cobaltstrike docker
截图





拉取镜像
sudo docker pull registry.cn-hangzhou.aliyuncs.com/zygds/cobaltstrike:4.2
|
启动镜像
docker run -it -d \ --name cobaltstrike \ -p 50050:50050 \ -p 50051-50055:50051-50055 \ registry.cn-hangzhou.aliyuncs.com/zygds/cobaltstrike:4.2
|
进入终端
docker exec -it cobaltstrike /bin/bash cd /root/CS/ rm cobaltstrike.store
|
重新生成证书
# 默认密码 LCYtmSqVmj4kJDa3aFQZ 注意有两个需要修改 # 其他数据看着改 keytool -keystore ./cobaltstrike.store -storepass LCYtmSqVmj4kJDa3aFQZ -keypass LCYtmSqVmj4kJDa3aFQZ -genkey -keyalg RSA -alias BingWallPaper -dname "CN=Microsoft Bing, OU=UpdateTesting, O=BingUpdate, L=America, S=New York, C=Chinatown"
|
修改密码
# 重新开一个终端 # docker cp cobaltstrike 容器的 teamserver 到当前目录 docker cp cobaltstrike:/root/CS/teamserver .
|
需要修改这些
-storepass LCYtmSqVmj4kJDa3aFQZ
-keypass LCYtmSqVmj4kJDa3aFQZ
keyStorePassword=LCYtmSqVmj4kJDa3aFQZ
TeamServer 192.168.0.78 LCYtmSqVmj4kJDa3aFQZ
- 其他的你们看着改,记得要和上面重新生成证书的地方一致
if [ -e ./cobaltstrike.store ]; then print_info "Will use existing X509 certificate and keystore (for SSL)" else print_info "Generating X509 certificate and keystore (for SSL)" keytool -keystore ./cobaltstrike.store -storepass LCYtmSqVmj4kJDa3aFQZ -keypass LCYtmSqVmj4kJDa3aFQZ -genkey -keyalg RSA -alias BingWallPaper -dname "CN=Microsoft Bing, OU=UpdateTesting, O=BingUpdate, L=America, S=New York, C=Chinatown" fi
# start the team server. java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=50050 -Djavax.net.ssl.keyStore=./cobaltstrike.store -Djavax.net.ssl.keyStorePassword=LCYtmSqVmj4kJDa3aFQZ -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./cobaltstrike.jar server.TeamServer 192.168.0.78 LCYtmSqVmj4kJDa3aFQZ & $*
|
客户端
软件包 有无后门,请君自测
汉化包 密码: gnbf
Windows
java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar
|
保存为 cobaltstrike.bat
java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar
|
保存为 cobaltstrike.sh
chmod 777 cobaltstrike
java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar
|
保存为 cobaltstrike
chmod 777 cobaltstrike
插件推荐
注意事项
- 监听端口问题
- 如果是路由器转发端口 请 按照这种格式 443:xxx:443
- docker 容器 443 docker 主机 xxx 路由器 443
- 上线主机sleep设置为 0
- XXX