Commands
This module contains the commands that can be used by interactive classes. Users should not need to implement this themselves, as the commands are called by InteractiveBeacon and InteractiveSession.
BaseInteractiveCommands
- class sliver.interactive.BaseInteractiveCommands[source]
- async call_extension(name, export, ext_args)[source]
Call an extension
- Parameters
name (str) – Extension name
export (str) – Extension entrypoint
ext_args (bytes) – Extension argument buffer
- Returns
Protobuf CallExtension object
- Return type
- async cd(remote_path)[source]
Change the current working directory of the implant
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf pwd object
- Return type
- async download(remote_path, recurse=False)[source]
Download a file or directory from the remote file system
- Parameters
remote_path (str) – File to download
recurse (bool) – Download all files in a directory
- Returns
Protobuf Download object
- Return type
sliver_pb2.Download
- async execute(exe, args, output=True)[source]
Execute a command/subprocess on the remote system
- Parameters
exe (str) – Command/subprocess to execute
args (List[str]) – Arguments to the command/subprocess
output (bool) – Enable capturing command/subprocess stdout
- Returns
Protobuf Execute object
- Return type
- async execute_assembly(assembly, arguments, process, is_dll, arch, class_name, method, app_domain)[source]
Execute a .NET assembly in-memory on the remote system
- Parameters
assembly (bytes) – A buffer of the .NET assembly to execute
arguments (str) – Arguments to the .NET assembly
process (str) – Process to execute assembly
is_dll (bool) – Is assembly a DLL
arch (str) – Assembly architecture
class_name (str) – Class name of the assembly
method (str) – Method to execute
app_domain (str) – AppDomain
- Returns
Protobuf ExecuteAssembly object
- Return type
- async execute_shellcode(data, rwx, pid, encoder='')[source]
Execute shellcode in-memory
- Parameters
data (bytes) – Shellcode buffer
rwx (bool) – Enable/disable RWX pages
pid (int) – Process ID to inject shellcode into
encoder (str, optional) – Encoder (‘’, ‘gzip’), defaults to ‘’
- Returns
Protobuf Task object
- Return type
- async get_env(name)[source]
Get an environment variable
- Parameters
name (str) – Name of the variable
- Returns
Protobuf EnvInfo object
- Return type
- async get_system(hosting_process, config)[source]
Attempt to get SYSTEM (Windows only)
- Parameters
hosting_process (str) – Hosting process to attempt gaining privileges
config (client_pb2.ImplantConfig) – Implant configuration to be injected into the hosting process
- Returns
Protobuf GetSystem object
- Return type
- async ifconfig()[source]
Get network interface configuration information about the remote system
- Returns
Protobuf ifconfig object
- Return type
- async impersonate(username)[source]
Impersonate a user using tokens (Windows only)
- Parameters
username (str) – User to impersonate
- Returns
Protobuf Impersonate object
- Return type
- async ls(remote_path='.')[source]
Get a directory listing from the remote system
- Parameters
remote_path (str) – Remote path
- Returns
Protobuf ls object
- Return type
- async make_token(username, password, domain)[source]
Make a Windows user token from a valid login (Windows only)
- Parameters
username (str) – Username
password (str) – Password
domain (str) – Domain
- Returns
Protobuf MakeToken object
- Return type
sliver_pb2.MakeToken
- async migrate(pid, config)[source]
Migrate implant to another process
- Parameters
pid (int) – Process ID to inject implant into
config (client_pb2.ImplantConfig) – Implant configuration to inject into the remote process
- Returns
Protobuf Migrate object
- Return type
- async mkdir(remote_path)[source]
Make a directory on the remote file system
- Parameters
remote_path (str) – Directory to create
- Returns
Protobuf Mkdir object
- Return type
- async msf(payload, lhost, lport, encoder, iterations)[source]
Execute Metasploit payload on remote system, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
- Return type
None
- async msf_remote(payload, lhost, lport, encoder, iterations, pid)[source]
Execute Metasploit payload in a remote process, the payload will be generated by the server based on the parameters to this function. The server must be configured with Metasploit.
- Parameters
payload (str) – Payload to generate
lhost (str) – Metasploit LHOST parameter
lport (int) – Metasploit LPORT parameter
encoder (str) – Metasploit encoder
iterations (int) – Iterations for Metasploit encoder
pid (int) – Process ID to inject the payload into
- Return type
None
- async netstat(tcp, udp, ipv4, ipv6, listening=True)[source]
Get information about network connections on the remote system.
- Parameters
tcp (bool) – Get TCP information
udp (bool) – Get UDP information
ipv4 (bool) – Get IPv4 connection information
ipv6 (bool) – Get IPv6 connection information
listening (bool, optional) – Get listening connection information, defaults to True
- Returns
Protobuf netstat object
- Return type
List[sliver_pb2.SockTabEntry]
- async ping()[source]
Send a round trip message to the implant (does NOT use ICMP)
- Returns
Protobuf ping object
- Return type
- async process_dump(pid)[source]
Dump a remote process’ memory
- Parameters
pid (int) – PID of the process to dump
- Returns
Protobuf ProcessDump object
- Return type
- async ps()[source]
List the processes of the remote system
- Returns
Ps protobuf object
- Return type
List[common_pb2.Process]
- async pwd()[source]
Get the implant’s current working directory
- Returns
Protobuf pwd object
- Return type
- async register_extension(name, data, goos, init)[source]
Call an extension
- Parameters
name (str) – Extension name
data (bytes) – Extension binary data
goos (str) – OS
init (str) – Init entrypoint to run
- Returns
Protobuf RegisterExtension object
- Return type
- async registry_create_key(hive, reg_path, key, hostname)[source]
Create a registry key on the remote system (Windows only)
- Parameters
hive (str) – Registry hive to create key in
reg_path (str) – Registry path to create key in
key (str) – Key name
hostname (str) – Hostname
- Returns
Protobuf RegistryCreateKey object
- Return type
- async registry_read(hive, reg_path, key, hostname)[source]
Read a value from the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to read value from
reg_path (str) – Path to registry key to read
key (str) – Key name to read
hostname (str) – Hostname
- Returns
Protobuf RegistryRead object
- Return type
- async registry_write(hive, reg_path, key, hostname, string_value, byte_value, dword_value, qword_value, reg_type)[source]
Write a value to the remote system’s registry (Windows only)
- Parameters
hive (str) – Registry hive to write the key/value to
reg_path (str) – Registry path to write to
key (str) – Registry key to write to
hostname (str) – Hostname
string_value (str) – String value to write (ignored for non-string key)
byte_value (bytes) – Byte value to write (ignored for non-byte key)
dword_value (int) – DWORD value to write (ignored for non-DWORD key)
qword_value (int) – QWORD value to write (ignored for non-QWORD key)
reg_type (sliver_pb2.RegistryType) – Type of registry key to write
- Returns
Protobuf RegistryWrite object
- Return type
- async revert_to_self()[source]
Revert to self from impersonation context
- Returns
Protobuf RevToSelf object
- Return type
- async rm(remote_path, recursive=False, force=False)[source]
Remove a directory or file(s)
- Parameters
remote_path (str) – Remote path
recursive (bool, optional) – Recursively remove file(s), defaults to False
force (bool, optional) – Forcefully remove the file(s), defaults to False
- Returns
Protobuf rm object
- Return type
- async run_as(username, process_name, args)[source]
Run a command as another user on the remote system
- Parameters
username (str) – User to run process as
process_name (str) – Process to execute
args (str) – Arguments to process
- Returns
Protobuf RunAs object
- Return type
- async screenshot()[source]
Take a screenshot of the remote system, screenshot data is PNG formatted
- Returns
Protobuf Screenshot object
- Return type
- async set_env(key, value)[source]
Set an environment variable
- Parameters
name (str) – Name of the environment variable
value (str) – Value of the environment variable
- Returns
Protobuf SetEnv object
- Return type
- async sideload(data, process_name, arguments, entry_point, kill)[source]
Sideload a shared library into a remote process using a platform specific in-memory loader (Windows, MacOS, Linux only)
- Parameters
data (bytes) – Shared library raw bytes
process_name (str) – Process name to sideload library into
arguments (str) – Arguments to the shared library
entry_point (str) – Entrypoint of the shared library
kill (bool) – Kill normal execution of the process when side loading the shared library
- Returns
Protobuf Sideload object
- Return type
- async spawn_dll(data, process_name, arguments, entry_point, kill)[source]
Spawn a DLL on the remote system from memory (Windows only)
- Parameters
data (bytes) – DLL raw bytes
process_name (str) – Process name to spawn DLL into
arguments (str) – Arguments to the DLL
entry_point (str) – Entrypoint of the DLL
kill (bool) – Kill normal execution of the remote process when spawing the DLL
- Returns
Protobuf SpawnDll object
- Return type
- async terminate(pid, force=False)[source]
Terminate a remote process
- Parameters
pid (int) – The process ID to terminate.
force (bool, optional) – Force termination of the process, defaults to False
- Returns
Protobuf terminate object
- Return type
- async unset_env(key)[source]
Unset an environment variable
- Parameters
value (str) – Value of the environment variable
- Returns
Protobuf SetEnv object
- Return type
- async upload(remote_path, data, is_ioc=False)[source]
Write data to specified path on remote file system
- Parameters
remote_path (str) – Remote path
data (bytes) – Data to write
is_ioc (bool, optional) – Data is an indicator of compromise, defaults to False
- Returns
Protobuf Upload object
- Return type