猫猫Cs:基于Cobalt Strike[4.5]二开 (原dogcs二开移植)
这是一个学习安全的菜鸡脚本小子.欢迎多多交流学习.
✨ Golang.
📚 Game....
🎯 Vme50...
🎲 Sleep...
And 巴拉巴拉一堆.
WeChat: WebDemoSec
Email: [email protected]
Blog: https://www.nctry.com
在某项目里面发现http的马有时候会造成cs界面直接崩溃,工具栏正常,回话界面显示空白;其中dns监听器稳定触发cs无限重启的bug
无法和crossc2配合使用
cs会话无法派生带msf,一直卡在这里
我刚开始以为我的问题,我用4.3的执行vnc可以,环境都是本地测试的。一执行就掉线Disconnected from server ([email protected])
生成beacon能上线,但是无法执行任何命令和使用功能,包括sleep
生成artifact直接不能上线
抓包发现能正常请求到js
profile如下,只改了这个证书密码
cloudflare已配置缓存绕过,通过IP beacon和artifact都能上线
是否能让client兼容jdk8
我需要配置客户端公钥,但是teamserver没有生成beacon_keys
session color选择颜色不生效
请问下是BUG吗还是别的方式?我选中几个机器选color都没反应。
没有汉化包吗
stager上线选择监听时无法选择监听,Listener监听中存在监听设置。
执行了shell whoami 复制不了结果
不知道是不是有问题还是我自己的问题 请教一下
我有的dns 上线的
tgg yyds
[!] client (1.1.1.1) read [Manage: xxx]: Connection reset
不知道是为啥,cs4.3好像没有遇到过这个问题。
没有文件,也没有下载链接了啊
具体报错信息如下:
[19137.959s][warning][os,thread] Failed to start thread "Unknown thread" - pthread_create failed (EAGAIN) for attributes: stacksize: 1024k, guardsize: 0k, detached.
[19137.960s][warning][os,thread] Failed to start the native thread for java.lang.Thread "HTTP session handler"
Exception in thread "Web Server on port 443" java.lang.OutOfMemoryError: unable to create native thread: possibly out of memory or process/resource limits reached
at java.base/java.lang.Thread.start0(Native Method)
at java.base/java.lang.Thread.start(Thread.java:798)
at cloudstrike.NanoHTTPD$HTTPSession.(NanoHTTPD.java:239)
at cloudstrike.NanoHTTPD$1.run(NanoHTTPD.java:189)
at java.base/java.lang.Thread.run(Thread.java:829)
在客户端打上补丁,服务端不打时,客户端登录失败,直接闪退。
在服务端打补丁,客户端不打时,服务端直接闪退:
双方都打补丁时,同样直接闪退:
所以想请教一下大佬,这个是个什么原因呢
服务端显示 Dropped HTTP client from /192.168.179.129 (missing URI)
使用CrossC2 无法上线Linux
是要自己修改profile吗,就用jquery4.5的是不是不行,然后就是CrossC2好像不支持4.5版本,本人菜鸡一枚不知道怎么整了,还望师傅告知
5月1日版本,颜色标记功能好像不起作用。
[-] client (1.1.1.1) read [main]: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.base/javax.net.ssl.DefaultSSLServerSocketFactory.throwException(SSLServerSocketFactory.java:177)
at java.base/javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(SSLServerSocketFactory.java:205)
at ssl.SecureServerSocket.(SecureServerSocket.java:168)
at server.TeamServer.B(TeamServer.java:67)
at ServerMain.main(ServerMain.java:33)
at Cobaltstrike.main(Cobaltstrike.java:26)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.base/java.security.Provider$Service.newInstance(Provider.java:1868)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:185)
at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:110)
at java.base/javax.net.ssl.SSLServerSocketFactory.getDefault(SSLServerSocketFactory.java:74)
at ssl.SecureServerSocket.A(SecureServerSocket.java:174)
at ssl.SecureServerSocket.(SecureServerSocket.java:167)
... 3 more
Caused by: java.security.KeyManagementException: keystore password was incorrect
at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.(SSLContextImpl.java:942)
at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:1111)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
at java.base/java.security.Provider$Service.newInstanceOf(Provider.java:1879)
at java.base/java.security.Provider$Service.newInstanceUtil(Provider.java:1886)
at java.base/java.security.Provider$Service.newInstance(Provider.java:1861)
... 10 more
请问师傅有遇到这种情况吗?
您好,请问如何在windows上运行cat客户端和cat team服务器?
no pass?
rt
crossc2无法上线linux
老哥5月1日啦,解压密码嘞
根据大佬的READMD.md,我没看懂CatServer.profile-name = cobaltstrike这个参数是什么意思,我按照READMD.md执行报如下错误:
root@test:~/cs# java -jar cat_server.jar script 10.211.55.21 3344 cobaltstrike 123456 demo.cna
[*] Loading properties file (/root/cs/TeamServer.prop).
[*] Properties file was loaded.
Hello,cobalt strike[cat]
[*] shutting down client
[-] Disconnected from team server.
我看了日志
root@test:~/cs# cat logs/230708/events.log
07/08 09:08:19 UTC *** cobaltstrike (10.211.55.21) joined
07/08 09:08:20 UTC *** cobaltstrike quit
07/08 09:09:34 UTC *** cobaltstrike (10.211.55.21) joined
07/08 09:09:35 UTC *** cobaltstrike quit
我理解cobaltstrike应该是profile名称,以*.profile结尾,但我没想明白这个文件是怎么生成的或者它应该存在哪,默认文件只有jquery-c2.4.5.profile,感谢支持。
表哥,我去看了看catcs4.4,一样有老表提问了这个问题,
利用psexec 横向的时候,选择session的时候不会出现弹窗,这个是我用其他版本的截图
希望表哥能够修复这个bug!!!!!!!!!!!!!!!
如果进程名包含go字符串好像被替换为空了
请教一下师傅,gencon能适配catcs嘛?我这边使用gencon连接catcs,能识别到上线但是会在aes那一步崩掉。
Great project, Hope the following two bugs will be fixed.
External C2 Listener cannot work, it report error when beacon access (OpenJDK 11.0.9 on server):
ssh function not work, same bug in dogcs.
rt
外部C2好像有点问题,用不了
通过境外CDN上线
只要listener设置的是域名不是server的ip,就不能上线
同样的方法到4.4版本就可以上线
cat_client 执行 sudo java -jar cat_client.jar
提示 usage: [client|version]
cat_client 执行 sudo java -jar cat_client.jar client
提示[!] client (1.1.1.1) read [TeamQueue Reader]: null
at_server在ubuntu中执行 cat_client链接是提示
[-] client (1.1.1.1) read [Manage: neo]: No location for 'e_lfanew'
java.lang.IllegalArgumentException: No location for 'e_lfanew'
at pe.PEParser.getLocation(Unknown Source)
at pe.PEEditor.setValueAt(Unknown Source)
at pe.PEEditor.removeRichHeader(Unknown Source)
at pe.PEEditor.insertRichHeader(Unknown Source)
at pe.MalleablePE.pre_process(Unknown Source)
at c2profile.Preview.getPE(Unknown Source)
at c2profile.Preview.summarize(Unknown Source)
at server.ManageUser.process(ManageUser.java:117)
at server.ManageUser.run(ManageUser.java:210)
at java.base/java.lang.Thread.run(Thread.java:829)
是我操作不对还是什么
这个button点击没反应
师傅您好 cs密码设置含英文会提示认证失败
纯数字可以正常运行
想问一下这个是什么原因= =
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.