当前位置:网站首页>CS passed (cdn+ certificate) PowerShell online detailed version
CS passed (cdn+ certificate) PowerShell online detailed version
2022-07-06 06:32:00 【zxl2605】
0x00 brief introduction
This should be called domain pre Technology :
Approximate illustration :
- Attack traffic passed CDN Nodes forward traffic to real C2 The server
- CDN node ip By identifying the requested Host Head for flow rotation
- It can effectively avoid some safety equipment , It also has certain anti traceability function , Because the traffic has gone CDN On
I read some articles before , But the boss didn't write in some places because he thought it was simple and willing , I wrote some when I built it myself , It's a note of mine , I feel more detailed , More suitable for beginners .
0x01 Resources required
- cobaltstrike 4.0
- VPS(cs The server )
- domain name
- CDN
- Foreign agent
0x02 Domain name free application
To apply for the address :https://www.freenom.com/
The key is free and without filing
Choose to apply for a free domain name
Be careful :
To hang up an agent , Then set the address of the personal information to the address of the agent , It's impossible to apply unsuccessfully
0x03 free CDN Get ready
To apply for the address :https://dash.cloudflare.com/
Register and login settings by yourself CDN
0x04 Domain name and CDN Linkage setting
land CDN, Add the site as the domain name you just applied for
add to A Record , Point to VPS Of IP Address
type name Content TTL Agent status
A test 10.1.1.111(VPS Address ) Automatically Has represented
Then this address is test.xxxxx.tk
- 1
- 2
- 3
- 4
remember Cloudflare Name server , This is to be set to the domain name !
Find your own domain name —— Manage domain names ——nameservers
Choose to use your own domain name resolution :Use custom nameservers (enter below)
Nameserver 1、2 All written CDN Address provided
In order to respond to our commands in real time : We need to modify the caching rules :
Make sure these two items are on
0x05 C2 Certificate configuration
First select the certificate mode : Completely
Download the certificate
The generation was saved successfully , What I keep is com.pem,com.key
stay VPS Generate on CS Available profiles
Use the following command to regenerate cobalstrike.store:
openssl pkcs12 -export -in server.pem -inkey server.key -out spoofdomain.p12 -name domain name -passout pass: password
Example :
openssl pkcs12 -export -in com.pem -inkey com.key -out spoofdomain.p12 -name test.xxxxx.tk -passout pass:zzz123456
- 1
- 2
- 3
- 4
Use the following command to create a certificate :
keytool -importkeystore -deststorepass password -destkeypass password -destkeystore new.store -srckeystore spoofdomain.p12 -srcstoretype PKCS12 -srcstorepass password -alias domain name
Example
keytool -importkeystore -deststorepass zzz123456 -destkeypass zzz123456 -destkeystore new.store -srckeystore spoofdomain.p12 -srcstoretype PKCS12 -srcstorepass zzz123456 -alias test.xxxxx.tk
- 1
- 2
- 3
- 4
The resulting new.store file ,( by cobalstrike.store substitute )
0x06 C2.profile To configure
Use the following items directly :
https://github.com/FortyNorthSecurity/C2concealer
- 1
Usage method :
Installation command :
chmod u+x install.sh
./install.sh
Use command :
C2concealer --variant 1 --hostname test.domain.tk
- 1
- 2
- 3
- 4
- 5
Choose here 3
Because of what we use CDN Certificate given , Then input /home/cs/new.store, This is just generated new.store The absolute path to .
Random names will eventually be generated profile
Successfully generated
Finally, let's talk about the generated random number .profile, Copied to the cs Under the table of contents .
0x07 start-up C2
use c2lint Check , The following is through :
./c2lint ca730a6d.profile
- 1
After the check is successful , modify teamserver To configure
vim teamserver
- 1
Modify the contents of the last line
javax.net.ssl.keyStore=./new.store ( Certificate generated new.store File address ) -Djavax.net.ssl.keyStorePassword=zzz123456( The password of the above certificate )
- 1
start-up C2
./teamserver 192.168.1.1 password123456 ./C2.profile
- 1
0x08 To configure CS
Configure a listener
To configure a powershell go online , Be careful to check SSL
0x09 Successful launch
Successful launch
0x10 summary
This construction is based on free websites , But in practice, I found , This CDN Or sometimes it's not very stable , If you have conditions, you can change to a good one , But be careful to turn off the cache .
边栏推荐
- A 27-year-old without a diploma, wants to work hard on self-study programming, and has the opportunity to become a programmer?
- Selenium source code read through · 9 | desiredcapabilities class analysis
- 国产游戏国际化离不开专业的翻译公司
- 如何将flv文件转为mp4文件?一个简单的解决办法
- LeetCode 732. My schedule III
- LeetCode 729. My schedule I
- Summary of the post of "Web Test Engineer"
- 如何做好互联网金融的英语翻译
- [Tera term] black cat takes you to learn TTL script -- serial port automation skill in embedded development
- org.activiti.bpmn.exceptions.XMLException: cvc-complex-type.2.4.a: 发现了以元素 ‘outgoing‘ 开头的无效内容
猜你喜欢
端午节快乐Wish Dragon Boat Festival is happy
Avtiviti创建表时报错:Error getting a new connection. Cause: org.apache.commons.dbcp.SQLNestedException
Luogu p2089 roast chicken
Lecture 8: 1602 LCD (Guo Tianxiang)
Postman core function analysis - parameterization and test report
SourceInsight Chinese garbled
org.activiti.bpmn.exceptions.XMLException: cvc-complex-type.2.4.a: 发现了以元素 ‘outgoing‘ 开头的无效内容
字幕翻译中翻英一分钟多少钱?
云服务器 AccessKey 密钥泄露利用
专业论文翻译,英文摘要如何写比较好
随机推荐
Technology sharing | common interface protocol analysis
生物医学本地化翻译服务
Apple has open source, but what about it?
MySQL5.72.msi安装失败
keil MDK中删除添加到watch1中的变量
模拟卷Leetcode【普通】1143. 最长公共子序列
Simulation volume leetcode [general] 1296 Divide an array into a set of consecutive numbers
How to translate biomedical instructions in English
模拟卷Leetcode【普通】1447. 最简分数
Financial German translation, a professional translation company in Beijing
Simulation volume leetcode [general] 1143 Longest common subsequence
模拟卷Leetcode【普通】1414. 和为 K 的最少斐波那契数字数目
sourceInsight中文乱码
MySQL5.72. MSI installation failed
Left matching principle of joint index
LeetCode 739. Daily temperature
Wish Dragon Boat Festival is happy
在JEECG-boot代码生成的基础上修改list页面(结合自定义的组件)
LeetCode 729. My schedule I
Simulation volume leetcode [general] 1447 Simplest fraction