Skip to main content

Save & View Loot

Sliver has a loot command which can store files and credentials on the server-side. The files are stored in the /root/.sliver/loot/files directory, and credentials are stored in the /root/.sliver/loot/credentials directory. The information is stored on the server so all operators have access to it.

Usage:
======
  loot [flags]

Flags:
======
  -f, --filter  string    filter based on loot type
  -h, --help              display help
  -t, --timeout int       command timeout in seconds (default: 60)

Sub Commands:
=============
  creds   Add credentials to the server's loot store
  fetch   Fetch a piece of loot from the server's loot store
  local   Add a local file to the server's loot store
  remote  Add a remote file from the current session to the server's loot store
  rename  Re-name a piece of existing loot
  rm      Remove a piece of loot from the server's loot store

To view the loot that is stored, use the loot command.

sliver (linsession) > loot

Type  Name                                                   File Name                                           UUID
====  ====                                                   =========                                           ====
File  [execute] SharpUp on WinLaptop (20241005192226)        execute_WinLaptop_SharpUp_20241005192226.log        dc11a9ec-69cf-4781-997b-33881ecfc13e
File  [execute] enum4linux on kali-nucbox5 (20241006152251)  execute_kali-nucbox5_enum4linux_20241006152251.log  65aeea43-8372-49a4-a8f1-3fd60407964c

sliver (linsession) >

To view the contents of the loot, you can run the loot fetch command, which presents a list of all files. Use the arrow keys to select the proper file.

sliver (linsession) > loot fetch

? Select a piece of loot: [execute] enum4linux on kali-nucbox5 (20241006152251)  execute_kali-nucbox5_enum4linux_20241006152251.log  LOOT_FILE  65aeea43-8372-49a4-a8f1-3fd60407964c

File Name: execute_kali-nucbox5_enum4linux_20241006152251.log

Output (stdout):
Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Oct  6 11:22:31 2024

 =========================================( Target Information )=========================================

Target ........... localhost
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none

To add some loot, you can save the output from commands there. In this case, we use the -X flag to save the output of the command in the loot section.

sliver (linsession) > execute -o -X enum4linux -a localhost

[*] Successfully looted execute_kali-nucbox5_enum4linux_20241006160812.log ([execute] enum4linux on kali-nucbox5 (20241006160812)) (ID: 4798c785-d83f-46bf-9329-394ce9dcfa33)
[*] Output:
Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Oct  6 12:07:51 2024

 =========================================( Target Information )=========================================

Target ........... localhost
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none