redsiege / c2concealer Goto Github PK

Cobalt Strike 4.3 (https://blog.cobaltstrike.com/2021/03/03/cobalt-strike-4-3-command-and-control/) introduced, among other things, the "dns-beacon" block. The addition of this block breaks compatibility so profiles for previous versions are no longer valid for 4.3+.

As a half-measure, https://github.com/FortyNorthSecurity/C2concealer/blob/master/C2concealer/components/dnsoptions.py#L77-L80 should be changed to

profileString = 'dns-beacon { \n'
for attr, value in self.__dict__.items():
	profileString += '\tset ' + attr + ' "' + value + '";\n'
profileString += '\n }\n'
return profileString

A more complete solution should probably also include the new subhost options.

C2concealer/C2concealer/generate-cert.sh: line 105: ./letsencrypt-auto: No such file or directory
[ERROR] letsencrypt certs failed to build. Check that DNS A record is properly configured for this domain

thx for the help

Tried many times, but It didn't work.
C2concealer --variants 1 --hostname domain
[i] Building random C2 malleable profile with 1 variants.
[-] Attempted to create 10 profiles. All 10 failed c2lint check.
[i] If you selected a large amount of variants, please retry again.
[x] Exiting program.

EXECUTE POWERSHELL:

CS LISTENER:

Nginx:

server {
    listen 443 ssl;
    root /var/www/html/;
    index index.html;
    charset utf-8;
    server_name xxxxxxxxx;
    ssl_certificate  /etc/nginx/sites-available/csserver.crt;
    ssl_certificate_key /etc/nginx/sites-available/csserver_nopass.key;
    location / {
        try_files $uri $uri/ @c2;
    }
    location @c2 {
        proxy_pass https://172.17.0.2:444;
        proxy_redirect off;
        proxy_ssl_verify off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Hey guys, this might sound like a dumb one but my google fu is failing me

let's say I have all my pem files from a pre-existing letsencrypt, I've converted to jks in the past for other profiles but using C2Concealer i need to create a .store certificate to satisfy the creation of my profiles ... what am I missing, Thanks!

how might that happen ? - btw this is ace +++

Tried many times, but It didn't work.
C2concealer --variants 1 --hostname domain
[i] Building random C2 malleable profile with 1 variants.
[-] Attempted to create 10 profiles. All 10 failed c2lint check.
[i] If you selected a large amount of variants, please retry again.
[x] Exiting program.