Silent Trinity is a command and control tool dedicated to hacking into Microsoft Windows systems. The primary function is to remotely control Windows in order to simulate attack scenarios. Silent Trinity can be used for penetration testing, network connection, and vulnerability testing, and would be extremely useful for red/blue team exercises.
Silent Trinity was developed by byt3bl33d3r using a variety of platforms, including Python, Iron Python, C# and the .NET framework. Since it is a Windows-targeting tool, C# seems to be the most obvious platform choice (as it has direct access). The .NET framework leverages PowerShell. This tool also supports C2 server over HTTP 1.1.
Silent Trinity is an amazing post-exploitation tool for windows. As I explored its capabilities, I rapidly became impressed by it. When we look out at what is available, there are currently many post-exploitation modules being offered via a variety of different open-source tools. So why would we need another one? Let’s look at some of the reasons.
First and foremost, the tool is very popular with security professionals and is used extensively by red team engineers. Secondly, the tool is very good at avoiding many security programs and antivirus agents. And finally, it never hurts to have a very useful tool in your hanging on your Bat Belt.
You can technically install this tool on Windows, macOS X, Linux, or anything that is capable of running Python 3.7. For the purposes of this article, we will concentrate on running this tool on Kali Linux.
We want to make sure we have Python 3.7 or later installed. The way you can check this is by issuing the command:
(that is a dash-dash before version)
The picture below shows us checking the versions of Python we have installed:
Making Life Easier by Installing Impacket
The first thing we will do is install Impacket. Our main reason for doing this is because it allows us to easily set up network shares, which enables connection to our Kali Linux systems. Attackers use this method to transfer malicious files, but we can also use this to transfer files to other systems that we created from our Kali system.
Impacket is a collection of Python classes for working with network protocols. It provides low-level programmatic access to the packets, and for some protocols (e.g. SMB1-3 and MSRPC) to the protocol implementation itself. Packets can be constructed from scratch, as well as parsed from raw data. The object-oriented API makes it simple to work with deep hierarchies of protocols. The library provides a set of tools as examples of what can be done within the context of this library.
A description of some of the tools can be found at:
We will go ahead and install Impacket in our /opt directory in Kali. First, let’s make sure we have Python3 PIP installed with the command:
apt install python3 python3-pip
PLEASE NOTE: in Kali you normally log in as root. Since I am not logged into root I must have a sudo command before all my commands. You only need to do this if you are not logged in as root. However, even if you are logged in as root, the sudo command (which is absolutely not needed) won’t do any harm.
Next, we will type in the following commands:
sudo git clone https://github.com/SecureAuthCorp/impacket.git
sudo pip3 install -r requirements.txt
sudo python3 setup.py install
Below is the result of these command inputs:
Next, you will need to figure out where we want to install Silent Trinity. I created a folder under /root called /Apps. It is my preferred place to keep the tools I download and regularly use. It is entirely up to you where you want to install Silent Trinity.
Next, I run the following commands:
git clone https://github.com/byt3bl33d3r/SILENTTRINITY
python3 -m pip install -r requirements.txt
Now it is time to play with Silent Trinity
Silent Trinity Setup
Now you are ready to explore Silent Trinity. You have to run it as a server application, which allows it to run the necessary processes and databases. You then have to interact with the server using a client program. Even if you are simulating an attacker you will need to run this in a server/client model.
The command for basic usage of the application is:
sudo python3 st.py [-h] [-v] (client|teamserver) [<args>...]
Teamserver is the server application you need to run. To do so, you need to specify the IP address of your system that it will listen on, the port it will use for listening, and a password. Here is my example command I used:
sudo python3 st.py teamserver --port 1234 172.31.25.3 HungryMan123
(sorry, I was literally warming up a Hungry Man TV dinner as I wrote this).
Now that I have the server ready, I am going to start the client and connect to the server. Remember that I am using the Kali system. You can open up another terminal window or tab because you will need to leave the server running on the current tab. If you are using a remote Kali system, consider using the screen command (which is what I preferred). I essentially connected to my server via SSH, started a screen session for the server, detached from the screen session, and started another screen session my client.
We will now connect to the client using this command:
python3 st.py client wss://username:HungryMan123@172.31.25.3:1234
If you click on help you will see the Silent Trinity main menu:
We are going to select teamservers (we want to make sure our client is attached to our server).
When we are in the teamservers menu we can type list to see if we are connected to our server.
Congratulations! You are done setting up Silent Trinity.
In the next installment of this series, you will set up the listener. If you have used a tool like Empire, then you already understand the concept. Essentially a listener is what the command and control server listens for, which is the victim system.
If you are somewhat new to this do not worry. You have made it through the hardest part of setting up Silent Trinity.
Until then – stay hungry for knowledge!