docker pull xrsec/cobaltstrike
或者:
docker pull centos:centos8
或者:
docker pull centos:centos7
以上都可以
root@fv-az641-50:/tmp# docker images |grep cobaltstrike
xrsec/cobaltstrike latest a53c57f6c4f8 8 months ago 1.46GB
root@fv-az641-50:/tmp# docker inspect -f {{.Config.Entrypoint}} a53c57f6c4f8
[]
root@fv-az641-50:/tmp#
启动docker镜像:
setsid docker run -it --name cs45 -e passwd="admin888" \
-e server_ip="127.7.7.2" -e server_port=43002 -e aliasname="Bing_Wallpaper" \
-e dname="CN=www.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US" \
-p 43002:43002 -p 40080:80 -p 43389:3389 -p2244:22 -v /sbin/busybox:/bin/busybox -v /sbin/busybox:/bin/netstat a53c57f6c4f8 &
此时xshell控制台可能被锁住,再另外开一个控制shell窗口,输入如下代码,get容器内部shell:
docker exec -it cs45 /bin/bash
执行如下命令,查看这个容器的版本:
root@fv-az212-964:/tmp# docker exec -it cs45 /bin/bash
[root@94294576a6e6 cobaltstrike]# grep NA /etc/os-release
NAME="CentOS Linux"
PRETTY_NAME="CentOS Linux 8"
CPE_NAME="cpe:/o:centos:centos:8"
[root@94294576a6e6 cobaltstrike]# uname -a
Linux 94294576a6e6 5.15.0-1031-azure #38~20.04.1-Ubuntu SMP Mon Jan 9 18:23:48 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[root@94294576a6e6 cobaltstrike]#
修改root密码:
echo root:123|chpasswd;
给容器安装rpm包:
yum install -y xorg-x11-xauth ;\
yum install -y xorg-x11-server-Xorg ;\
yum install -y xterm xinit;\
yum install -y xorgxrdp xclock;
yum install -y xorg-x11-utils xorg-x11-fonts-* ;\
yum install -y xorg-x11-server xorg-apps;
yum install -y epel-release ;yum install -y xorgxrdp;
busybox which Xorg xterm xclock xinit;
yum install -y xrdp;
修改配置文件以支持Xorg登录:
grep -C4 Xorg] /etc/xrdp/xrdp.ini;
yes|cp -rf /etc/xrdp/xrdp.ini /tmp/ct8_xrdp.ini;
sed -i "s/^#\?\(\[Xorg\]\)/\[Xorg\]\\nname=Xorg\\nlib=libxup.so\\nusername=ask\\npassword=ask\\nip=127.0.0.1\\nport=-1\\ncode=20/g" /tmp/ct8_xrdp.ini;
grep -A18 Xorg] /tmp/ct8_xrdp.ini;
yes|cp -rf /tmp/ct8_xrdp.ini /etc/xrdp/xrdp.ini;
grep -A18 Xorg] /etc/xrdp/xrdp.ini;
启动xrdp:
which xrdp xrdp-sesman xrdp-sessman;
setsid /usr/sbin/xrdp-sesman --nodaemon ;
setsid /usr/sbin/xrdp --nodaemon ;
远程桌面客户端 分辨率1024x768
发现远程桌面登录成功后,立即断开,执行如下命令就即可:
#echo "xterm -class UXTerm -title uxterm -u8;">>~/.xsession;
#echo "xterm -bg black -fg red -geometry 200x100+10+0;">>~/.xsession;
echo "xterm -bg grey -fg black -geometry 150x50+20+10 ;">~/.xsession;
chmod 777 ~/.xsession;
cat ~/.xsession;
# xmessage -center "OK8";
![](https://img-blog.csdnimg.cn/img_convert/e9556947b18ebe36d03bf7e8ffdb6096.png)
如下修改xterm样式:
cp /etc/X11/Xresources /etc/X11/Xresources.bak;
cat << EOF >/etc/X11/Xresources
xterm*ScrollBar: true
xterm.geometry: 60x25
xterm*VT100.geometry: 166x58
xterm*rightScrollBar: true
xterm*leftScrollBar: true
XTerm*jumpScroll: true
xterm*faceSize: 14
xterm*allowBoldFonts: true
xterm*foreground: green
xterm*background: rgb:60/20/10
XTerm*SaveLines: 4096
xterm*printAttributes:
xterm*printerCommand: cat > /tmp/xtermdump
*customization: -fullscreen
xterm*fullscreen: 2
EOF
或者另外一个配置文件也可以修改xterm样式:
mkdir -pv /etc/X11/app-defaults;
grep -v "^!" /usr/share/X11/app-defaults/XTerm >/etc/X11/app-defaults/XTerm;
#cat /etc/X11/app-defaults/XTerm;
cat << EOF >>/etc/X11/app-defaults/XTerm
xterm*ScrollBar: true
xterm.geometry: 60x25
xterm*VT100.geometry: 166x58
xterm*rightScrollBar: true
xterm*leftScrollBar: true
XTerm*jumpScroll: true
xterm*faceSize: 14
xterm*allowBoldFonts: true
xterm*foreground: green
xterm*background: rgb:60/20/10
XTerm*SaveLines: 4096
xterm*printAttributes:
xterm*printerCommand: cat > /tmp/xtermdump
*customization: -fullscreen
xterm*fullscreen: 2
EOF
cat<<EOF >/tmp/gg.sh
cd /cobaltstrike;
java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -javaagent:CSAgent.jar=f38eb3d1a335b252b58bc2acde81b542 -Duser.language=en -jar cobaltstrike.jar
EOF
sh /tmp/gg.sh
![](https://img-blog.csdnimg.cn/img_convert/6a953db739ae5f71148b9f62bb6bec28.png)
![](https://img-blog.csdnimg.cn/img_convert/fcc49aadfbde922589edd3c26c304a31.png)
2023-09-27 补充:
如果无中文支持,需要安装字体:
yum list | grep wqy-zenhei
yum install -y wqy-zenhei-fonts;
#wqy-zenhei-fonts.noarch 0.9.46-11.el7 base