Through detailed explanation CobaltStrike Tools , A deeper grasp of CobaltStrike usage ; The content of the text is compiled by personal understanding , If there is any mistake , Bosses do not spray , Personal skills are not good ; Any technique mentioned in this article comes from range practice , For reference only , Do not use the related technology in the article to engage in illegal testing , If all the adverse consequences caused by this have nothing to do with the author of the article .

CobaltStrike Build an intranet tunnel

Establish intranet tunnel network card

When we need to access the internal network on the attacker , Not established in sockes5 Under the circumstances , You can also build intranet tunnels ：

covertvpn phear6 10.10.10.145  # Establish intranet tunnel network card  

When it's done , Can be in Cobalt Strike Check the network card in the menu , After use, there will be traffic at this location ：

Create a virtual network card

Then we need to establish a virtual network card in the attacker ：

ifconfig phear6 10.10.10.0/24 # establish phear6 network card 

Access internal network

In this way, we can directly access the internal network through the attacker 10.10.10.138 Or our domain controller IP10.10.10.142：
It can also be used nmap To scan their 445 port , This ratio socks More convenient and faster .

And it can be seen from the figure that the flow is from CS go ：