Comment on page
SANS Slingshot C2 Matrix VM
Virtual Machine image to try some of the most popular command and control frameworks
The Slingshot CS Matrix Edition was made in collaboration with SANS, Ryan O'Grady, and Jorge Orchilles. The goal is to lower the learning curve of installing each C2 framework and getting you straight to testing which C2s work against your organization.
Slingshot C2 Matrix Edition is ideal for red team, blue team, and purple team functions. Slingshot C2 Matrix Edition brings the following C2s pre-installed: Covenant, Empire, Koadic, Metasploit, Merlin, Mythic, Posh, Shad0w, Silent Trinity, and Sliver
Slingshot - C2 Matrix Edition also includes a number of other tools that red teamers and penetration testers will find useful such as VECTR for tracking red and purple team exercises.
Ensure you have VMware Workstation, Player, or Fusion so that it can be imported. Double clicking the .ova and clicking import should do the trick:
Import the OVA
Login with the user: slingshot and password: slingshot
Double click MATE Terminal to change your password with the passwd command:
What is the username and password of Slingshot?
Why is the image so big?
The various Command and Control frameworks bring a number of dependencies. As we wanted this to be a standalone image, we have pre-downloaded and installed them for you.
What is the SHA256 sum:
How do I set a static IP?
Set the DHCP option from true to false
save and exit
sudo netplan apply
Hosting a payload with apache2
You can start the apache2 service using the following command
sudo service apache2 start
Then move the files to the apache2 directory
sudo mv /home/slingshot/payload.exe /var/www/html/payload.exe
Visit the URL from a browser: http://slingshotip/payload.exe
Hosting a payload with python
Change directory to where the payload is located and then run python http server.
python -m http.server 8000
The above command will server the folders and files in the slingshot home directory over port 8000. Visit the URL from a browser: http://slingshotip/payload.exe
To start VECTR:
Visit https://localhost:8081 and login with: