cobaltstrike docker

截图

image-20210107002720284

image-20210107003005105

image-20210107003342603

image-20210107003306028

image-20210107003411305

拉取镜像

sudo docker pull registry.cn-hangzhou.aliyuncs.com/zygds/cobaltstrike:4.2

启动镜像

docker run -it -d \
	--name cobaltstrike \
	-p 50050:50050 \
	-p 50051-50055:50051-50055 \
	registry.cn-hangzhou.aliyuncs.com/zygds/cobaltstrike:4.2

进入终端

docker exec -it cobaltstrike /bin/bash
cd /root/CS/
rm cobaltstrike.store

重新生成证书

# 默认密码 LCYtmSqVmj4kJDa3aFQZ 注意有两个需要修改
# 其他数据看着改 
keytool -keystore ./cobaltstrike.store -storepass LCYtmSqVmj4kJDa3aFQZ -keypass LCYtmSqVmj4kJDa3aFQZ -genkey -keyalg RSA -alias BingWallPaper -dname "CN=Microsoft Bing, OU=UpdateTesting, O=BingUpdate, L=America, S=New York, C=Chinatown"

修改密码

# 重新开一个终端
# docker cp cobaltstrike 容器的 teamserver 到当前目录
docker cp cobaltstrike:/root/CS/teamserver .

需要修改这些

  • -storepass LCYtmSqVmj4kJDa3aFQZ
  • -keypass LCYtmSqVmj4kJDa3aFQZ
  • keyStorePassword=LCYtmSqVmj4kJDa3aFQZ
  • TeamServer 192.168.0.78 LCYtmSqVmj4kJDa3aFQZ
  • 其他的你们看着改,记得要和上面重新生成证书的地方一致
if [ -e ./cobaltstrike.store ]; then
	print_info "Will use existing X509 certificate and keystore (for SSL)"
else
	print_info "Generating X509 certificate and keystore (for SSL)"
	keytool -keystore ./cobaltstrike.store -storepass LCYtmSqVmj4kJDa3aFQZ -keypass LCYtmSqVmj4kJDa3aFQZ -genkey -keyalg RSA -alias BingWallPaper -dname "CN=Microsoft Bing, OU=UpdateTesting, O=BingUpdate, L=America, S=New York, C=Chinatown"
fi

# start the team server.
java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=50050 -Djavax.net.ssl.keyStore=./cobaltstrike.store -Djavax.net.ssl.keyStorePassword=LCYtmSqVmj4kJDa3aFQZ -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./cobaltstrike.jar server.TeamServer 192.168.0.78 LCYtmSqVmj4kJDa3aFQZ & $*

客户端

java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar

保存为 cobaltstrike.bat

  • Linux
java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar

保存为 cobaltstrike.sh
chmod 777 cobaltstrike

  • Mac
java -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar

保存为 cobaltstrike
chmod 777 cobaltstrike

插件推荐

  • Bypass
  • Taowu

注意事项

  1. 监听端口问题
    1. 如果是路由器转发端口 请 按照这种格式 443:xxx:443
    2. docker 容器 443 docker 主机 xxx 路由器 443
  2. 上线主机sleep设置为 0
  3. XXX