cobalt-strike / sleep_python_bridge Goto Github PK

Hello,

thanks you for the tool.

while testing beaconlogtracker.py, i have the following error "No logs yet. Did you just start the teamserver" even though i started teamserver with listeners and running beacons. I think something has changed in the teamserver v4.7.

logs from cs console showing that logtracker logged in to collect logs:

09/01 15:41:07 *** logtracker_striker has joined.
09/01 15:41:08 *** External Action Taken: [Beacon Log Tracker] Getting beacon logs from teamserve
09/01 15:41:09 *** External Action Taken: [Beacon Log Tracker] Processing logs
09/01 15:41:11 *** logtracker_striker has left.

execution logs:

$ python3 beaconlogtracker.py 127.0.0.1 50050 logtracker PASSWORD /opt/cobaltstrike

Beacon Log Tracker

[*] Connecting to teamserver: 127.0.0.1
[Beacon Log Tracker] Getting beacon logs from teamserver...
[!] No logs yet. Did you just start the teamserver?

(kali㉿kali)-[~/sleep_python_bridge]
$ ls -lah /opt/cobaltstrike/logs
total 16K
drwxr-xr-x 4 root root 4.0K Sep 1 19:30 .
drwxrwxr-x 5 kali lxd 4.0K Sep 1 22:41 ..
drwxr-xr-x 2 root root 4.0K Aug 31 23:46 220831
drwxr-xr-x 3 root root 4.0K Sep 1 22:37 220901

(kali㉿kali)-[~/sleep_python_bridge]
$ ls -lah /opt/cobaltstrike/logs/220901
total 20K
drwxr-xr-x 3 root root 4.0K Sep 1 22:37 .
drwxr-xr-x 4 root root 4.0K Sep 1 19:30 ..
drwxr-xr-x 2 root root 4.0K Sep 1 22:37 192.168.0.1
-rw-r--r-- 1 root root 921 Sep 1 22:41 events.log
-rw-r--r-- 1 root root 132 Sep 1 22:21 weblog_80.log

There is a method that writes a command to beacon by "bid"????
Something like:
inputBeacon(self, bid, command)

Muchas gracias =)

In case anyone else is running a newer version of CS (like 4.6)...

When running example.py, the following error occurs when connecting to the CS server.
[*] Connecting to teamserver: 127.0.0.1
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Error: Could not find or load main class aggressor.headless.Start.class
Caused by: java.lang.ClassNotFoundException: aggressor.headless.Start.class

If the sleep_python_bridge/sleep_python_bridge/striker.py file is updated on 57 to
self.aggscriptcmd = "java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -classpath '{}/cobaltstrike-client.jar' aggressor.headless.Start".format(self.cs_directory)

That should resolve the error.

Hello,

I'm unsure what I may be doing wrong, I am unable to get the payload generator to generate a payload using the arsenal kit. What I've done:

I've dropped the contents of the generated dist folder (arsenal_kit.cna & artifact/**) into the same folder with the payload_scripts.cna, and renamed the arsenal_kit.cna to payload_scripts.cna.

However when I run the payload generator I appear to get a vanilla payload as opposed to the customized payload.

In this first screenshot is the metadata of the payload generator beacon.

This beacon was generated using the GUI with arsenal kit loaded. In it you can see the contents of the resource.rc being added as additional attributes as expected, indicating the arsenal kit was loaded.

Am I doing something wrong? Is this a bug?

Thanks!

3ks to the tool !
Here i call the function bmimikatz('{beacon_id}', '{command}'), command is 'sekurlsa::logonpasswords'
the code is
cmd = f"return base64_encode(bmimikatz('{beacon_id}', '{command}'))" bytes = self.ag_get_object(cmd, timeout=30000, sleep_time=3)
and i get bytes is empty, but the client console do print task is delivered, and the passwords/user has been caught;
how can i receive the command running result in python script?

I'm getting "Error: Cobalt Strike JAR file not found" when running striker.py against Cobalt Strike 4.8. I see that connectTeamserver is looking for cobaltstrike.jar, but that file doesn't exist in 4.8. Is there a workaround?