SANS Slingshot C2 Matrix VM

Virtual Machine image to try some of the most popular command and control frameworks

The Slingshot CS Matrix Edition was made in collaboration with SANS, Ryan O'Grady, and Jorge Orchilles. The goal is to lower the learning curve of installing each C2 framework and getting you straight to testing which C2s work against your organization.

Slingshot C2 Matrix Edition is ideal for red team, blue team, and purple team functions. Slingshot C2 Matrix Edition brings the following C2s pre-installed: Covenant, Empire, Koadic, Metasploit, Merlin, Mythic, Posh, Shad0w, Silent Trinity, and Sliver

Slingshot - C2 Matrix Edition also includes a number of other tools that red teamers and penetration testers will find useful such as VECTR for tracking red and purple team exercises.

Getting Started

SANS Slingshot C2 Matrix Edition can be downloaded from here:

Ensure you have VMware Workstation, Player, or Fusion so that it can be imported. Double clicking the .ova and clicking import should do the trick:

The default network device is configured as NAT for your own safety and to start of with a basic lab.

Login with the user: slingshot and password: slingshot

Double click MATE Terminal to change your password with the passwd command:


What is the username and password of Slingshot?

Username: slingshot
Password: slingshot

Why is the image so big?

The various Command and Control frameworks bring a number of dependencies. As we wanted this to be a standalone image, we have pre-downloaded and installed them for you.

What is the SHA256 sum:

2020.4: e8f3aa841a5244c0419cab7006486be6bdd7c001282833e1fbd1e9698f80069e

2020.5: 9b01151590f85fe0a1aeeeefba7a83af817d16c9b9443a54409ea03c242f9b8d

2020.11: 6fdc0c064c97cb849a4312dc585e00a378ff190ed907d1c7de7ded59010567eb

2020.12: fe87c848769ab7c48ce3b65bd2a7a0083cf6f92581532d4bc173c218df93a7dd

2021.11: 16f5d121680e75eaccac04ed2bb3603ddcf788b24552c7b30210a93c0edd48e4

How do I set a static IP?

edit /etc/netplan/01-netcfg.yaml
vim /etc/netplan/01-netcfg.yaml
Set the DHCP option from true to false
addresses: [x.x.x.x/24]
save and exit
sudo netplan apply

Hosting a payload with apache2

You can start the apache2 service using the following command

sudo service apache2 start

Then move the files to the apache2 directory

sudo mv /home/slingshot/payload.exe /var/www/html/payload.exe

Visit the URL from a browser: http://slingshotip/payload.exe

Hosting a payload with python

Change directory to where the payload is located and then run python http server.

cd /home/slingshot/
python -m http.server 8000

The above command will server the folders and files in the slingshot home directory over port 8000. Visit the URL from a browser: http://slingshotip/payload.exe


To start VECTR:

sudo /opt/vectr/

Visit https://localhost:8081 and login with:

Username: admin
Password: 11_ThisIsTheFirstPassword_11

Last updated