• CobaltStrike3.12/13 破解


    更新3.13破解版

    链接: https://pan.baidu.com/s/14e0tpVPzUhiAhYU2_jvBag 提取码: d9uf

    MacOS客户端:

    链接: https://pan.baidu.com/s/1h8KwLQ58I-P58tdbz7z3QA 提取码: 8sae

    一.CobaltStrike3.12下载

    校验:https://verify.cobaltstrike.com/

    xor.bin:https://github.com/verctor/CS_xor64

    github上因为DMCA不能上传了,这里给个网盘链接:

    链接:https://pan.baidu.com/s/1n6h2w5j0TCx9GnnC5Z7gZg

    提取码:1sxu 

    注意:

    一开始放的版本CSDN破解时没注意,EICAR指纹没有清除干净,主要存在于这三个文件:

    common.ListenerConfig
    resources/template.x64.ps1、resources/template.x86.ps1

    网盘链接是已经更新的,可以替换cobaltstrike.jar文件。或者自行对此三个文件进行反编译修改。

    附一些教程

    官方教程中文字幕

    YouTube 英文教程

    链接:https://pan.baidu.com/s/1_ClGEELSHzXNC6PAEVcUVA 

    提取码:iunr 

    二.破解记录

    关键文件位置

    aggressor/dialogs/ListenerDialog.class
    common/ArtifactUtils.class
    common/License.class
    server/ProfileEdits.class
    resources/xor.bin
    resources/xor64.bin
    common.ListenerConfig
    resources/template.x64.ps1、resources/template.x86.ps1

    License

    两种破解思路

    (1)直接改试用时间

    private static long life = 99999L;
    
    

    (2)修改isTrail的判断逻辑

    把这里的true改为false

    public static boolean isTrial()
      {
        return true;
      }

     

    把这两个函数中的内容删掉,启动时可以不显示试用信息

    public static void checkLicenseGUI(Authorization auth)
    public static void checkLicenseConsole(Authorization auth)

      

    去除listener个数限制

    去掉这段,去除只能添加一个listener的限制

     else if ((Listener.isEgressBeacon(payload)) && (DataUtils.isBeaconDefined(this.datal)) && (!name.equals(DataUtils.getEgressBeaconListener(this.datal))))
        {
          DialogUtils.showError("You may only define one egress Beacon per team server.
    There are a few things I need to sort before you can
    put multiple Beacon HTTP/DNS listeners on one server.
    Spin up a new team server and add your listener there.");
        }

     

    后门特征指纹

    存在后门特征指纹的几个地方

    common/ArtifactUtils.class

    packer.addString("X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

    server/ProfileEdits.class

    c2profile.addCommand(".http-get.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
    c2profile.addCommand(".http-post.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
    c2profile.addCommand(".http-stager.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
    c2profile.addCommand(".stage.transform-x86", "append", "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
    c2profile.addCommand(".stage.transform-x64", "append", "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

    common.ListenerConfig

    -  result.append("5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*u0000");+  result.append("123u0000");

    resources/template.x64.ps1、resources/template.x86.ps1

     $eicar = 'X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'+  $eicar = ''

    common.ArtifactUtils

    已经修改了License.isTrial()返回值为false,所以改不改也没什么影响

     

    清除cobaltstrike缓存

    rm -rf logs data cobaltstrike.store 

     

    参考

    https://xz.aliyun.com/t/2170

    https://www.bilibili.com/video/av34171888/

    https://github.com/Lz1y/cobalt_strike_3.12_patch

  • 相关阅读:
    delphi 滚屏
    delphi Sender和Tag的用法
    delphi res 字符串资源
    delphi queryCommandState
    net图片转格式
    递归数据树结构
    C# winform文件批量转编码 选择文件夹
    SQL可重复执行语句,增删改字段、表、修改默认值
    WEBAPI测试
    调用webservice
  • 原文地址:https://www.cnblogs.com/ssooking/p/9825917.html
Copyright © 2020-2023  润新知