IntelliJ-IDEA modifies CobaltStrike
Disclaimer: Please do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article will be the responsibility of the user himself. All consequences incurred Adverse consequences have nothing to do with the author of the article. This article is for educational purposes only.
Record a convenient little trick to modify cobaltstrike. No need to use other decompilation tools. Double-click to automatically decompile.
Preliminary preparation
1. IDEA tool (you can download it directly from the official website and then purchase the activation code for 2 yuan on a certain treasure. There is no need for tedious cracking, and you won’t need it until 2099)
2. cobaltstrike .jar package
1. Create a new project
Enter the IDEA interface and create a project
If you are not good at English, you can download the Chinese plug-in
Then click on the plug-in and search for chinese
Just install and restart
2. Create a lib directory
Right click and create a lib directory
Click Create
Copy the cobaltstrike.jar package into the lib folder you just created
Then select project settings and add the dependency of cobaltstrike.jar in Modules.
In the created lib directory, double-click the file you want to change. After double-clicking, it will be decompiled directly. However, the current status cannot be modified, it is only a read-only status.
3. Refactor the code
To modify the file, the next thing to do is to directly copy it with ctrl +A ctrl+c, and then create a new java class in the source code. Note that the name must be consistent. Note that if this file is unique, create it directly. If multiple files with the same name are in different directories, the directory structure needs to be the same.
Copy a piece of code
Create a new Java class
Make all your edits here
Use build to compile
and then set it in the artifacts option of project settings. You need to set it for the first time. If you modify the file in the same directory later, it is not needed
After modification, directly select build artifacts in build
4. Operation effect
Then run it directly and you can see the effect of the modification.
