threatexpress / malleable-c2 Goto Github PK
View Code? Open in Web Editor NEWCobalt Strike Malleable C2 Design and Reference Guide
License: GNU General Public License v3.0
Cobalt Strike Malleable C2 Design and Reference Guide
License: GNU General Public License v3.0
I am running the jquery-2.4.0.profile on my test lab. The stageless beacon reaches back to the team server. Unfortunately there is no command output at all even with a sleep time set to 0.
Profiles from Raphael Mudge's repo work fine.
Any idea what is wrong here?
Sample:
beacon> getuid
[] Tasked beacon to get userid
[+] host called home, sent: 8 bytes
beacon> ps
[] Tasked beacon to list processes
[+] host called home, sent: 12 bytes
[-] Error(s) while compiling jquery-c2.4.3.profile
Error: option <.stage.compile_time> requires a 'dd MMM YYYY hh:mm:ss' date at line 377
Just wanted to let you know the link in the README.md is dead.
~reno
I was using this beacon payload recently and ran into a small potential bug.
When you set the Host: code.jquery.com
https://github.com/threatexpress/malleable-c2/blob/master/jquery-c2.4.0.profile#L250
When the SSL/TLS Proxy intercepts the requests, you may lose connections, since the Proxy sends traffic to the actual forged site.
I am not sure of the best way to over come this with malleable C2.
Have you encountered this before?
It seems that removing the host in the request fixes this.
Steps to Reproduce.
1. Connect Normally over HTTPS beacon. Should work fine.
2. On the host that is running the Beacon, Start a proxy like Fiddler, or Burp
3. The beacon is no longer responsive.
Feedback welcome, I may be missing something.
At first thank you for you work and youtube videos, which are still helpfull today.
i am new one in c2 and after uncommenting a Beacon get section , got that error in c2lint. What i made wrong?
./TeamServerImage c2lint /root/Desktop/Server/jquery-c2.4.8.profile
[-] Error(s) while compiling /root/Desktop/Server/jquery-c2.4.8.profile
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 696
mask
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 697
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.client.id> at line 698
parameter
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 702
mask
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 703
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.client.output> at line 704
parameter
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 717
mask
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 718
base64url
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 721
prepend
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 723
prepend
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 724
append
Error: Program is terminated. Can't add transform statements to <.http-post.server.output> at line 725
print
[-] Unable to load the Beacon profile
update - Comment a block for HTTP-POST Post method - now all work fine with Only Get beacon. Hope understand right. Thanks!
./c2lint jquery-c2.4.3.profile
[-] Your authorization file is not valid: Decryption error
I can't valid it , what should I do?
hello could you tell me why when I add a certain number of ips this happens?
[] dropping 192.168.1.22/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.21/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.20/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.19/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.18/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.17/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.22/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.21/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.20/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.19/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.18/jquery-3.3.1.min.js from Beacon profile for size
[] dropping 192.168.1.17/jquery-3.3.1.min.js from Beacon profile for size
[+] Listener: test started!
can be use 4.9 .profile for 4.9.1 version ?
Trying to load the profile : ./teamserver ip password jquery-c2.4.3.profile and keep getting this error! all other profiles work fine
*] Will use existing X509 certificate and keystore (for SSL) Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true [-] Error(s) while compiling jquery-c2.4.3.profile Error: invalid option for <Global> at line 71 data_jitter Error: Block is not valid for <Global> at line 190 dns-beacon Error: invalid option for <Global> at line 222 ssh_pipename Error: invalid option for <.post-ex> at line 322 pipename Error: invalid option for <.post-ex> at line 323 keylogger Error: invalid option for <.stage> at line 361 allocator Error: invalid option for <.stage> at line 364 magic_pe Error: invalid option for <.http-config> at line 512 block_useragents [-] exiting because of errors in jquery-c2.4.3.profile. Use ./c2lint to check the file
[-] Error(s) while compiling ./malleable-c2/jquery-c2.4.2.profile
Error: option <.stage.compile_time> requires a 'dd MMM YYYY hh:mm:ss' date at line 352
"11 Nov 2016 04:08:32"
。。。
Can you update the profile file for version 4.8
[-] .spawnto_x86 is deprecated and has no effect. Set .post-ex.spawnto_x86 instead.
[-] .spawnto_x64 is deprecated and has no effect. Set .post-ex.spawnto_x64 instead.
[-] .process-inject disable "SetTreadContext" is deprecated and has no effect. Use process-inject -> execute instead.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.