package clientpb

Get desktop application:
View/edit binary Protocol Buffers messages

Used as response type in: rpcpb.SliverRPC.Hosts

repeated Host Hosts = 1

Used as response type in: rpcpb.SliverRPC.LootAll

repeated Loot Loot = 1

Used as response type in: rpcpb.SliverRPC.Backdoor

optional commonpb.Response Response = 9

Used as request type in: rpcpb.SliverRPC.Backdoor

string FilePath = 1
string ProfileName = 2
string Name = 3
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.GetBeacon, rpcpb.SliverRPC.GetBeaconTasks, rpcpb.SliverRPC.RmBeacon

Used as response type in: rpcpb.SliverRPC.GetBeacon

Used as field type in: Beacons

string ID = 1
string Name = 2
string Hostname = 3
string UUID = 4
string Username = 5
string UID = 6
string GID = 7
string OS = 8
string Arch = 9
string Transport = 10
string RemoteAddress = 11
int32 PID = 12
string Filename = 13
Argv[0]
int64 LastCheckin = 14
string ActiveC2 = 15
string Version = 16
bool Evasion = 17
bool IsDead = 18
string ProxyURL = 20
int64 ReconnectInterval = 21
int64 Interval = 22
int64 Jitter = 23
bool Burned = 24
int64 NextCheckin = 25
int64 TasksCount = 26
int64 TasksCountCompleted = 27
string Locale = 28
int64 FirstContact = 29
string Integrity = 30

Used as request type in: rpcpb.SliverRPC.UpdateBeaconIntegrityInformation

string BeaconID = 1
string Integrity = 2

Used as request type in: rpcpb.SliverRPC.CancelBeaconTask, rpcpb.SliverRPC.GetBeaconTaskContent

Used as response type in: rpcpb.SliverRPC.CancelBeaconTask, rpcpb.SliverRPC.GetBeaconTaskContent

Used as field type in: BeaconTasks

string ID = 1
string BeaconID = 2
int64 CreatedAt = 3
string State = 4
int64 SentAt = 5
int64 CompletedAt = 6
bytes Request = 7
bytes Response = 8
string Description = 9

Used as response type in: rpcpb.SliverRPC.GetBeaconTasks

string BeaconID = 1
repeated BeaconTask Tasks = 2

Used as response type in: rpcpb.SliverRPC.GetBeacons

repeated Beacon Beacons = 2

Used as request type in: rpcpb.SliverRPC.BuilderRegister

Used as field type in: Builders

string Name = 1
string OperatorName = 2
string GOOS = 3
The builder's OS
string GOARCH = 4
The builder's Arch
repeated string Templates = 5
repeated CompilerTarget Targets = 6
repeated CrossCompiler CrossCompilers = 7

Used as response type in: rpcpb.SliverRPC.Builders

repeated Builder Builders = 1

Used as request type in: rpcpb.SliverRPC.GetHTTPC2ProfileByName

string Name = 1

Used in: Crackstation

string Type = 1
int32 VendorID = 2
string Vendor = 3
string Name = 4
string Version = 5
int32 Processors = 6
int32 Clock = 7
string MemoryTotal = 8
string MemoryFree = 9
string CUDAVersion = 10

Used as response type in: rpcpb.SliverRPC.Canaries

repeated DNSCanary Canaries = 1

Used in: CertificateInfo

string CN = 1
string CreationTime = 2
string ValidityStart = 3
string ValidityExpiry = 4
string Type = 5
string KeyAlgorithm = 6
string ID = 7

Used as response type in: rpcpb.SliverRPC.GetCertificateInfo

repeated CertificateData info = 1

Used as request type in: rpcpb.SliverRPC.GetCertificateInfo

uint32 CategoryFilters = 1
string CN = 2

[ Events ] ----------------------------------------

Used in: Event

uint32 ID = 1
string Name = 2
optional Operator Operator = 3

[ Client Logs ] ----------------------------------------

Used as request type in: rpcpb.SliverRPC.ClientLog

string Stream = 1
bytes Data = 2

uint64 TunnelID = 8
optional commonpb.Request Request = 9

Used as response type in: rpcpb.SliverRPC.GetCompiler

string GOOS = 1
The server's OS
string GOARCH = 2
The server's Arch
repeated CompilerTarget Targets = 3
repeated CrossCompiler CrossCompilers = 4
repeated CompilerTarget UnsupportedTargets = 5

Used in: Builder, Compiler

string GOOS = 1
The server's OS
string GOARCH = 2
The server's Arch
OutputFormat Format = 3

Used in: CrackCommand

STRAIGHT = 0
COMBINATION = 1
BRUTEFORCE = 3
HYBRID_WORDLIST_MASK = 6
HYBRID_MASK_WORDLIST = 7
ASSOCIATION = 9
NO_ATTACK = 10

Used as request type in: rpcpb.SliverRPC.CrackstationBenchmark

string Name = 1
string HostUUID = 2
map<int32, uint64> Benchmarks = 3

Used in: CrackTask

CrackAttackMode AttackMode = 1
HashType HashType = 2
repeated string Hashes = 3
bool Quiet = 4
--version --help
bool HexCharset = 5
bool HexSalt = 6
bool HexWordlist = 7
bool Force = 8
bool DeprecatedCheckDisable = 9
bool Status = 10
bool StatusJSON = 11
uint32 StatusTimer = 12
uint32 StdinTimeoutAbort = 13
bool MachineReadable = 14
bool KeepGuessing = 15
bool SelfTestDisable = 16
bool Loopback = 17
bytes MarkovHcstat2 = 18
--markov-hcstat2 FILE
bool MarkovDisable = 19
bool MarkovClassic = 20
bool MarkovInverse = 21
uint32 MarkovThreshold = 22
uint32 Runtime = 23
string Session = 24
[a-zA-Z0-9_-]
bool Restore = 25
bool RestoreDisable = 26
bytes RestoreFile = 27
--restore-file-path FILE
repeated CrackOutfileFormat OutfileFormat = 29
--outfile FILE (28)
bool OutfileAutohexDisable = 30
uint32 OutfileCheckTimer = 31
bool WordlistAutohexDisable = 32
string Separator = 33
single char
bool Stdout = 34
bool Show = 35
bool Left = 36
bool Username = 37
bool Remove = 38
uint32 RemoveTimer = 39
bool PotfileDisable = 40
bytes Potfile = 41
--potfile-path FILE
CrackEncoding EncodingFrom = 42
CrackEncoding EncodingTo = 43
uint32 DebugMode = 44
bool LogfileDisable = 48
--debug-file FILE (45) --induction-dir DIR (46) --outfile-check-dir DIR (47)
uint32 HccapxMessagePair = 49
uint32 NonceErrorCorrections = 50
bytes KeyboardLayoutMapping = 51
--keyboard-layout-mapping FILE
bool Benchmark = 56
--truecrypt-keyfiles FILE (52) --veracrypt-keyfiles FILE (53) --veracrypt-pim-start PIM (54) --veracrypt-pim-stop PIM (55)
bool BenchmarkAll = 57
bool SpeedOnly = 58
bool ProgressOnly = 59
uint32 SegmentSize = 60
uint32 BitmapMin = 61
uint32 BitmapMax = 62
repeated uint32 CPUAffinity = 63
uint32 HookThreads = 64
bool HashInfo = 65
bool BackendIgnoreCUDA = 67
--example-hashes (66)
bool BackendIgnoreHip = 68
bool BackendIgnoreMetal = 69
bool BackendIgnoreOpenCL = 70
bool BackendInfo = 71
repeated uint32 BackendDevices = 72
repeated uint32 OpenCLDeviceTypes = 73
bool OptimizedKernelEnable = 74
bool MultiplyAccelDisabled = 75
CrackWorkloadProfile WorkloadProfile = 76
uint32 KernelAccel = 77
uint32 KernelLoops = 78
uint32 KernelThreads = 79
uint32 BackendVectorWidth = 80
uint32 SpinDamp = 81
bool HwmonDisable = 82
uint32 HwmonTempAbort = 83
uint32 ScryptTMTO = 84
uint64 Skip = 85
uint64 Limit = 86
bool Keyspace = 87
bytes RulesFile = 90
--rule-left (88) --rule-right (89)
--rules-file FILE
uint32 GenerateRules = 91
uint32 GenerateRulesFunMin = 92
uint32 GenerateRulesFunMax = 93
string GenerateRulesFuncSel = 94
int32 GenerateRulesSeed = 95
string CustomCharset1 = 96
string CustomCharset2 = 97
string CustomCharset3 = 98
string CustomCharset4 = 99
string Identify = 100
bool Increment = 101
uint32 IncrementMin = 102
uint32 IncrementMax = 103
bool SlowCandidates = 104
bool BrainServer = 105
uint32 BrainServerTimer = 106
bool BrainClient = 107
string BrainClientFeatures = 108
string BrainHost = 109
uint32 BrainPort = 110
string BrainPassword = 111
string BrainSession = 112
string BrainSessionWhitelist = 113

bool AutoFire = 1
int64 MaxFileSize = 2
int64 ChunkSize = 3
int64 MaxDiskUsage = 4

Used in: CrackCommand

INVALID_ENCODING = 0
ISO_8859_15 = 1
UTF_32LE = 2

Used as request type in: rpcpb.SliverRPC.CrackFileComplete, rpcpb.SliverRPC.CrackFileCreate, rpcpb.SliverRPC.CrackFileDelete, rpcpb.SliverRPC.CrackFilesList

Used as response type in: rpcpb.SliverRPC.CrackFileCreate

Used as field type in: CrackFiles

string ID = 1
int64 CreatedAt = 2
int64 LastModified = 3
string Name = 4
int64 UncompressedSize = 5
string Sha2_256 = 6
CrackFileType Type = 7
bool IsCompressed = 8
int64 MaxFileSize = 9
int64 ChunkSize = 10
repeated CrackFileChunk Chunks = 100

Used as request type in: rpcpb.SliverRPC.CrackFileChunkDownload, rpcpb.SliverRPC.CrackFileChunkUpload

Used as response type in: rpcpb.SliverRPC.CrackFileChunkDownload

Used as field type in: CrackFile

string ID = 1
string CrackFileID = 2
uint32 N = 3
bytes Data = 9

Used in: CrackFile

INVALID_TYPE = 0
WORDLIST = 1
RULES = 2
MARKOV_HCSTAT2 = 3

Used as response type in: rpcpb.SliverRPC.CrackFilesList

repeated CrackFile Files = 1
int64 CurrentDiskUsage = 2
int64 MaxDiskUsage = 3

IN_PROGRESS = 0
COMPLETED = 1
FAILED = 2

Used in: CrackCommand

INVALID_FORMAT = 0
HASH_SALT = 1
1 | hash[:salt]
PLAIN = 2
2 | plain
HEX_PLAIN = 3
3 | hex_plain
CRACK_POS = 4
4 | crack_pos
TIMESTAMP_ABSOLUTE = 5
5 | timestamp absolute
TIMESTAMP_RELATIVE = 6
6 | timestamp relative

Used in: CrackstationStatus

float Speed = 1
map<string, float> Progress = 2

Used as request type in: rpcpb.SliverRPC.CrackTaskByID, rpcpb.SliverRPC.CrackTaskUpdate

Used as response type in: rpcpb.SliverRPC.CrackTaskByID

string ID = 1
string HostUUID = 2
CrackstationID
int64 CreatedAt = 3
int64 StartedAt = 4
int64 CompletedAt = 5
string Err = 7
optional CrackCommand Command = 9

Used in: CrackCommand

INVALID_WORKLOAD_PROFILE = 0
LOW = 1
DEFAULT = 2
HIGH = 3
NIGHTMARE = 4

Used as request type in: rpcpb.SliverRPC.CrackstationRegister

Used as field type in: Crackstations

string ID = 1
string Name = 2
string OperatorName = 3
string GOOS = 4
The cracker's OS
string GOARCH = 5
The cracker's Arch
string HashcatVersion = 6
string HostUUID = 7
string Version = 8
map<int32, uint64> Benchmarks = 9
repeated CUDABackendInfo CUDA = 100
repeated MetalBackendInfo Metal = 101
repeated OpenCLBackendInfo OpenCL = 102

string Name = 1
string HostUUID = 2
States State = 3
string CurrentCrackJobID = 4
bool IsSyncing = 5
optional CrackSyncStatus Syncing = 6

[ Crackstation ] ----------------------------------------

Used as response type in: rpcpb.SliverRPC.Crackstations

repeated Crackstation Crackstations = 1

uint32 SessionID = 1
uint64 TunnelID = 8

[ Tunnels ] ----------------------------------------

optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.CredsSniffHashType, rpcpb.SliverRPC.GetCredByID, rpcpb.SliverRPC.GetCredsByHashType, rpcpb.SliverRPC.GetPlaintextCredsByHashType

Used as response type in: rpcpb.SliverRPC.CredsSniffHashType, rpcpb.SliverRPC.GetCredByID

Used as field type in: Credentials

string ID = 1
string Username = 2
string Plaintext = 3
string Hash = 4
HashType HashType = 5
bool IsCracked = 6
string OriginHostUUID = 7
string Collection = 8

Used as request type in: rpcpb.SliverRPC.CredsAdd, rpcpb.SliverRPC.CredsRm, rpcpb.SliverRPC.CredsUpdate

Used as response type in: rpcpb.SliverRPC.Creds, rpcpb.SliverRPC.GetCredsByHashType, rpcpb.SliverRPC.GetPlaintextCredsByHashType

repeated Credential Credentials = 1

Used in: Builder, Compiler

string TargetGOOS = 1
The server's OS
string TargetGOARCH = 2
The server's Arch
string CCPath = 3
string CXXPath = 4

DNSCanary - Single canary and metadata

Used in: Canaries

string ID = 1
string ImplantName = 2
string Domain = 3
bool Triggered = 4
string FirstTriggered = 5
string LatestTrigger = 6
uint32 Count = 7

Used as request type in: rpcpb.SliverRPC.StartDNSListener

Used as field type in: ListenerJob

repeated string Domains = 1
bool Canaries = 2
string Host = 3
uint32 Port = 4
bool EnforceOTP = 6

Used as request type in: rpcpb.SliverRPC.DeleteImplantBuild, rpcpb.SliverRPC.DeleteImplantProfile

string Name = 1

Used as response type in: rpcpb.SliverRPC.HijackDLL

optional commonpb.Response Response = 9

[ Dll Hijack ] ----------------------------------------

Used as request type in: rpcpb.SliverRPC.HijackDLL

string ReferenceDLLPath = 1
string TargetLocation = 2
bytes ReferenceDLL = 3
bytes TargetDLL = 4
string ProfileName = 5
string Name = 6
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.BuilderTrigger, rpcpb.SliverRPC.CrackstationTrigger

Used as response type in: rpcpb.SliverRPC.BuilderRegister, rpcpb.SliverRPC.CrackstationRegister, rpcpb.SliverRPC.Events

string EventType = 1
optional Session Session = 2
optional Job Job = 3
optional Client Client = 4
bytes Data = 5
string Err = 6
Can't trigger normal gRPC error

Used in: Host

string Output = 1

Used as request type in: rpcpb.SliverRPC.GenerateExternal

optional ImplantConfig Config = 1
string BuilderName = 2
string Name = 3

Used as request type in: rpcpb.SliverRPC.GenerateExternalSaveBuild

string Name = 1
string ImplantBuildID = 2
optional commonpb.File File = 3

Used as response type in: rpcpb.SliverRPC.GenerateExternal, rpcpb.SliverRPC.GenerateExternalGetBuildConfig

optional ImplantConfig Config = 1
optional ImplantBuild Build = 2
optional HTTPC2Config HTTPC2 = 3
map<string, uint64> encoders = 4

[ Loot ] ----------------------------------------

Used in: Loot

NO_FILE = 0
BINARY = 1
TEXT = 2

Used as response type in: rpcpb.SliverRPC.Generate, rpcpb.SliverRPC.GenerateStage, rpcpb.SliverRPC.Regenerate

optional commonpb.File File = 1

Used as request type in: rpcpb.SliverRPC.Generate

optional ImplantConfig Config = 1
string Name = 2

Used as request type in: rpcpb.SliverRPC.GenerateStage

string Profile = 1
string Name = 2
string AESEncryptKey = 3
string AESEncryptIv = 4
string RC4EncryptKey = 5
bool PrependSize = 6
string CompressF = 7
string Compress = 8

GetSystemReq - Client request to the server which is translated into InvokeSystemReq when sending to the implant.

Used as request type in: rpcpb.SliverRPC.GetSystem

string HostingProcess = 1
optional ImplantConfig Config = 2
string Name = 3
optional commonpb.Request Request = 9

Used as response type in: rpcpb.SliverRPC.GetHTTPC2ProfileByName

Used as field type in: ExternalImplantConfig, HTTPC2ConfigReq, HTTPC2Configs

string ID = 1
int64 Created = 2
string Name = 3
optional HTTPC2ServerConfig ServerConfig = 4
optional HTTPC2ImplantConfig ImplantConfig = 5

Used as request type in: rpcpb.SliverRPC.SaveHTTPC2Profile

bool overwrite = 1
optional HTTPC2Config C2Config = 2

[ HTTP C2 ] ----------------------------------------

Used as response type in: rpcpb.SliverRPC.GetHTTPC2Profiles

repeated HTTPC2Config configs = 1

Used in: HTTPC2ServerConfig

string ID = 1
string Name = 2

Used in: HTTPC2ImplantConfig, HTTPC2ServerConfig

string ID = 1
string Method = 2
string Name = 3
string Value = 4
int32 Probability = 5

Used in: HTTPC2Config

string ID = 1
string UserAgent = 2
int32 ChromeBaseVersion = 3
string MacOSVersion = 4
string NonceQueryArgChars = 5
repeated HTTPC2URLParameter ExtraURLParameters = 6
repeated HTTPC2Header Headers = 7
int32 MaxFileGen = 8
int32 MinFileGen = 9
int32 MaxPathGen = 10
int32 MinPathGen = 11
int32 MaxPathLength = 12
int32 MinPathLength = 13
repeated string extensions = 14
repeated HTTPC2PathSegment PathSegments = 17
int32 NonceQueryLength = 18
string NonceMode = 19

Used in: HTTPC2ImplantConfig

string ID = 1
bool IsFile = 2
string Value = 3

POLL = 0
SESSION = 1
CLOSE = 2

Used in: HTTPC2Config

string ID = 1
bool RandomVersionHeaders = 2
repeated HTTPC2Header Headers = 3
repeated HTTPC2Cookie Cookies = 4

Used in: HTTPC2ImplantConfig

string ID = 1
string Method = 2
string Name = 3
string Value = 4
int32 Probability = 5

Used as request type in: rpcpb.SliverRPC.StartHTTPListener, rpcpb.SliverRPC.StartHTTPSListener

Used as field type in: ListenerJob

string Domain = 1
string Host = 2
uint32 Port = 3
bool Secure = 4
Enable HTTPS
string Website = 5
bytes Cert = 6
bytes Key = 7
bool ACME = 8
bool EnforceOTP = 10
int64 LongPollTimeout = 11
int64 LongPollJitter = 12
bool RandomizeJARM = 13
Only valid with Secure = true

Used in: CrackCommand, Credential

MD5 = 0
MD5 - zero must come first in an enum
MD4 = 900
MD4
SHA1 = 100
MD5
SHA1
SHA2_224 = 1300
SHA2-224
SHA2_256 = 1400
SHA2-256
SHA2_384 = 10800
SHA2-384
SHA2_512 = 1700
SHA2-512
SHA3_224 = 17300
SHA3-224
SHA3_256 = 17400
SHA3-256
SHA3_384 = 17500
SHA3-384
SHA3_512 = 17600
SHA3-512
RIPEMD_160 = 6000
RIPEMD-160
BLAKE2B_256 = 600
BLAKE2b-512
GOST_R_32_11_2012_256 = 11700
GOST R 34.11-2012 (Streebog) 256-bit, big-endian
GOST_R_32_11_2012_512 = 11800
GOST R 34.11-2012 (Streebog) 512-bit, big-endian
GOST_R_34_11_94 = 6900
GOST R 34.11-94
GPG = 17010
GPG (AES-128/AES-256 (SHA-1($pass)))
HALF_MD5 = 5100
Half MD5
KECCAK_224 = 17700
Keccak-224
KECCAK_256 = 17800
Keccak-256
KECCAK_384 = 17900
Keccak-384
KECCAK_512 = 18000
Keccak-512
WHIRLPOOL = 6100
Whirlpool
SIPHASH = 10100
SipHash
MD5_UTF16LE = 70
md5(utf16le($pass))
SHA1_UTF16LE = 170
sha1(utf16le($pass))
SHA256_UTF16LE = 1470
sha256(utf16le($pass))
SHA384_UTF16LE = 10870
sha384(utf16le($pass))
SHA512_UTF16LE = 1770
sha512(utf16le($pass))
BLAKE2B_512_PW_SALT = 610
BLAKE2b-512($pass.$salt)
BLAKE2B_512_SALT_PW = 620
BLAKE2b-512($salt.$pass)
MD5_PW_SALT = 10
md5($pass.$salt)
MD5_SALT_PW = 20
md5($salt.$pass)
MD5_SALT_PW_SALT = 3800
md5($salt.$pass.$salt)
MD5_SALT_MD5_PW = 3710
md5($salt.md5($pass))
CRC32 = 11500
CRC32
CRC32C = 27900
CRC32B
CRC64Jones = 28000
CRC64-Jones
JAVA_OBJECT = 18700
MURMUR = 25700
MurmurHash
MURMUR3 = 27800
MurmurHash3
THREE_DES = 14100
3DES (PT = $salt, key = $pass)
DES = 14000
DES (PT = $salt, key = $pass)
AES_128_ECB = 26401
AES-128-ECB NOKDF (PT = $salt, key = $pass)
AES_192_ECB = 26402
AES-192-ECB NOKDF (PT = $salt, key = $pass)
AES_256_ECB = 26403
AES-256-ECB NOKDF (PT = $salt, key = $pass)
CHA_CHA_20 = 15400
ChaCha20
LINUX_KERNEL_CRYPTO_API_24 = 14500
Linux Kernel Crypto API (2.4)
SKIP_32 = 14900
Skip32 (PT = $salt, key = $pass)
PBKDF2_HMAC_MD5 = 11900
PBKDF2-HMAC-MD5
PBKDF2_HMAC_SHA1 = 12000
PBKDF2-HMAC-SHA1
PBKDF2_HMAC_SHA256 = 10900
PBKDF2-HMAC-SHA256
PBKDF2_HMAC_SHA512 = 12100
PBKDF2-HMAC-SHA512
SCRYPT = 8900
scrypt
PHPASS = 400
phpass
TACACS_PLUS = 16100
TACACS+
SIP_DIGEST = 11400
SIP digest authentication (MD5)
IKE_MD5 = 5300
IKE-PSK MD5
IKE_SHA1 = 5400
IKE-PSK SHA1
SNMP_V3_HMAC_MD5_96 = 25100
SNMPv3 HMAC-MD5-96
SNMP_V3_HMAC_MD5_96__SHA1_96 = 25000
SNMPv3 HMAC-MD5-96 / HMAC-SHA1-96
SNMP_V3_HMAC_SHA1_96 = 25200
SNMPv3 HMAC-SHA1-96
SNMP_V3_HMAC_SHA224_128 = 26700
SNMPv3 HMAC-SHA224-128
SNMP_V3_HMAC_SHA256_192 = 26800
SNMPv3 HMAC-SHA256-192
SNMP_V3_HMAC_SHA384_256 = 26900
SNMPv3 HMAC-SHA384-256
SNMP_V3_HMAC_SHA512_384 = 27300
SNMPv3 HMAC-SHA512-384
WPA_EAPOL_PBKDF2 = 2500
WPA-EAPOL-PBKDF2
WPA_EAPOL_PMK = 2501
WPA-EAPOL-PMK
WPA_PBKDF2_PMKID_EAPOL = 22000
WPA-PBKDF2-PMKID+EAPOL
WPA_PMK_PMKID_EAPOL = 22001
WPA-PMK-PMKID+EAPOL
WPA_PMKID_PBKDF2 = 16800
WPA-PMKID-PBKDF2
WPA_PMKID_PMK = 16801
WPA-PMKID-PMK
IPMI2_PAKP_HMAC_SHA1 = 7300
IPMI2 RAKP HMAC-SHA1
CRAM_MD5 = 10200
CRAM-MD5
JWT = 16500
JWT (JSON Web Token)
RADMIN_3 = 29200
Radmin3
KERBEROS_17_TGS_REP = 19600
Kerberos 5, etype 17, TGS-REP
KERBEROS_17_PREAUTH = 19800
Kerberos 5, etype 17, Pre-Auth
KERBEROS_17_DB = 28800
Kerberos 5, etype 17, DB
KERBEROS_18_TGS_REP = 19700
Kerberos 5, etype 18, TGS-REP
KERBEROS_18_PREAUTH = 19900
Kerberos 5, etype 18, Pre-Auth
KERBEROS_18_DB = 28900
Kerberos 5, etype 18, DB
KERBEROS_23_SA_REQ_PREAUTH = 7500
Kerberos 5, etype 23, AS-REQ Pre-Auth
KERBEROS_23_TGS_REP = 13100
Kerberos 5, etype 23, TGS-REP
KERBEROS_23_AS_REP = 18200
Kerberos 5, etype 23, AS-REP
NET_NTLM_V1 = 5500
NetNTLMv1 / NetNTLMv1+ESS
NET_NTLM_V1_NT = 27000
NetNTLMv1 / NetNTLMv1+ESS (NT)
NET_NTLM_V2 = 5600
NetNTLMv2
NET_NTLM_V2_NT = 27100
NetNTLMv2 (NT)
FLASK = 29100
Flask Session Cookie ($salt.$salt.$pass)
ISCSI_CHAP = 4800
iSCSI CHAP authentication, MD5(CHAP)
RACF = 8500
AIX_SMD5 = 6300
AIX_SSHA1 = 6700
AIX_SSHA256 = 6400
AIX_SSHA512 = 6500
LM = 3000
LM
QNX_MD5 = 19000
QNX /etc/shadow (MD5)
QNX_SHA256 = 19100
QNX /etc/shadow (SHA256)
QNX_SHA512 = 19200
QNX /etc/shadow (SHA512)
DPAPI_V1_CTX_1_AND_2 = 15300
DPAPI masterkey file v1 (context 1 and 2)
DPAPI_V1_CTX_3 = 15310
DPAPI masterkey file v1 (context 3)
DPAPI_V2_CTX_1_AND_2 = 15900
DPAPI masterkey file v2 (context 1)
DPAPI_V2_CTX_3 = 15910
DPAPI masterkey file v2 (context 3)
GRUB_2 = 7200
GRUB 2
MS_AZURE_SYNC = 12800
MS-AzureSync PBKDF2-HMAC-SHA256
BSDI_CRYPT = 12400
BSDi Crypt, Extended DES
NTLM = 1000
NTLM
RADMIN2 = 9900
Radmin2
SAMSUNG_ANDROID = 5800
Samsung Android Password/PIN
WINDOWS_HELLO_PIN = 28100
Windows Hello PIN/Password
WINDOWS_PHONE = 13800
Windows Phone 8+ PIN/Password
CISCO_ASA_MD5 = 2410
Cisco-ASA MD5
CISCO_IOS_PBKDF2_SHA256 = 9200
Cisco-IOS $8$ (PBKDF2-SHA256)
CISCO_IOS_SCRYPT = 9300
Cisco-IOS $9$ (scrypt)
CISCO_PIX_MD5 = 2400
Cisco-Pix MD5
CITRIX_NETSCALER_SHA1 = 8100
Citrix NetScaler (SHA1)
CITRIX_NETSCALER_SHA512 = 22200
Citrix NetScaler (SHA512)
DCC = 1100
Domain Cached Credentials (DCC), MS Cache
DCC2 = 2100
Domain Cached Credentials 2 (DCC2), MS Cache 2
MACOS_10_8 = 7100
macOS v10.8+ (PBKDF2-SHA512)
INVALID = 9999
Invalid hash type
BCRYPT_UNIX = 3200
Out of order
bcrypt
SHA512_CRYPT_UNIX = 1800
sha512crypt $6$, SHA512 (Unix)

Used as request type in: rpcpb.SliverRPC.Host, rpcpb.SliverRPC.HostRm

Used as response type in: rpcpb.SliverRPC.Host

Used as field type in: AllHosts

string ID = 1
string Hostname = 2
string HostUUID = 3
string OSVersion = 4
repeated IOC IOCs = 5
map<string, ExtensionData> ExtensionData = 6
string Locale = 7
int64 FirstContact = 8

[ Hosts ] ----------------------------------------

Used as request type in: rpcpb.SliverRPC.HostIOCRm

Used as field type in: Host

string Path = 1
string FileHash = 2
string ID = 3

Used as request type in: rpcpb.SliverRPC.GenerateExternalGetBuildConfig

Used as field type in: ExternalImplantConfig, ImplantConfig

string ID = 1
string Name = 2
string MD5 = 3
string SHA1 = 4
string SHA256 = 5
bool Burned = 6
uint64 ImplantID = 7
string ImplantConfigID = 8
string AgeServerPublicKey = 9
string PeerPublicKey = 10
string PeerPrivateKey = 11
string PeerPublicKeySignature = 12
string MinisignServerPublicKey = 13
string PeerPublicKeyDigest = 14
string WGImplantPrivKey = 15
string WGServerPubKey = 16
string MtlsCACert = 17
string MtlsCert = 18
string MtlsKey = 19
bool Stage = 20

Configs of previously built implants

Used as response type in: rpcpb.SliverRPC.ImplantBuilds

map<string, ImplantConfig> Configs = 1
map<string, ResourceID> ResourceIDs = 2
map<string, bool> staged = 3

Used in: ImplantConfig

string ID = 1
uint32 Priority = 2
string URL = 3
string Options = 4
Protocol specific options

Used in: ExternalGenerateReq, ExternalImplantConfig, GenerateReq, GetSystemReq, ImplantBuilds, ImplantProfile, MigrateReq

Used as request type in: rpcpb.SliverRPC.SaveImplantProfile

Used as response type in: rpcpb.SliverRPC.SaveImplantProfile

Used as field type in: ImplantProfiles

string ID = 1
string Name = 2
optional ImplantConfig Config = 3

Used as response type in: rpcpb.SliverRPC.ImplantProfiles

repeated ImplantProfile Profiles = 1

Used as request type in: rpcpb.SliverRPC.StageImplantBuild

repeated string Build = 1

Used in: Event, Jobs

uint32 ID = 1
string Name = 2
string Description = 3
string Protocol = 4
uint32 Port = 5
repeated string Domains = 6
string ProfileName = 7

Used as response type in: rpcpb.SliverRPC.GetJobs

repeated Job Active = 1

Used as response type in: rpcpb.SliverRPC.KillJob

uint32 ID = 1
bool Success = 2

Used as request type in: rpcpb.SliverRPC.KillJob

uint32 ID = 1

[ Listeners ] ----------------------------------------

Used as response type in: rpcpb.SliverRPC.StartDNSListener, rpcpb.SliverRPC.StartHTTPListener, rpcpb.SliverRPC.StartHTTPSListener, rpcpb.SliverRPC.StartMTLSListener, rpcpb.SliverRPC.StartWGListener

string ID = 1
string Type = 2
uint32 JobID = 3
optional MTLSListenerReq MTLSConf = 4
optional WGListenerReq WGConf = 5
optional DNSListenerReq DNSConf = 6
optional HTTPListenerReq HTTPConf = 7
optional MultiplayerListenerReq MultiConf = 8
optional StagerListenerReq TCPConf = 9

Used as request type in: rpcpb.SliverRPC.LootAdd, rpcpb.SliverRPC.LootContent, rpcpb.SliverRPC.LootRm, rpcpb.SliverRPC.LootUpdate

Used as response type in: rpcpb.SliverRPC.LootAdd, rpcpb.SliverRPC.LootContent, rpcpb.SliverRPC.LootUpdate

Used as field type in: AllLoot

string ID = 1
string Name = 2
FileType FileType = 3
string OriginHostUUID = 4
int64 Size = 5
optional commonpb.File File = 9

Used as request type in: rpcpb.SliverRPC.MsfRemote

string Payload = 1
string LHost = 2
uint32 LPort = 3
string Encoder = 4
int32 Iterations = 5
uint32 PID = 8
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.Msf

string Payload = 1
string LHost = 2
uint32 LPort = 3
string Encoder = 4
int32 Iterations = 5
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.StartMTLSListener

Used as field type in: ListenerJob

string Host = 1
uint32 Port = 2

Used in: Crackstation

string Type = 1
int32 VendorID = 2
string Vendor = 3
string Name = 4
string Version = 5
int32 Processors = 6
int32 Clock = 7
string MemoryTotal = 8
string MemoryFree = 9
string MetalVersion = 10

MigrateReq - Client request to the server which is translated into InvokeMigrateReq when sending to the implant.

Used as request type in: rpcpb.SliverRPC.Migrate

uint32 Pid = 1
optional ImplantConfig Config = 2
ShellcodeEncoder Encoder = 3
string Name = 4
string ProcName = 5
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.MonitorAddConfig, rpcpb.SliverRPC.MonitorDelConfig

Used as field type in: MonitoringProviders

string ID = 1
string Type = 2
string APIKey = 3
string APIPassword = 4

watchtower

Used as response type in: rpcpb.SliverRPC.MonitorListConfig

repeated MonitoringProvider providers = 1

Used in: ListenerJob

string Host = 1
uint32 Port = 2

bool Success = 1
string Err = 2
optional commonpb.Response Response = 9

Named Pipes Messages for pivoting

string PipeName = 16
optional commonpb.Request Request = 9

Used in: Crackstation

string Type = 1
int32 VendorID = 2
string Vendor = 3
string Name = 4
string Version = 5
int32 Processors = 6
int32 Clock = 7
string MemoryTotal = 8
string MemoryFree = 9
string OpenCLVersion = 10
string OpenCLDriverVersion = 11

Used in: Client, Operators

bool Online = 1
string Name = 2

Used as response type in: rpcpb.SliverRPC.GetOperators

repeated Operator Operators = 1

Used in: CompilerTarget, ImplantConfig

SHARED_LIB = 0
SHELLCODE = 1
EXECUTABLE = 2
SERVICE = 3
THIRD_PARTY = 4

Used as response type in: rpcpb.SliverRPC.PivotGraph

repeated PivotGraphEntry Children = 1

[ Pivots ] ----------------------------------------

Used in: PivotGraph

int64 PeerID = 1
optional Session Session = 2
string Name = 3
repeated PivotGraphEntry Children = 4

Used as request type in: rpcpb.SliverRPC.Regenerate

string ImplantName = 1

Used as request type in: rpcpb.SliverRPC.Rename

string SessionID = 1
string BeaconID = 2
string Name = 3

resource IDs

Used in: ImplantBuilds

string ID = 1
string Type = 2
string Name = 3
uint64 Value = 4

Used as request type in: rpcpb.SliverRPC.RestartJobs

repeated uint32 JobIDs = 1

Used in: Event, PivotGraphEntry, Sessions

string ID = 1
string Name = 2
string Hostname = 3
string UUID = 4
string Username = 5
string UID = 6
string GID = 7
string OS = 8
string Arch = 9
string Transport = 10
string RemoteAddress = 11
int32 PID = 12
string Filename = 13
Argv[0]
int64 LastCheckin = 14
string ActiveC2 = 15
string Version = 16
bool Evasion = 17
bool IsDead = 18
int64 ReconnectInterval = 19
string ProxyURL = 20
bool Burned = 22
repeated string Extensions = 23
int64 PeerID = 25
string ConfigID = 24;
string Locale = 26
int64 FirstContact = 27
string Integrity = 28

[ commands ] ----------------------------------------

Used as response type in: rpcpb.SliverRPC.GetSessions

repeated Session Sessions = 1

Used as response type in: rpcpb.SliverRPC.ShellcodeEncoder

bytes Data = 8
optional commonpb.Response Response = 9

Used as request type in: rpcpb.SliverRPC.ShellcodeEncoder

ShellcodeEncoder Encoder = 1
string Architecture = 2
uint32 Iterations = 3
bytes BadChars = 4
bytes Data = 8
optional commonpb.Request Request = 9

[ Shellcode ] ----------------------------------------

Used in: MigrateReq, ShellcodeEncodeReq, ShellcodeEncoderMap

NONE = 0
SHIKATA_GA_NAI = 1

Used as response type in: rpcpb.SliverRPC.ShellcodeEncoderMap

map<string, ShellcodeEncoder> Encoders = 1

Used as response type in: rpcpb.SliverRPC.ShellcodeRDI

bytes Data = 1

Used as request type in: rpcpb.SliverRPC.ShellcodeRDI

bytes Data = 1
string FunctionName = 2
string Arguments = 3

Used in: StagerListenerReq

TCP = 0
HTTP = 1
HTTPS = 2

Used as response type in: rpcpb.SliverRPC.StartTCPStagerListener

uint32 JobID = 1

Used as request type in: rpcpb.SliverRPC.StartTCPStagerListener

Used as field type in: ListenerJob

StageProtocol Protocol = 1
string Host = 2
uint32 Port = 3
bytes Data = 4
string ProfileName = 5

Used in: CrackstationStatus

IDLE = 0
CRACKING = 1
INITIALIZING = 2

bool Success = 1
string Err = 2
optional commonpb.Response Response = 9

TCP Messages for pivoting

string Address = 16
optional commonpb.Request Request = 9

Used as request type in: rpcpb.SliverRPC.TrafficEncoderAdd, rpcpb.SliverRPC.TrafficEncoderRm

Used as field type in: TrafficEncoderMap, TrafficEncoderTests

uint64 ID = 1
optional commonpb.File Wasm = 2
bool SkipTests = 8
string TestID = 9

Used as response type in: rpcpb.SliverRPC.TrafficEncoderMap

map<string, TrafficEncoder> Encoders = 1
File Name -> TrafficEncoder

Used in: TrafficEncoderTests

string Name = 1
bool Completed = 2
bool Success = 3
int64 Duration = 4
string Err = 9
bytes Sample = 10
Only used on failed tests

Used as response type in: rpcpb.SliverRPC.TrafficEncoderAdd

optional TrafficEncoder Encoder = 1
repeated TrafficEncoderTest Tests = 2
int64 TotalDuration = 3
int32 TotalTests = 4

UniqueWGIP - Unique wireguard IP

Used as response type in: rpcpb.SliverRPC.GenerateUniqueIP

string IP = 1

Used as response type in: rpcpb.SliverRPC.GetVersion

int32 Major = 1
int32 Minor = 2
int32 Patch = 3
string Commit = 4
bool Dirty = 5
int64 CompiledAt = 6
string OS = 7
string Arch = 8

Used as response type in: rpcpb.SliverRPC.GenerateWGClientConfig

string ServerPubKey = 1
string ClientPrivateKey = 2
string ClientPubKey = 3
string ClientIP = 4

Used as request type in: rpcpb.SliverRPC.StartWGListener

Used as field type in: ListenerJob

string Host = 6
uint32 Port = 1
string TunIP = 2
uint32 NPort = 3
uint32 KeyPort = 4

[ Websites ] ----------------------------------------

Used in: Website, WebsiteAddContent

string ID = 1
string WebsiteID = 2
string Path = 3
string ContentType = 4
uint64 Size = 5
bytes Content = 9

Used as request type in: rpcpb.SliverRPC.Website, rpcpb.SliverRPC.WebsiteRemove

Used as response type in: rpcpb.SliverRPC.Website, rpcpb.SliverRPC.WebsiteAddContent, rpcpb.SliverRPC.WebsiteRemoveContent, rpcpb.SliverRPC.WebsiteUpdateContent

Used as field type in: Websites

string ID = 1
string Name = 2
map<string, WebContent> Contents = 3

Used as request type in: rpcpb.SliverRPC.WebsiteAddContent, rpcpb.SliverRPC.WebsiteUpdateContent

string Name = 1
map<string, WebContent> Contents = 2

Used as request type in: rpcpb.SliverRPC.WebsiteRemoveContent

string Name = 1
repeated string Paths = 2

Used as response type in: rpcpb.SliverRPC.Websites

repeated Website Websites = 1