小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!
扫描关注小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!

微信扫一扫加我哦~

CobaltStrike-4.2操作使用文档PDF

小迪渗透吧-提供最专业的渗透测试培训,web安全培训,网络安全培训,代码审计培训,安全服务培训,CTF比赛培训,SRC平台挖掘培训,红蓝对抗培训!2020-12-20安全文档 142 0A+A-

image.png

Table of Contents

Table of Contents .................................................................................................................................. 2

1. Welcome to Cobalt Strike .............................................................................................................. 6

1.1 What is Cobalt Strike? ............................................................................................................................ 6

1.2 Installation and Updates ....................................................................................................................... 7

System Requirements ................................................................................................................................................... 7

Run the ‘update’ program ............................................................................................................................................ 7

1.3 The Team Server ...................................................................................................................................... 8

1.4 Cobalt Strike Client ................................................................................................................................. 9

1.5 Distributed and Team Operations ................................................................................................... 10

1.6 Scripting Cobalt Strike ......................................................................................................................... 11

2. User Interface ................................................................................................................................. 12

2.1 Overview ................................................................................................................................................... 12

2.2 Toolbar ...................................................................................................................................................... 12

2.3 Session and Target Visualizations ................................................................................................... 13

Targets Table ................................................................................................................................................................. 13

Sessions Table ............................................................................................................................................................... 14

Pivot Graph ..................................................................................................................................................................... 14

2.4 Tabs ............................................................................................................................................................ 16

2.5 Consoles .................................................................................................................................................... 16

2.6 Tables ........................................................................................................................................................ 17

3. Data Management .......................................................................................................................... 19

3.1 Overview ................................................................................................................................................... 19

3.2 Targets ...................................................................................................................................................... 19

3.3 Services ..................................................................................................................................................... 20

3.4 Credentials ............................................................................................................................................... 20

3.5 Maintenance ............................................................................................................................................ 20

4. Listener and Infrastructure Management ............................................................................. 21

4.1 Overview ................................................................................................................................................... 21

4.2 Listener Management .......................................................................................................................... 21

4.3 Cobalt Strike’s Beacon Payload ......................................................................................................... 21

4.4 Payload Staging ...................................................................................................................................... 22

4.5 HTTP Beacon and HTTPS Beacon ..................................................................................................... 22

Manual HTTP Proxy Configuration ...................................................................................................................... 24

Redirectors ...................................................................................................................................................................... 24

4.6 DNS Beacon .............................................................................................................................................. 25

Data Channels ................................................................................................................................................................ 25

Listener Setup ................................................................................................................................................................ 26

4.7 SMB Beacon ............................................................................................................................................. 27

Linking and Unlinking ................................................................................................................................................ 27

4.8 TCP Beacon .............................................................................................................................................. 28

Connecting and Unlinking ........................................................................................................................................ 29

4.9 External C2 ............................................................................................................................................... 29

4.10 Foreign Listeners ................................................................................................................................ 30

4.11 Infrastructure Consolidation .......................................................................................................... 30

4.12 Payload Security Features ................................................................................................................ 31

www.CobaltStrike.com

3

5. Getting a Foothold ......................................................................................................................... 32

5.1 Client-side System Profiler ................................................................................................................. 32

5.2 Cobalt Strike Web Services ................................................................................................................. 32

5.3 User-driven Attack Packages ............................................................................................................. 32

HTML Application ........................................................................................................................................................ 33

MS Office Macro ............................................................................................................................................................ 33

Payload Generator ....................................................................................................................................................... 33

Windows Executable .................................................................................................................................................. 33

Windows Executable (S) ........................................................................................................................................... 33

5.4 Hosting Files ............................................................................................................................................ 34

5.5 User-driven Web Drive-by Attacks .................................................................................................. 34

Java Signed Applet Attack ......................................................................................................................................... 34

Java Smart Applet Attack .......................................................................................................................................... 34

Scripted Web Delivery (S) ........................................................................................................................................ 34

5.6 Client-side Exploits ............................................................................................................................... 35

5.7 Clone a Site ............................................................................................................................................... 35

5.8 Spear Phishing ........................................................................................................................................ 36

Targets .............................................................................................................................................................................. 36

Templates ........................................................................................................................................................................ 36

Sending Messages ........................................................................................................................................................ 37

6. Payload Artifacts and Anti-virus Evasion .............................................................................. 39

6.1 Philosophy ............................................................................................................................................... 39

6.2 The Artifact Kit ....................................................................................................................................... 39

The Theory of the Artifact Kit ................................................................................................................................. 39

Where Artifact Kit Fails ............................................................................................................................................. 40

How to use the Artifact Kit ....................................................................................................................................... 40

6.3 The Veil Evasion Framework ............................................................................................................. 41

6.4 Java Applet Attacks ............................................................................................................................... 41

6.5 The Resource Kit .................................................................................................................................... 42

7. Post Exploitation ............................................................................................................................ 43

7.1 The Beacon Console .............................................................................................................................. 43

7.2 The Beacon Menu .................................................................................................................................. 43

7.3 Asynchronous and Interactive Operations ................................................................................... 44

7.4 Running Commands .............................................................................................................................. 44

7.5 Session Passing ....................................................................................................................................... 45

7.6 Alternate Parent Processes ................................................................................................................ 46

7.7 Spoof Process Arguments ................................................................................................................... 46

7.8 Blocking DLLs in Child Processes ..................................................................................................... 47

7.9 Upload and Download Files ................................................................................................................ 47

7.10 File Browser .......................................................................................................................................... 47

7.11 File System Commands ...................................................................................................................... 48

7.12 The Windows Registry ...................................................................................................................... 48

7.13 Keystrokes and Screenshots ........................................................................................................... 49

7.14 Post-Exploitation Jobs ....................................................................................................................... 49

7.15 The Process Browser ......................................................................................................................... 49

7.16 Desktop Control ................................................................................................................................... 50

7.17 Privilege Escalation ............................................................................................................................ 52

Elevate with an Exploit .............................................................................................................................................. 52

Elevate with Known Credentials ........................................................................................................................... 53

www.cobaltstrike.com

4

Get SYSTEM ..................................................................................................................................................................... 53

UAC Bypass ..................................................................................................................................................................... 53

Privileges ......................................................................................................................................................................... 54

7.18 Mimikatz ................................................................................................................................................ 54

7.19 Credential and Hash Harvesting .................................................................................................... 54

7.20 Port Scanning ....................................................................................................................................... 54

7.21 Network and Host Enumeration .................................................................................................... 55

7.22 Trust Relationships ............................................................................................................................ 55

Kerberos Tickets ........................................................................................................................................................... 55

7.23 Lateral Movement ............................................................................................................................... 56

7.24 Lateral Movement GUI ....................................................................................................................... 57

8. Browser Pivoting ........................................................................................................................... 58

8.1 Overview ................................................................................................................................................... 58

8.2 Setup .......................................................................................................................................................... 59

8.3 Use .............................................................................................................................................................. 60

8.4 How it Works ........................................................................................................................................... 60

9. Pivoting ............................................................................................................................................. 61

9.1 What is Pivoting ..................................................................................................................................... 61

9.2 SOCKS Proxy ............................................................................................................................................ 61

Proxychains .................................................................................................................................................................... 61

Metasploit ........................................................................................................................................................................ 61

9.3 Reverse Port Forward .......................................................................................................................... 62

9.4 Spawn and Tunnel ................................................................................................................................. 62

Agent Deployed: Interoperability with Core Impact .................................................................................... 62

9.5 Pivot Listeners ........................................................................................................................................ 63

9.6 Covert VPN ............................................................................................................................................... 64

10. SSH Sessions .................................................................................................................................. 66

10.1 The SSH Client ...................................................................................................................................... 66

10.2 Running Commands ........................................................................................................................... 66

10.3 Upload and Download Files ............................................................................................................. 66

10.4 Peer-to-peer C2 .................................................................................................................................... 66

10.5 SOCKS Pivoting and Reverse Port Forwards .............................................................................. 67

11. Malleable Command and Control .......................................................................................... 68

11.1 Overview ................................................................................................................................................ 68

11.2 Checking for Errors ............................................................................................................................ 68

11.3 Profile Language .................................................................................................................................. 68

Data Transform Language ........................................................................................................................................ 70

Strings ............................................................................................................................................................................... 71

Headers and Parameters ........................................................................................................................................... 71

Options .............................................................................................................................................................................. 72

11.4 HTTP Staging ........................................................................................................................................ 74

11.5 A Beacon HTTP Transaction Walk-through ............................................................................... 74

11.6 HTTP Server Configuration ............................................................................................................. 76

11.7 Self-signed SSL Certificates with SSL Beacon ............................................................................. 76

11.8 Valid SSL Certificates with SSL Beacon ........................................................................................ 77

11.9 Profile Variants .................................................................................................................................... 78

11.10 Code Signing Certificate .................................................................................................................. 78

11.11 Which is more dangerous, Malleable C2 or a swimming pool? ......................................... 79

www.cobaltstrike.com

5

12. Malleable PE, Process Injection, and Post Exploitation ................................................. 80

12.1 Overview ................................................................................................................................................ 80

12.2 PE and Memory Indicators ............................................................................................................... 80

Cloning PE Headers ..................................................................................................................................................... 81

In-memory Evasion and Obfuscation .................................................................................................................. 82

12.3 Process Injection ................................................................................................................................. 83

12.4 Post Exploitation Jobs ........................................................................................................................ 85

13. Reporting and Logging .............................................................................................................. 87

13.1 Logging .................................................................................................................................................... 87

13.2 Reports ................................................................................................................................................... 87

Activity Report .............................................................................................................................................................. 88

Hosts Report ................................................................................................................................................................... 88

Indicators of Compromise ........................................................................................................................................ 89

Sessions Report ............................................................................................................................................................. 90

Social Engineering ....................................................................................................................................................... 90

Tactics, Techniques, and Procedures .................................................................................................................. 90

13.3 Custom Logo in Reports .................................................................................................................... 91

13.4 Custom Reports ................................................................................................................................... 91

Appendix A. Keyboard Shortcuts .................................................................................................. 92



CobaltStrike-4.2操作使用文档PDF

链接:https://pan.baidu.com/s/1wzRBwAZy58wYz1mVtOI_1g

提取码:xiao 

复制这段内容后打开百度网盘手机App,操作更方便哦--来自百度网盘超级会员V3的分享


文章关键词
内网
笔记
手册
红蓝对抗
安全工具
发表评论