1.1.1 Cobalt Strike 安装指南

常用环境

服务端
服务端环境
GUI 客户端
SSH 工具

Centos 7.6

Oracle Java 11

Windows / Linux kali

FinalShell

安装过程

一. 安装 Open JDK 环境

CS 官方建议安装 JDK 11/1.8 ,所以这里我们用 JDK 11 作为例子,如果服务器开机自带 Java 环境,建议先卸载,防止环境混乱

输入命令(二选一即可

yum install java-11-openjdk-devel #jdk 11
yum install java-1.8.0-openjdk* -y #jdk 1.8

如果你的系统中还装有不同版本的 JDK 的话,请使用 alternatives --config java 对默认运行的 Java 版本进行选择,或使用 rpm -qa | grep java | xargs rpm -e --nodeps 进行删除

img

验证 Java 环境是否成功配置,运行Java版本检查命令:

java -version

如图显示则为成功安装

img

二. 配置服务端

1. 资源下载

我使用的软件包是 @www.ddosi.org 上的 Cobalt Strike 4.5 + CS Agent 版本,这里同时给出原版(请见 Github 下载页面)部分破解版本有可能会带有木马。另外即使没有后门,CS本身也是会报毒,因为本身带很多攻击性的payload

如何查看文件的 Hash 值

打开 powershell

img

输入Get-FileHash .\文件名(注意:文件名包括后缀)

img

对比 Hash 是否相同,如不同则已经被修改,可能存在投毒风险,在线对比工具:http://www.jsons.cn/txtdiff/

Hash 查询在线地址(更新到4.7.2) 官方地址:https://verify.cobaltstrike.com/

# Cobalt Strike 4.7.2 (October 17, 2022)
5cc4e4df156579cbd01a09dd4c1daca513113f771cb5034a22c1e1dfb3ba424b	Cobalt Strike 4.7.2 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.7.1 (September 16, 2022)
2387c9ead13876d70a332c4ce57c4c090232d346376e174c703b38cda39f3f8f	Cobalt Strike 4.7.1 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.7 (August 17, 2022)
c1cda82b39fda2f77c811f42a7a55987adf37e06a522ed6f28900d77bbd4409f	Cobalt Strike 4.7 Licensed (cobaltstrike.jar) 

# Cobalt Strike 4.6.1 (May 23, 2022)
09e30bde7602cfa3358c0b1c9124079c77181c81c4ef0ef4f6789e24a3f07d5b	Cobalt Strike 4.6.1 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.6 (April 12, 2022)
939aa731685ac5c2632e4790daf034110ae4aa7237a6db72c7bba219bd450727	Cobalt Strike 4.6.0 Licensed (cobaltstrike.jar)

# Distribution Packages (released with Cobalt Strike 4.6)
d1f7eb1a34e17bb945f9b6bd656eac9d7837a00b2fadbc7d4d3e2621d2123a39	Cobalt Strike MacOSX Distribution Package (cobaltstrike-dist.dmg 20220412)
f2d4a2312abc4357c19a876d335d1da41ca01e4d4c8c056890ed32c4a16055b4	Cobalt Strike Linux Distributions Package (cobaltstrike-dist.tgz 20220412)
f696215f7fdf07a6525e91f864b39afc23e4e761cbca97c6ecb6c4ae0ffa8967	Cobalt Strike Windows Distribution Package (cobaltstrike-dist.zip 20220412)

# Cobalt Strike 4.5 (December 14, 2021)
a5e980aac32d9c7af1d2326008537c66d55d7d9ccf777eb732b2a31f4f7ee523	Cobalt Strike 4.5 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.4 (August 04, 2021) 
7af9c759ac78da920395debb443b9007fdf51fa66a48f0fbdaafb30b00a8a858	Cobalt Strike 4.4 Licensed (cobaltstrike.jar)

# Distribution Packages (released with Cobalt Strike 4.4)
5adf9d086a2f59be9095458f207de9e947a05696e63365a4da02acdc17caa130	Cobalt Strike MacOSX Distribution Package (20210804)
8331a77fb2f81ce969795466f8f441f02813789c24b47d0771ffdceddf8d91fe	Cobalt Strike Linux Distributions Package (20210804)
fdcc265fcf1d87bdfd0f7ea91138d7d9f8128f8ed157d427317619002aadd17d	Cobalt Strike Windows Distribution Package (20210804)

# Cobalt Strike 4.3 (March 17, 2021) [bug fixes]
c3c243e6218f7fbaaefb916943f500722644ec396cf91f31a30c777c2d559465	Cobalt Strike 4.3 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.3 (March 3, 2021)
02fa5afe9e58cb633328314b279762a03894df6b54c0129e8a979afcfca83d51	Cobalt Strike 4.3 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.2 (November 6, 2020)
56a53682084c46813a5157d73d7917100c9979b67e94b05c1b3244469e7ee07a	Cobalt Strike 4.2 Licensed (cobaltstrike.jar)

# Distribution Packages (released with Cobalt Strike 4.2)
f82531f3e18de0801bf18a4f65070cd927b656c3ef4b9ae8fb2c666338e65352  	Cobalt Strike Linux Distributions Package (20201106)
ad5348bc090fd47a414329a27c80c14de5bd739b58ef5aa66ab886219a27c9f6  	Cobalt Strike Windows Distribution Package (20201106)
4592a252a1b72928c87a7a38f4ec13cc929cbc3bdd8861ac51e678a55559167c  	Cobalt Strike MacOSX Distribution Package (20201106)

# Cobalt Strike 4.1 (June 25, 2020)
1f2c29099ba7de0f7f05e0ca0efb58b56ec422b65d1c64e66633fa9d8f469d4f	Cobalt Strike 4.1 Licensed (cobaltstrike.jar)

# Distribution Packages (re-released with new verify.cobaltstrike.com certificate)
b367ee44bff09254f0a8dbf229e9c4c7c8b961adcbe6d47864b493236d2f8b0a	Cobalt Strike Linux Distribution Package (20200511)
e1189afca708394c530f239c6c9604b6063f3295a0aa996354573d5cf2f1705e	Cobalt Strike Windows Distribution Package (2020511)
3eadce2f4eaa81646d0f53aa751c5456c9c4a74ab71fd51f66af9866cdafef69	Cobalt Strike MacOS X Distribution Package (20200511)

# Cobalt Strike 4.0 (February 22, 2020) [bug fixes]
10fe0fcdb6b89604da379d9d6bca37b8279f372dc235bbaf721adfd83561f2b3	Cobalt Strike 4.0 Licensed (cobaltstrike.jar)

# Cobalt Strike 4.0 (December 5, 2019)
558f61bfab60ef5e6bec15c8a6434e94249621f53e7838868cdb3206168a0937	Cobalt Strike 4.0 Licensed (cobaltstrike.jar)

# Distribution Packages (co-released with Cobalt Strike 4.0)
51d1d14239b591d5ecf30f10e21ec5f6d196e9fe939bef23bf494a626b3addc8	Cobalt Strike Linux Distribution Package (20191205)
008d5f2b1af6a5b64b80fafee16ccdd924ad2132aabe2b287e19c5181759a549	Cobalt Strike Windows Distribution Package (20191205)
34166f7f1ae1f25dc3eca047ee53bd39c844e7b602e877e4321bdeb539b92893	Cobalt Strike MacOS X Distribution Package (20191205)

# Cobalt Strike 3.14 (May 4, 2019) [bug fixes]
0e3e7ace7f6f99b9227e9e644ae0e7469e79e4fc746a8f632940e35821a74da9	Cobalt Strike 3.14 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.14 (May 2, 2019)
303486b3b06ef6b1e6c8facfe3ccc4a525f2795b7f55faca591f66c70baa2bda	Cobalt Strike 3.14 MacOS X Trial Package
8d9522c69a4df90f2738498ec836f2c44632c10406f81cad1b1d992eccca62cf	Cobalt Strike 3.14 Linux Trial Package
a5c9ec241baa6a85c77460e63b9fb50b4c2ced7186a0f947b9bf0397215659ff	Cobalt Strike 3.14 Windows Trial Package
283d9074bc089841b9ef39100928ed240721c3dbce003c93f4283d71d7a3a410	Cobalt Strike 3.14 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.13 (January 2, 2019)
b4f0fdbc782d1b81a8aa6176a5bfa9c1e76754b6f74a1224c79812ce7e0c2284	Cobalt Strike 3.13 MacOS X Trial Package
a28aa4aa35190a2d6d09c1c6f894bb51f86f7d4a93a60b40bf6933bb4e9245e2	Cobalt Strike 3.13 Linux Trial Package
f5865b4c05742b07f8fcd21e847a1657ec6908887a2787ffd27fe05de7b905c6	Cobalt Strike 3.13 Windows Trial Package
2c44e5426c41798dd11764cf64bf493ff81d4e77e3ed96dd6c65cf3333bdd809	Cobalt Strike 3.13 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.12 (September 6, 2018)
b43fda924df85ff9f30864c1d17f6df5c3e73d28a31666e58a12f529084a6a0a	Cobalt Strike 3.12 MacOS X Trial Package
05faf192798d94a63ab6610c0c9459c4b446c4d594188abcaa3236b6d7d2593d	Cobalt Strike 3.12 Linux Trial Package
70f4d53d02a68641ed816ef97a51b091267228dd5ab22dcc5c6dc1aef233345a	Cobalt Strike 3.12 Windows Trial Package
4349e9195e083573fca38a35f7327b6d2a95538101bef9c9efdb7476d4642d8c	Cobalt Strike 3.12 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.11 (May 24, 2018) [bug fixes]
468dbaa489ff86bdd173e7c6e208719d4c3cb95adc1fda0b8ceb7d81d2c89d06	Cobalt Strike 3.11 MacOS X Trial Package
a13e0819ef4609e40ba33f96a6baab43c2cccb74956a5f708b6f4426063544e6	Cobalt Strike 3.11 Linux Trial Package
848516b701aeb46f248e9a0313fa3406f3b89cd44c3232855f5668ebbe8910f5	Cobalt Strike 3.11 Windows Trial Package
d37ab96af1cc3f4a98ba63804138f644508e632f3791e3cfdde745d307bff5d9	Cobalt Strike 3.11 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.11 (April 9, 2018)
d625fc6026a5b07aa9ff759879bce8497fd2e8e5cb62a5efc9f23e140e259d3e	Cobalt Strike 3.11 MacOS X Trial Package
8a5a4c8088b75d9df1df1d0ba500bcb2d56404412da6cb9288d38e032b35f344	Cobalt Strike 3.11 Linux Trial Package
05cf861725efd4ab18c2af69133a0a9c1617dd1eb2583b97b6d41bdf658a2711	Cobalt Strike 3.11 Windows Trial Package
f3e3e645141ffcd5089816f90dee24ded30386277343f3254df05c837a6068aa	Cobalt Strike 3.11 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.10 (December 11, 2017)
952407771d6b193b58ed0e07ea2e2f647d916aed86e9a8cae64828bc14be5970	Cobalt Strike 3.10 MacOS X Trial Package
3147cd19146f886fd41a3add6be947f3a4581047d4a7393f01d355c732587336	Cobalt Strike 3.10 Linux Trial Package
7035a1957ca69daa96c29cc7058b32a772c769cff26e8805b12a10e9f8b1abd5	Cobalt Strike 3.10 Windows Trial Package
f6fff191e05e3e1345db600f2731fea6324b10e57023e38e712e7f648e8643eb	Cobalt Strike 3.10 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.9 (September 26, 2017) [bug fix II]
3083bed43aeeb058ef8580c7bd564cbd3910c579ecb535cdc7fd0cb397fe8c05	Cobalt Strike 3.9 MacOS X Trial Package
fdd15df9dc42717a91f94ae508744f9b584d81503408b34d3c2227895d8d3400	Cobalt Strike 3.9 Linux Trial Package
d024b760768839bb71aea16eb1d3ff86e67bbacf4539bf743ce9b0cdbbbfdb42	Cobalt Strike 3.9 Windows Trial Package
20aacc907dddaa528ebfe5fa74743a5366d52dd28073ecfd05a4922fb23ada40	Cobalt Strike 3.9 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.9 (September 21, 2017) [bug fix]
853b9887b4195b38d2b424c2e2dfeafad5f2b44cff3178b3d5fcdae9cecddd02	Cobalt Strike 3.9 MacOS X Trial Package
650bd8b279135091c0d77c1057cb5c543b9de356eb4c4797a48e2ee0a5dd5df0	Cobalt Strike 3.9 Linux Trial Package
0cc1f52f678bc3ae30f81c614ffb7fb051d61a7b4998c739c6ae92487696ccbd	Cobalt Strike 3.9 Windows Trial Package
a9bde8f8694f1bcd23a3ec9774fe00ba4fad6d80bbf14aadf48940a9cd20b0e5	Cobalt Strike 3.9 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.9 (September 20, 2017)
be86a78be20b9efbaea50ff6b17545738ef388103f1535b14327b3f2d8081e3f	Cobalt Strike 3.9 MacOS X Trial Package
1d035cc7eab0d27cfefb61d7eed50ca175ad66af3191c70d60081838e909d92e	Cobalt Strike 3.9 Linux Trial Package
597268753a1717936136a77d668b26f62997bee8077693f65c3f7003f016209b	Cobalt Strike 3.9 Windows Trial Package
57090f6e3a5721e4d00ebc57b65bf3c8ca29809f8dd5ac0ac5b31c0ece76f02d	Cobalt Strike 3.9 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.8 (May 23, 2017)
ad2ddb76ab3f4438d2553a2fa8f98384f8778e6c18e49daaca5f3fca0bbae1e2	Cobalt Strike 3.8 MacOS X Trial Package
424ad1308b630b5f000405ad36cfec4c811fc2d2a398d1bad3c182e7259a81f5	Cobalt Strike 3.8 Linux Trial Package
0931929fcdf9c066ca765899e424d6f094879c84ad6624f37fde35e903793f80	Cobalt Strike 3.8 Windows Trial Package
77ad57b1f29569773350b228d065135c8745949bd80ee7ba59f3b01c27895bfb	Cobalt Strike 3.8 Licensed (cobaltstrike.jar)

# Cobalt Strike 3.7 (March 15, 2017)
41c02ba399b3d97b6028d49a100b29f76f60e57ed245837d08b3e5c2a894073f	Cobalt Strike 3.7 MacOS X Trial Package
3b87d9ae634c74e83161f9e549e3af9000340343f9b72fa61a3454d69b9b5dfc	Cobalt Strike 3.7 Linux Trial Package
8b1722a1989ad1c0e9f8b6f99bae49789c2b9e4a8e1535e0a1556f230cd50515	Cobalt Strike 3.7 Windows Trial Package
20bebed19e0e1639c7b719d5db70c574417707063fcd669e60349a89485d392b	Cobalt Strike 3.7 Licensed (cobaltstrike.jar)

2. CSAgent 说明

原项目地址:https://github.com/Twi1ight/CSAgent(由于 DMCA 删除,存储库不可用)

说明:Cobalt Strike 4.x 通用白嫖及汉化加载器,采用 javaagent+javassist 的方式动态修改 jar包,可直接加载原版 cobaltstrike.jar,理论上支持到目前为止的所有4.x版本(不包括 4.7)

  1. 汉化内容更详细,非机翻,所有文字是我一句句人工翻译的,不只简单的汉化了菜单,各类错误、说明信息都有汉化,尤其是用正则表达式覆盖了各类动态生成的错误信息

  2. 汉化范围更全面,之前的各类汉化版都是没有完全汉化按钮的,因为这里涉及到 Java 的一个坑,汉化后可能导致按钮功能失效,本版本对所有按钮全覆盖; 另外,针对 Beacon 终端交互内的命令及命令帮助也都有详尽的汉化说明,部分命令还加上了我个人的说明见解

  3. 汉化方式更先进,并非纯粹的正则替换,针对菜单、命令、命令帮助说明的汉化利用了Cobalt Strike加载资源文件的特性,直接翻译资源文件即可,无需再做动态替换,性能更高,后续版本更新也更方便 针对界面的各类说明、标签汉化,全部写入配置文件中,后续版本只需修改这部分配置即可,无需再修改 Java 代码

  4. 使用方法(资源已内置,无需进行配置)**:

    1. 下载 CSAgent.zip 解压,将原版 cobaltstrike.jar 放到解压目录中,确保CSAgent.jar、resources文件夹、scripts文件夹和 cobaltstrike.jar 处于同级目录

    2. 正常使用 teamserver 和 cobaltstrike 脚本启动即可,windows 使用 cobaltstrike.bat 启动

    3. 如果仅想使用破解功能,只需删除resources文件夹和scripts文件夹即可去除汉化

    4. 替换 cobaltstrike、teamserver、agscript、c2lint、cobaltstrike.bat 文件中的解密 Key,目前内置的key为4.4版本,各个版本的官方解密 Key

4.0 1be5be52c6255c33558e8a1cb667cb06
4.1 80e32a742060b884419ba0c171c9aa76
4.2 b20d487addd4713418f2d5a3ae02a7a0
4.3 3a4425490f389aeec312bdd758ad2b99
4.4 5e98194a01c6b48fa582a6a9fcbb92d6
4.5 f38eb3d1a335b252b58bc2acde81b542

3. 配置 TeamSever

Cobalt Strike 需要团队服务器才能使用,也就是 TeamSever ,必要的文件为 teamservercobaltstrike.jar

img

在任意目录下创建创建一个文件夹方便管理,这里我在 /home 目录下创建了名叫 CobaltStrike 的文件夹(这里不要出现空格,如Cobalt Strike,否则后面目录切换会出现问题)

teamservercobaltstrike.jar 上传到你创建的文件夹下(如果使用的是 CSAgent 进行破解需要上传 CSAgent.jar ,否则会出现报错)

img

将目录转到你存放文件的目录

cd /home/CobaltStrike  # cd /目标路径

之后对 teamserver 进行提权,并运行 teamserver 使服务端正常运转

chmod +x teamserver  #增加teamserver执行的权限
sudo ./teamserver <ip> <password> #IP:本机IP    password:本机密码

出现此回显则代表配置成功

img

三. GUI 客户端连接服务端

双击 cobaltstrike.bat 启动客户端,填写服务端信息

img

检查指纹是否与服务端指纹(Hash256)一致

img
img

检查后一致,说明服务端 & 客户端都无问题,可以正常使用

img

疑难问题

  1. 无法连接

配置无错误但是无法链接? 检查控制台是否放行50050或其他自定义端口

  1. 想删除连接记录

搜索.aggressor.prop并删除,这里推荐使用 Everything,清理后效果如下:

Previous1.1 建立基础设施Next1.1.2 TeamSever 持久化

Last updated