记录MacOs下的Cobaltstrike安装,其中会包含一些windows的内容。

    JAVA环境:Java SE 8 (8u202 and earlier)image.png

    服务启动与客户端开启命令:

    1. Server Start:
    2. sudo ./teamserver 35.220.204.121  AcD990
    4. Windows Start
    5. java  -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar
    7. MacOs:
    8. cd /Users/tangsan/tools/cobaltstrike4.3 && java -Xdock:icon=cobaltstrike.icns -Dfile.encoding=UTF-8 -javaagent:CobaltStrikeCN.jar -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -jar cobaltstrike.jar

    MacOS下将命令设置为图标:

    1. 打开自动操作

    image.png

    1. 运行Shell脚本

    image.png

    1. command + s 保存

    image.png

    1. 在应用程序中右键显示简介,把图标拖过去,安装就完成了。

    image.png

    Windows下启动teamserver方法,把下面代码放入bat文件中:

    1. @echo off   
    2. :check_java
    3.     java -version >nul 2>&1
    4.     if %errorLevel% == 0 (
    5.         goto:check_permissions
    6.     ) else (
    7.         echo [-] is Java installed?
    8.         goto:eof
    9.     )
    11. :check_permissions
    12.     echo [+] Administrative permissions required. Detecting permissions...
    13.     set TempFile_Name=%SystemRoot%\System32\BatTestUACin_SysRt%Random%.batemp
    14.     (echo "BAT Test UAC in Temp" >%TempFile_Name% ) 1>nul 2>nul
    15.     if exist %TempFile_Name% (
    16.         echo [+] Success: Administrative permissions confirmed.
    17.     del %TempFile_Name% 1>nul 2>nul
    18.         goto:check_certificate
    19.     ) else (
    20.         echo [-] Failure: Current permissions inadequate.
    21.         goto:eof
    22.     )
    24. :check_certificate
    25.     set certificate=".\cobaltstrike.store"
    26.     if exist %certificate% (
    27.         goto:test_arguments
    28.     ) else (
    29.         echo [!] Please generate the cobaltstrike.store !
    30.         echo [!] Example: keytool -keystore ./cobaltstrike.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias cobaltstrike -dname "CN=Major Cobalt Strike, OU=AdvancedPenTesting, O=cobaltstrike, L=Somewhere, S=Cyberspace, C=Earth"
    31.         goto:eof
    32.     )
    34. :test_arguments
    35.     set argC=0
    36.     for %%x in (%*) do Set /A argC+=1
    37.     if %argC% LSS 2 (
    38.         echo [-] teamserver ^<host^> ^<password^> [/path/to/c2.profile] [YYYY-MM-DD]
    39.         echo     ^<host^> is the default IP address of this Cobalt Strike team server
    40.         echo     ^<password^> is the shared password to connect to this server
    41.         echo     [/path/to/c2.profile] is your Malleable C2 profile
    42.         echo     [YYYY-MM-DD] is a kill date for Beacon payloads run from this server
    43.         goto:eof
    44.     ) else (
    45.         goto:run_cobal
    46.     )
    47. :run_cobal
    48.     java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=50050 -Djavax.net.ssl.keyStore=./cobaltstrike.store -Djavax.net.ssl.keyStorePassword=123456 -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./cobaltstrike.jar server.TeamServer %*