Commands

This module contains the commands that can be used by interactive classes. Users should not need to implement this themselves, as the commands are called by InteractiveBeacon and InteractiveSession.

BaseInteractiveCommands

class sliver.interactive.BaseInteractiveCommands[source]
async call_extension(name, export, ext_args)[source]

Call an extension

Parameters

  • name (str) – Extension name

  • export (str) – Extension entrypoint

  • ext_args (bytes) – Extension argument buffer

Returns

Protobuf CallExtension object

Return type

sliver_pb2.CallExtension

async cd(remote_path)[source]

Change the current working directory of the implant

Parameters

remote_path (str) – Remote path

Returns

Protobuf pwd object

Return type

sliver_pb2.Pwd

async download(remote_path, recurse=False)[source]

Download a file or directory from the remote file system

Parameters

  • remote_path (str) – File to download

  • recurse (bool) – Download all files in a directory

Returns

Protobuf Download object

Return type

sliver_pb2.Download

async execute(exe, args, output=True)[source]

Execute a command/subprocess on the remote system

Parameters

  • exe (str) – Command/subprocess to execute

  • args (List[str]) – Arguments to the command/subprocess

  • output (bool) – Enable capturing command/subprocess stdout

Returns

Protobuf Execute object

Return type

sliver_pb2.Execute

async execute_assembly(assembly, arguments, process, is_dll, arch, class_name, method, app_domain)[source]

Execute a .NET assembly in-memory on the remote system

Parameters

  • assembly (bytes) – A buffer of the .NET assembly to execute

  • arguments (str) – Arguments to the .NET assembly

  • process (str) – Process to execute assembly

  • is_dll (bool) – Is assembly a DLL

  • arch (str) – Assembly architecture

  • class_name (str) – Class name of the assembly

  • method (str) – Method to execute

  • app_domain (str) – AppDomain

Returns

Protobuf ExecuteAssembly object

Return type

sliver_pb2.ExecuteAssembly

async execute_shellcode(data, rwx, pid, encoder='')[source]

Execute shellcode in-memory

Parameters

  • data (bytes) – Shellcode buffer

  • rwx (bool) – Enable/disable RWX pages

  • pid (int) – Process ID to inject shellcode into

  • encoder (str, optional) – Encoder (‘’, ‘gzip’), defaults to ‘’

Returns

Protobuf Task object

Return type

sliver_pb2.Task

async get_env(name)[source]

Get an environment variable

Parameters

name (str) – Name of the variable

Returns

Protobuf EnvInfo object

Return type

sliver_pb2.EnvInfo

async get_system(hosting_process, config)[source]

Attempt to get SYSTEM (Windows only)

Parameters

  • hosting_process (str) – Hosting process to attempt gaining privileges

  • config (client_pb2.ImplantConfig) – Implant configuration to be injected into the hosting process

Returns

Protobuf GetSystem object

Return type

sliver_pb2.GetSystem

async ifconfig()[source]

Get network interface configuration information about the remote system

Returns

Protobuf ifconfig object

Return type

sliver_pb2.Ifconfig

async impersonate(username)[source]

Impersonate a user using tokens (Windows only)

Parameters

username (str) – User to impersonate

Returns

Protobuf Impersonate object

Return type

sliver_pb2.Impersonate

async list_extensions()[source]

List extensions

Returns

Protobuf ListExtensions object

Return type

sliver_pb2.ListExtensions

async ls(remote_path='.')[source]

Get a directory listing from the remote system

Parameters

remote_path (str) – Remote path

Returns

Protobuf ls object

Return type

sliver_pb2.Ls

async make_token(username, password, domain)[source]

Make a Windows user token from a valid login (Windows only)

Parameters

  • username (str) – Username

  • password (str) – Password

  • domain (str) – Domain

Returns

Protobuf MakeToken object

Return type

sliver_pb2.MakeToken

async migrate(pid, config)[source]

Migrate implant to another process

Parameters

  • pid (int) – Process ID to inject implant into

  • config (client_pb2.ImplantConfig) – Implant configuration to inject into the remote process

Returns

Protobuf Migrate object

Return type

sliver_pb2.Migrate

async mkdir(remote_path)[source]

Make a directory on the remote file system

Parameters

remote_path (str) – Directory to create

Returns

Protobuf Mkdir object

Return type

sliver_pb2.Mkdir

async msf(payload, lhost, lport, encoder, iterations)[source]

Execute Metasploit payload on remote system, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.

Parameters

  • payload (str) – Payload to generate

  • lhost (str) – Metasploit LHOST parameter

  • lport (int) – Metasploit LPORT parameter

  • encoder (str) – Metasploit encoder

  • iterations (int) – Iterations for Metasploit encoder

Return type

None

async msf_remote(payload, lhost, lport, encoder, iterations, pid)[source]

Execute Metasploit payload in a remote process, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.

Parameters

  • payload (str) – Payload to generate

  • lhost (str) – Metasploit LHOST parameter

  • lport (int) – Metasploit LPORT parameter

  • encoder (str) – Metasploit encoder

  • iterations (int) – Iterations for Metasploit encoder

  • pid (int) – Process ID to inject the payload into

Return type

None

async netstat(tcp, udp, ipv4, ipv6, listening=True)[source]

Get information about network connections on the remote system.

Parameters

  • tcp (bool) – Get TCP information

  • udp (bool) – Get UDP information

  • ipv4 (bool) – Get IPv4 connection information

  • ipv6 (bool) – Get IPv6 connection information

  • listening (bool, optional) – Get listening connection information, defaults to True

Returns

Protobuf netstat object

Return type

List[sliver_pb2.SockTabEntry]

async ping()[source]

Send a round trip message to the implant (does NOT use ICMP)

Returns

Protobuf ping object

Return type

sliver_pb2.Ping

async process_dump(pid)[source]

Dump a remote process’ memory

Parameters

pid (int) – PID of the process to dump

Returns

Protobuf ProcessDump object

Return type

sliver_pb2.ProcessDump

async ps()[source]

List the processes of the remote system

Returns

Ps protobuf object

Return type

List[common_pb2.Process]

async pwd()[source]

Get the implant’s current working directory

Returns

Protobuf pwd object

Return type

sliver_pb2.Pwd

async register_extension(name, data, goos, init)[source]

Call an extension

Parameters

  • name (str) – Extension name

  • data (bytes) – Extension binary data

  • goos (str) – OS

  • init (str) – Init entrypoint to run

Returns

Protobuf RegisterExtension object

Return type

sliver_pb2.RegisterExtension

async registry_create_key(hive, reg_path, key, hostname)[source]

Create a registry key on the remote system (Windows only)

Parameters

  • hive (str) – Registry hive to create key in

  • reg_path (str) – Registry path to create key in

  • key (str) – Key name

  • hostname (str) – Hostname

Returns

Protobuf RegistryCreateKey object

Return type

sliver_pb2.RegistryCreateKey

async registry_read(hive, reg_path, key, hostname)[source]

Read a value from the remote system’s registry (Windows only)

Parameters

  • hive (str) – Registry hive to read value from

  • reg_path (str) – Path to registry key to read

  • key (str) – Key name to read

  • hostname (str) – Hostname

Returns

Protobuf RegistryRead object

Return type

sliver_pb2.RegistryRead

async registry_write(hive, reg_path, key, hostname, string_value, byte_value, dword_value, qword_value, reg_type)[source]

Write a value to the remote system’s registry (Windows only)

Parameters

  • hive (str) – Registry hive to write the key/value to

  • reg_path (str) – Registry path to write to

  • key (str) – Registry key to write to

  • hostname (str) – Hostname

  • string_value (str) – String value to write (ignored for non-string key)

  • byte_value (bytes) – Byte value to write (ignored for non-byte key)

  • dword_value (int) – DWORD value to write (ignored for non-DWORD key)

  • qword_value (int) – QWORD value to write (ignored for non-QWORD key)

  • reg_type (sliver_pb2.RegistryType) – Type of registry key to write

Returns

Protobuf RegistryWrite object

Return type

sliver_pb2.RegistryWrite

async revert_to_self()[source]

Revert to self from impersonation context

Returns

Protobuf RevToSelf object

Return type

sliver_pb2.RevToSelf

async rm(remote_path, recursive=False, force=False)[source]

Remove a directory or file(s)

Parameters

  • remote_path (str) – Remote path

  • recursive (bool, optional) – Recursively remove file(s), defaults to False

  • force (bool, optional) – Forcefully remove the file(s), defaults to False

Returns

Protobuf rm object

Return type

sliver_pb2.Rm

async run_as(username, process_name, args)[source]

Run a command as another user on the remote system

Parameters

  • username (str) – User to run process as

  • process_name (str) – Process to execute

  • args (str) – Arguments to process

Returns

Protobuf RunAs object

Return type

sliver_pb2.RunAs

async screenshot()[source]

Take a screenshot of the remote system, screenshot data is PNG formatted

Returns

Protobuf Screenshot object

Return type

sliver_pb2.Screenshot

async set_env(key, value)[source]

Set an environment variable

Parameters

  • name (str) – Name of the environment variable

  • value (str) – Value of the environment variable

Returns

Protobuf SetEnv object

Return type

sliver_pb2.SetEnv

async sideload(data, process_name, arguments, entry_point, kill)[source]

Sideload a shared library into a remote process using a platform specific in-memory loader (Windows, MacOS, Linux only)

Parameters

  • data (bytes) – Shared library raw bytes

  • process_name (str) – Process name to sideload library into

  • arguments (str) – Arguments to the shared library

  • entry_point (str) – Entrypoint of the shared library

  • kill (bool) – Kill normal execution of the process when side loading the shared library

Returns

Protobuf Sideload object

Return type

sliver_pb2.Sideload

async spawn_dll(data, process_name, arguments, entry_point, kill)[source]

Spawn a DLL on the remote system from memory (Windows only)

Parameters

  • data (bytes) – DLL raw bytes

  • process_name (str) – Process name to spawn DLL into

  • arguments (str) – Arguments to the DLL

  • entry_point (str) – Entrypoint of the DLL

  • kill (bool) – Kill normal execution of the remote process when spawing the DLL

Returns

Protobuf SpawnDll object

Return type

sliver_pb2.SpawnDll

async terminate(pid, force=False)[source]

Terminate a remote process

Parameters

  • pid (int) – The process ID to terminate.

  • force (bool, optional) – Force termination of the process, defaults to False

Returns

Protobuf terminate object

Return type

sliver_pb2.Terminate

async unset_env(key)[source]

Unset an environment variable

Parameters

value (str) – Value of the environment variable

Returns

Protobuf SetEnv object

Return type

sliver_pb2.SetEnv

async upload(remote_path, data, is_ioc=False)[source]

Write data to specified path on remote file system

Parameters

  • remote_path (str) – Remote path

  • data (bytes) – Data to write

  • is_ioc (bool, optional) – Data is an indicator of compromise, defaults to False

Returns

Protobuf Upload object

Return type

sliver_pb2.Upload