dcsync / pycobalt Goto Github PK

It appears the submodules in third-party does not clone. I think it is because the ".gitmodules" is missing from the root of the project.

SharpGen is a symlink instead of a submodule in the current commit and most recent release.

When using setup.py install this results in the error:

running install_data
error: can't copy 'third_party/SharpGen': doesn't exist or not a regular file

I have tried to use pycobalt with cobaltstrike 4.0 and found It is not working.

When I am trying to load any .cna file in Cobalt strike, getting below error

10:56:58] Attempted to call a non-static method on a null reference at json.cna:99
[10:56:58] Attempted to call a non-static method on a null reference at json.cna:100

Please fix this issue. Also guide me so I can contribute to this repo

The line import pycobalt.engine as engine crashes following to an import error. I have seen that engine.py has an import to callbacks while callbacks.py has an import to engine.py. The code cannot run for now.

I want to run a powershell command like get-domaincomputer, capture the output, so I can parse the hosts and add them to Cobalt Strike's using the hosts_update API call.

It seems like it sould be pretty easy, but, so far, I've I haven't found a way to do it.

I thought maybe I could create a callback and pass it in bpowershell, via an alias command call, but the callback is auto registered, but never called because the 'name' is set to 'return' after the alias callback is run.

So, far it seems like only official Cobalt Script functions, expecting a call back will accept a callback. (which makes sense).

I would greatly appreciate any advice you may have on the subject,

Thanks!

Hello,

I have this small script that should create x64 executable called beacon.exe, when create-executable alias is called:

import pycobalt.engine as engine
import pycobalt.events as events                                                                                   
import pycobalt.aliases as aliases                                                                                 
import pycobalt.helpers as helpers                                                                                 
import pycobalt.commands as commands                                                                               
import pycobalt.aggressor as aggressor                                                                             
import pycobalt.callbacks as callbacks                                                                             
import pycobalt.console as console                                                                                  
                                                                                                                                             
@aliases.alias("create-executable", "Creates executable")                                                                                    
def _(bid, listener):                                                                                                                        
    executable = aggressor.artifact_payload(listener, "exe", "x64")                                                                          
    local_path = "/tmp/beacon.exe"                                                                                                           
    f = open(local_path, "wb")                                                                                                               
    f.write(executable)                                                                                                                      
    f.close()                                                                                                                                
                                                                                                                                             
engine.loop()

When I call this alias in beacon console, I get this error in Script Console:

[pycobalt] Executing script /tmp/beacon.py
[pycobalt beacon.py error] Traceback (most recent call last):
[pycobalt beacon.py error]   File "/tmp/beacon.py", line 18, in <module>
[pycobalt beacon.py error]     engine.loop()
[pycobalt beacon.py error]   File "/usr/local/lib/python3.9/dist-packages/pycobalt-1.2.0-py3.9.egg/pycobalt/engine.py", line 216, in loop
[pycobalt beacon.py error]     for name, message in read_pipe_iter():
[pycobalt beacon.py error]   File "/usr/local/lib/python3.9/dist-packages/pycobalt-1.2.0-py3.9.egg/pycobalt/engine.py", line 200, in read_pipe_iter
[pycobalt beacon.py error]     for line in _in_pipe:
[pycobalt beacon.py error]   File "/usr/lib/python3.9/codecs.py", line 322, in decode
[pycobalt beacon.py error]     (result, consumed) = self._buffer_decode(data, self.errors, final)
[pycobalt beacon.py error] UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc0 in position 1: invalid start byte
[pycobalt] Script process exited: /tmp/beacon.py

I think it has something to do with aggressor.artifact_payload, since this same issue also arises when calling aggressor.artifact_stager.

So far I have been able to fix this error by adding sys.stdin.reconfigure(encoding="latin-1") to pycobalt/engine.py after imports and changing line 12 from my script to executable = bytes(aggressor.artifact_payload(listener, "exe", "x64"), "latin-1").

I wonder if this a proper way to fix this error or may the change to engine.py break something else?

Related version information:

• Cobalt Strike version: 4.3.0
• Pycobalt version: 1.2.0