CS合法证书+ps上线手把手示范

CS合法证书+ps上线手把手示范

Scroll Down

参考文档:

首先,请宁打开您的购买域名的网站。添加a记录。

1

然后,我要去freessl网站申请我买的 dtgsiam.pw **** 这个域名的证书了:

2

会生成一个TXT记录,请您粘贴到宁购买域名的网站上:

3

粘贴好之后是这样,倒数第二条请宁忽略,那是我以前搞合法证书上线的历史遗留:

4

粘贴好之后去 freessl 验证,解析通过就行:

5

在这里下载文件:

6

宁就会得到两个文件:

7

现在宁就需要去生成 keystore 文件了:

命令模板是:

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out spoofdomain.p12 -name spoofdomain.com -passout pass:mypass 
keytool -importkeystore -deststorepass mypass -destkeypass mypass -destkeystore spoofdomain.store -srckeystore spoofdomain.p12 -srcstoretype PKCS12 -srcstorepass mypass -alias spoofdomain.com 

宁看看我的例子里,是这样输入的:

8

中间有个是错误的那条命令,宁应该看的出来吧!还可以看出来上面生成的两个文件我已经粘贴到我的 CS 文件夹了吧!!!

帮宁粘贴出来了:

root@VM-0-10-ubuntu:/home/ubuntu/cobaltstrike4.0_cracked_ssooking# openssl pkcs12 -export -in full_chain.pem -inkey private.key -out test.dtgsiam.p12 -name test.dtgsiam.pw -passout pass:snowming 
root@VM-0-10-ubuntu:/home/ubuntu/cobaltstrike4.0_cracked_ssooking# keytool -importkeystore -deststorepass snowming -destkeypass snowming -destkeystore dtgsiam.store -srckeystore test.dtgsiam.p12 -srcstoretype PKCS12 -srcstorepass snowming -alias test.dtgsiam.pw 

然后我就获得了,这个文件:dtgsiam.store

然后我们怎么用这个文件呢?是写入自己的 c2 profile 里面。

怎么创建 C2 Profile 呢?我帮我朋友写了一个,但是他可能要用我就不贴出来了。宁看我下面这个网址,你实在不会的话就用这个吧。。

9

其实就是找带 https-certificate段的 c2 profile 去替换。

然后记得我刚刚设置的密码和store文件吗,就换 https-certificate 这一块,换成这两行!!

10

用 .c2lint 检查下,下面这样就是通过:

11
12

然后还可以替换一个东西,就是 teamserver 这个文件:

#!/bin/bash 
# 
# Start Cobalt Strike Team Server 
# 

# make pretty looking messages (thanks Carlos) 
function print_good () { 
    echo -e "\x1B[01;32m[+]\x1B[0m $1" 
} 

function print_error () { 
    echo -e "\x1B[01;31m[-]\x1B[0m $1" 
} 

function print_info () { 
    echo -e "\x1B[01;34m[*]\x1B[0m $1" 
} 

# check that we're r00t 
if [ $UID -ne 0 ]; then 
	print_error "Superuser privileges are required to run the team server" 
	exit 
fi 

# check if java is available... 
if [ $(command -v java) ]; then 
	true 
else 
	print_error "java is not in \$PATH" 
	echo "    is Java installed?" 
	exit 
fi 

# check if keytool is available... 
if [ $(command -v keytool) ]; then 
	true 
else 
	print_error "keytool is not in \$PATH" 
	echo "    install the Java Developer Kit" 
	exit 
fi 

# generate a certificate 
	# naturally you're welcome to replace this step with your own permanent certificate. 
	# just make sure you pass -Djavax.net.ssl.keyStore="/path/to/whatever" and 
	# -Djavax.net.ssl.keyStorePassword="password" to java. This is used for setting up 
	# an SSL server socket. Also, the SHA-1 digest of the first certificate in the store 
	# is printed so users may have a chance to verify they're not being owned. 
if [ -e ./cobaltstrike.store ]; then 
	print_info "Will use existing X509 certificate and keystore (for SSL)" 
else 
	print_info "Generating X509 certificate and keystore (for SSL)" 
	keytool -keystore ./cobaltstrike.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias cobaltstrike -dname "CN=Major Cobalt Strike, OU=AdvancedPenTesting, O=cobaltstrike, L=Somewhere, S=Cyberspace, C=Earth" 
fi 

# start the team server. 
java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=50051 -Djavax.net.ssl.keyStore=./dtgsiam.store -Djavax.net.ssl.keyStorePassword=snowming -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./cobaltstrike.jar server.TeamServer $* 

我把最后一行改了!!其实就是改了端口、指定的 store 文件,以及 store 文件的密码。
然后跑起来~

root@VM-0-10-ubuntu:/home/ubuntu/cobaltstrike4.0_cracked_ssooking# ./teamserver 106.55.18.116 snowming gmail.profile  

13

注:这个图是我开了监听器之后的截图,那一个红色的报错是我一开始开错了一个 http 的监听器,又关掉了。可以忽略。

14

15

16

17

申明:文章非本人原创,只是转载的