The C2 framework operates with three main components: > ***Server:** This is the heart of the operation, controlled by the red team. The C2 software is installed on this server, which sends commands to the victim machines.* > > ***Client (Agent):** This is the piece of code that is executed on the victim machine. Its sole purpose is to **“phone home”** to the server and receive commands.* > > ***Listeners:** These are components of the C2 server that listen for incoming connections from the clients. They are designed to use different protocols to evade detection by security tools like **antivirus (AV) and endpoint detection and response (EDR).*** ## Sliver Implants *Sliver implants are the agents or payloads that are deployed on a victim’s machine. They are the connection point between the compromised host and the Sliver C2 server.* ### Key Points > ***Single Binary:** Like the server, implants are also single binaries, containing no external dependencies, which makes them easier to deploy and harder to detect.* > > ***Cross-Platform:** Implants are designed to work across Linux, macOS, and Windows. This is advantageous in a real-world environment where you might encounter different operating systems.* > > ***Dynamic Evasion:** The dynamic compilation process ensures that each implant has a different signature. This helps evade signature-based detection mechanisms used by many anti-virus and endpoint detection and response (EDR) solutions.* ## Communication Modes *Sliver uses two primary communication models for interacting with implants on a compromised machine: **Beacons** and **Sessions**.* > ***Beacon:** A beacon is a long-term, persistent connection model. The implant on the victim machine “phones home” to the C2 server at a predefined interval. This is a low-bandwidth connection used to maintain a presence on the network and receive basic commands. An optional jitter can be added to the beacon interval to make the communication pattern more random and harder to detect.* > > ***Session:** A session is an interactive, high-bandwidth connection that provides a shell-like experience. This model is ideal for command execution and further enumeration on the victim machine. A session can be spawned on demand from an existing beacon and, once the task is complete, can be switched back to a beacon to maintain persistence.* ## Sliver C2 Supported Protocols *Sliver supports five primary communication protocols between the server and implant: **mTLS (Mutual TLS), WireGuard (lightweight VPN tunneling), HTTP, HTTPS, and DNS (for tunneling)**. The choice depends on your objective. DNS or HTTPS are ideal for stealth by blending into normal traffic, WireGuard provides high-speed, low-overhead performance, and HTTP or mTLS can help evade restrictive network defenses. While tools like netcat remain a staple in pentesting for quick shells and simple data transfer, they lack built-in encryption. That’s the key distinction: netcat may be acceptable for controlled exam environments like OSCP or CPTS, but in real-world red team engagements, encrypted and covert communication channels are essential.* ## Installing Sliver on your Kali VM  ### 1. Installing Sliver C2 *To install Sliver on Kali Linux, you use a simple one-line command that downloads and executes an installation script.* * *Open a terminal in your Kali Linux virtual machine and run the following command:* ```bash curl https://sliver.sh/install | sudo bash ``` * *This command uses `curl` to download the Sliver installation script and pipes it directly into `sudo bash`, executing it with elevated privileges.* * *The installation process may take a few minutes, depending on your system and network speed.* * *During execution, you’ll be prompted to enter your `sudo` password to authorize and complete the installation.* ### Checking the Sliver Service Status *After installation, Sliver runs as a system service managed by `systemd`.* * *To verify that the service is up and running, execute:* ```bash sudo systemctl status sliver ``` * *The output will indicate whether the service is **active (running)**, along with additional details such as uptime, logs, and process ID.* * *Note that Sliver is **not enabled to start automatically on boot by default**, so you’ll need to manually start it after a reboot unless you explicitly enable it with:* ```bash sudo systemctl enable sliver ``` ## Starting Sliver Manually *After restarting your Kali Linux VM, the Sliver service will not start automatically by default.* * *To manually start the service, run:* ```bash sudo systemctl start sliver ``` * *Once the service is running, you can launch the Sliver console by simply typing:* ```bash sliver ``` ## Installing Mingw-w64 *Installing **Mingw-w64** allows you to generate Windows-specific payloads such as **shellcode, staged payloads, and DLL implants** directly from your Linux environment.* * *To install it, execute:* ```bash sudo apt install mingw-w64 ``` * *Most modern Kali Linux distributions already include this package, but running the command ensures all required dependencies are properly installed and up to date.* ## Exploring the Console Interface *When using the Sliver C2 framework, you primarily interact with the server through its command-line interface (CLI), which is used to manage listeners, generate implants, and control active sessions.*  ### Launching the Sliver CLI * *To access the Sliver console on your Kali Linux VM, open a terminal and run:* ```bash sliver ``` * *This will launch the interactive CLI, allowing you to manage listeners, generate implants, and control sessions.* * *If you encounter an error when launching, it’s likely that the Sliver service is not running. Start it manually with:* ```bash sudo systemctl start sliver ``` ### Using the Help Command in Sliver *The `help` command serves as your main reference for navigating and using the Sliver CLI (see Figure 1.2). Executing `help` lists all available commands, while `help