Brief introduction
Cobalt Strike is an artifact of the American Red Team development, the industry is often called CS. With Metasploit Framework-based GUI tool that integrates port forwarding, service scanning, automatic overflow, multi-mode port monitor, exe, powershell Trojans generation.
Cobalt Strike mainly used for fighting as a team, the team can be described as an essential artifact that allows multiple simultaneous connections to the tester server groups, share information and test resources and target sessions.
Cobalt Strike APT as a collaborative tool for penetration testing and network control terminal functions as apt to make it become the first choice of many APT organization.
Features
Chat
This feature provides functionality similar to a chat room, you can group chat, like bullsh * t like, you can also chat @ someone were to develop, facilitate team communication during combat
command as follows
/msg 用户名 你想说的话
effect:
Listeners
Is the concept of a listener, you can choose the icon to open the headset can also be set to open by cobalt strike-Listeners
location address settings in the main to set the listener, and the listener port
because the trigger process similar to this
rough understanding is similar the story of the Trojan horse, but here is the Trojan horse computer, we set him back even address and port of the Trojans, when the Trojan is triggered, it sends a request from the victim inside, because we opened a listener on vps, this time will receive a connection request, knew that the victim had fallen, it will be able to successfully establish a connection, this time the victim host it on the line.
So the next to be mentioned is our Trojan
payload
translation payload is the payload, anyway rough understood as a package, this package is that we put inside of malicious programs on the line. cs generated place Attacks-Packages.
There are a lot of options to get webshell for general, individuals like to use Powershell Command, probably do not mind sometimes able to avoid some of the kill soft look. Select powershell command set in the Payload Generator. And then set about the payload corresponding Listener on the line, after all, to connect back to the server is not.
If this time to find ways to execute powershell command generated on the victim's computer or execute Trojan generator, the other hosts will be on-line friends!