Skip to main content

Save & View Loot

Sliver has a loot command which can store files and credentials on the server-side. The files are stored in the /root/.sliver/loot/files directory, and credentials are stored in the /root/.sliver/loot/credentials directory. The information is stored on the server so all operators have access to it.

Usage:
======
  loot [flags]

Flags:
======
  -f, --filter  string    filter based on loot type
  -h, --help              display help
  -t, --timeout int       command timeout in seconds (default: 60)

Sub Commands:
=============
  creds   Add credentials to the server's loot store
  fetch   Fetch a piece of loot from the server's loot store
  local   Add a local file to the server's loot store
  remote  Add a remote file from the current session to the server's loot store
  rename  Re-name a piece of existing loot
  rm      Remove a piece of loot from the server's loot store

To view the loot that is stored, use the loot command.

sliver (winsession) > loot

Type  Name                                             File Name                                     UUID
====  ====                                             =========                                     ====
File  [execute] SharpUp on WinLaptop (20241005192226)  execute_WinLaptop_SharpUp_20241005192226.log  dc11a9ec-69cf-4781-997b-33881ecfc13e

sliver (winsession) >

To view the contents of the loot, you can run the loot fetch command, which presents a list of all files. Use the arrow keys to select the proper file.

sliver (winsession) > loot fetch

? Select a piece of loot:  [Use arrows to move, type to filter]
> [execute] SharpUp on WinLaptop (20241005192226)  execute_WinLaptop_SharpUp_20241005192226.log  LOOT_FILE  dc11a9ec-69cf-4781-997b-33881ecfc13e

To add some loot, you can save the output from commands there.

sliver (winsession) > loot fetch

? Select a piece of loot: [execute] SharpUp on WinLaptop (20241005192226)  execute_WinLaptop_SharpUp_20241005192226.log  LOOT_FILE  dc11a9ec-69cf-4781-997b-33881ecfc13e

File Name: execute_WinLaptop_SharpUp_20241005192226.log

Output (stdout):

=== SharpUp: Running Privilege Escalation Checks ===

[*] In medium integrity but user is a local administrator- UAC can be bypassed.

[*] Audit mode: running an additional 15 check(s).
[!] Modifialbe scheduled tasks were not evaluated due to permissions.

=== Modifiable Folders in %PATH% ===
        C:\Users\steve\Downloads\platform-tools\platform-tools


[*] Completed Privesc Checks in 18 seconds