Learning Ansible with setting up Sliver servers

Ansible is a framework for automating system task. This often done with playbooks, yaml files that tell ansible what to run on the remote (or local) systems. The systems to have the playbooks run on them are organized into inventory, files that tell ansible how to connect to and which systems.

After learning about Ansible from Jeff Geerling's channel, I knew I wanted to learn how to use this to help me setup red team practice labs. I highly recommend watching his playlist on Ansible 101 and picking up his book, Ansible for Devops.

Seeing that an apache2 playbook was one of the first playbooks and I've wanted to learn more about Sliver c2 framework, I decided that creating a Sliver Playbook would be decent first project.

Note: This was written in org as literate programming for the files needed to execute the Ansible playbook, if you recreate you will want to make sure the portions of code go into the correct files.

This is being ran on a vagrant box I setup, for ultimate infrastructure as code, that is a basic ubuntu server. I didn't want to install this on my kali machine because part of the practice and learning is to setup as close to a production setup as possible.

[sliver_backend]
192.168.100.12 ansible_user=vagrant

[developer]
172.16.100.13

Here we are creating the playbook, naming the hosts from the inventory file (note: [developer] should not have anything run on it). become is to indicate to become root and finally, the vars_files specifies the variable file(s) we are using. In this case, the variables will give us the release to download, operator name, and save location.

---
- hosts: sliver_backend
  become: yes
  vars_files:
    - sliver_vars.yml

This is what the sliver_vars.yml contains, ideally we would pass in a checksum in production so that our get_url Ansible module can check upon downloading to detect any changes to the binary.

---
sliver_version_num: 1.5.33
sliver_checksum: null
operator_name: rbrins
operator_config_file_loc: /home/vagrant/sliver.cfg
sliver_lhost: 192.168.100.12

Coming back to the sliver.yml we then define the task to get sliver running in daemon mode.

• Create the directory in /opt/sliver to place the downloaded binary
• Download the binary and set the executable permissions of it, we are passing in the version number from our variables file (this is where we would checksum check if that variable was set and we added a line of checksum: {{ sliver_checksum }}
• Sliver's getting started page recommended installing mingw-w64 so that is what this is doing, using the apt Ansible module
• Then creating the operator file based on the variables, I think I will bring this out of this playbook in the future into an operations playbook

tasks:
  - name: Create /opt/sliver/ directory.
    file:
      path: /opt/sliver
      state: directory
      mode: 0777

  - name: "Download sliver {{ sliver_version_num }}."
    get_url:
      url:  https://github.com/BishopFox/sliver/releases/download/v{{ sliver_version_num }}/sliver-server_linux
      dest: /opt/sliver/sliver
      mode: 0755

  - name: Install Sliver optional, recommended dependencies.
    apt:
      update_cache: true
      name: mingw-w64
      state: present

  - name: Generate default operator config file.
    shell:
      cmd: "/opt/sliver/sliver operator -l {{ sliver_lhost  }} -n {{ operator_name }} -s {{ operator_config_file_loc }}"
      creates: "{{ operator_config_file_loc }}"

Our next task will be to start Sliver in daemon mode, before we can do that we should setup our systemd service file.

[Unit]
Description=Sliver C2 Server

[Service]
ExecStart=/opt/sliver/sliver daemon

[Install]
WantedBy=multi-user.target

We finish up the sliver.yml file with copying over the sliver.service file we created above and then ensure systemd is running the sliver service.

- name: Copy Sliver systemd file.
  template:
    src: sliver.service
    dest: /etc/systemd/system/sliver.service

- name: Ensure Sliver is running.
  systemd:
    name: sliver
    state: started
    enabled: true

1. Remember to copy your ssh public key into the authorized keys of your vagrant file (I do this at provisioning)
2. Make sure your private key is on the machine you are using Ansible from (I'm using Ansible from WSL so I needed to point Ansible to private key and correct user)
3. Run ansible-playbook -i inventory sliver.yml

• Jeff Geerling's channel
• Ansible for Devops
• Sliver C2