更新3.13破解版
链接: https://pan.baidu.com/s/14e0tpVPzUhiAhYU2_jvBag 提取码: d9uf
MacOS客户端:
链接: https://pan.baidu.com/s/1h8KwLQ58I-P58tdbz7z3QA 提取码: 8sae
一.CobaltStrike3.12下载
校验:https://verify.cobaltstrike.com/
xor.bin:https://github.com/verctor/CS_xor64
github上因为DMCA不能上传了,这里给个网盘链接:
链接:https://pan.baidu.com/s/1n6h2w5j0TCx9GnnC5Z7gZg
提取码:1sxu
注意:
一开始放的版本CSDN破解时没注意,EICAR指纹没有清除干净,主要存在于这三个文件:
common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1
网盘链接是已经更新的,可以替换cobaltstrike.jar文件。或者自行对此三个文件进行反编译修改。
附一些教程
官方教程中文字幕
YouTube 英文教程
链接:https://pan.baidu.com/s/1_ClGEELSHzXNC6PAEVcUVA
提取码:iunr
二.破解记录
关键文件位置
aggressor/dialogs/ListenerDialog.class common/ArtifactUtils.class common/License.class server/ProfileEdits.class resources/xor.bin resources/xor64.bin common.ListenerConfig resources/template.x64.ps1、resources/template.x86.ps1
License
两种破解思路
(1)直接改试用时间
private static long life = 99999L;
(2)修改isTrail的判断逻辑
把这里的true
改为false
public static boolean isTrial() { return true; }
把这两个函数中的内容删掉,启动时可以不显示试用信息
public static void checkLicenseGUI(Authorization auth)
public static void checkLicenseConsole(Authorization auth)
去除listener个数限制
去掉这段,去除只能添加一个listener的限制
else if ((Listener.isEgressBeacon(payload)) && (DataUtils.isBeaconDefined(this.datal)) && (!name.equals(DataUtils.getEgressBeaconListener(this.datal)))) { DialogUtils.showError("You may only define one egress Beacon per team server. There are a few things I need to sort before you can put multiple Beacon HTTP/DNS listeners on one server. Spin up a new team server and add your listener there."); }
后门特征指纹
存在后门特征指纹的几个地方
common/ArtifactUtils.class
packer.addString("X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
server/ProfileEdits.class
c2profile.addCommand(".http-get.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); c2profile.addCommand(".http-post.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); c2profile.addCommand(".http-stager.server", "!header", "X-Malware: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); c2profile.addCommand(".stage.transform-x86", "append", "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); c2profile.addCommand(".stage.transform-x64", "append", "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
common.ListenerConfig
- result.append("5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*u0000");+ result.append("123u0000");
resources/template.x64.ps1、resources/template.x86.ps1
$eicar = 'X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'+ $eicar = ''
common.ArtifactUtils
已经修改了License.isTrial()返回值为false,所以改不改也没什么影响
清除cobaltstrike缓存
rm -rf logs data cobaltstrike.store
参考
https://www.bilibili.com/video/av34171888/