GithubHelp home page GithubHelp logo

anthrax3 / sharpeningcobaltstrike Goto Github PK

View Code? Open in Web Editor NEW

This project forked from khr0x40sh/sharpeningcobaltstrike

0.0 0.0 0.0 8.21 MB

in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use

C# 99.79% Shell 0.21%

sharpeningcobaltstrike's Introduction

SharpeningCobaltStrike

In realtime compiling of dotnet v35/v40 exe/dll binaries + obfuscation with ConfuserEx on your linux cobalt strike server. beaconmenu

When you specify a .cs file to compile and execute on a beacon, the compiler will automaticly search for all .cs dependencies in that source directory and sub directories and compile against them so there is no need for merging everything into 1 .cs file, remember this so you dont put multiple project in the same directory because it will create conflicts. By default, all the .dll files under Compiler/References/net*/ will be loaded as a References to each compiled project. If you want better opsec and load just the necessary .dll files as References you can do that by dropping a file called Refs in the source directory of the project you are compiling and it will import just those .dll names instead of everything. Refs Example

root@kali:/# cat Rubeus-master/Rubeus/Refs 

System.DirectoryServices.dll
System.DirectoryServices.AccountManagement.dll
System.dll
mscorlib.dll
System.Core.dll
System.IdentityModel.dll
#ItWillIgnoreLinesStartingWith#.dll

The compiler can be used outside of Cobalt Strike and it might be a good idea to do that for new projects just to verify that there are no missing References, if there are References missing just drop them to Compiler/References/net*/

root@kali:/Compiler# dotnet build -c Release ; dotnet bin/Release/netcoreapp2.1/Compiler.dll -s /Rubeus-master/Rubeus/Program.cs -f /tmp/rub.exe
Microsoft (R) Build Engine version 16.2.37902+b5aaefc9f for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

  Restore completed in 60.77 ms for /opt/C2/Cobaltstrike/scripts/SharpCobaltStrike/Compiler/Compiler.csproj.
  Compiler -> /opt/C2/Cobaltstrike/scripts/SharpCobaltStrike/Compiler/bin/Release/netcoreapp2.1/Compiler.dll

Build succeeded.
    0 Warning(s)
    0 Error(s)

Time Elapsed 00:00:01.48
[*]Compiling..
Source Dir    :  ../Rubeus-master/Rubeus
Source File   :  ../Rubeus-master/Rubeus/Program.cs
Output Kind   :  ConsoleApplication
.Net Version  :  Net40
Platform      :  AnyCpu
References    :  /Compiler/References/net40/System.IdentityModel.dll, /Compiler/References/net40/System.Core.dll, /Compiler/References/net40/System.Management.dll, /Compiler/References/net40/System.dll, /Compiler/References/net40/System.DirectoryServices.AccountManagement.dll, /Compiler/References/net40/System.Management.Automation.dll, /Compiler/References/net40/mscorlib.dll, /Compiler/References/net40/System.DirectoryServices.dll
Optimize      :  False
Confuse       :  False
UnsafeCompile :  False

Another use case is that we can use this to compile .Net loaders to inject beacon shellcode into processes attackmenu

This project uses a modified version of SharpGen to compile .cs source files and obfuscate them with ConfuserEx. All creds to @cobbr for making the compiler, more detials on it here

The APC shellcode loader is taken from https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop

To use this you first need to install dotnet core sdk

wget https://packages.microsoft.com/config/ubuntu/19.10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install dotnet-sdk-2.1

sharpeningcobaltstrike's People

Contributors

cube0x0 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.