Loading

CobaltStrike3.12/13 破解

更新3.13破解版

链接: https://pan.baidu.com/s/14e0tpVPzUhiAhYU2_jvBag 提取码: d9uf

MacOS客户端:

链接: https://pan.baidu.com/s/1h8KwLQ58I-P58tdbz7z3QA 提取码: 8sae

 

 

 

一.CobaltStrike3.12下载

校验:https://verify.cobaltstrike.com/

xor.bin:https://github.com/verctor/CS_xor64

github上因为DMCA不能上传了,这里给个网盘链接:

链接:https://pan.baidu.com/s/1n6h2w5j0TCx9GnnC5Z7gZg

提取码:1sxu 

注意:

一开始放的版本CSDN破解时没注意,EICAR指纹没有清除干净,主要存在于这三个文件:

common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1

网盘链接是已经更新的,可以替换cobaltstrike.jar文件。或者自行对此三个文件进行反编译修改。

 

附一些教程

官方教程中文字幕

YouTube 英文教程

链接:https://pan.baidu.com/s/1_ClGEELSHzXNC6PAEVcUVA 

提取码:iunr 

二.破解记录

关键文件位置

aggressor/dialogs/ListenerDialog.class
common/ArtifactUtils.class
common/License.class
server/ProfileEdits.class
resources/xor.bin
resources/xor64.bin
common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1

 

License

两种破解思路

(1)直接改试用时间

private static long life = 99999L;


(2)修改isTrail的判断逻辑


把这里的true改为false




public static boolean isTrial()
  {
    return true;
  }




 


把这两个函数中的内容删掉,启动时可以不显示试用信息




public static void checkLicenseGUI(Authorization auth)
public static void checkLicenseConsole(Authorization auth)




  


去除listener个数限制


去掉这段,去除只能添加一个listener的限制




 else if ((Listener.isEgressBeacon(payload)) && (DataUtils.isBeaconDefined(this.datal)) && (!name.equals(DataUtils.getEgressBeaconListener(this.datal))))
    {
      DialogUtils.showError("You may only define one egress Beacon per team server.\nThere are a few things I need to sort before you can\nput multiple Beacon HTTP/DNS listeners on one server.\nSpin up a new team server and add your listener there.");
    }




 


后门特征指纹


存在后门特征指纹的几个地方


common/ArtifactUtils.class




packer.addString("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");




server/ProfileEdits.class




c2profile.addCommand(".http-get.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-post.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-stager.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x86", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x64", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");




common.ListenerConfig




-  result.append("5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*\u0000");+  result.append("123\u0000");




resources/template.x64.ps1、resources/template.x86.ps1




 $eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'+  $eicar = ''




common.ArtifactUtils


已经修改了License.isTrial()返回值为false,所以改不改也没什么影响


 


 


清除cobaltstrike缓存




rm -rf logs data cobaltstrike.store 




 




参考


https://xz.aliyun.com/t/2170


https://www.bilibili.com/video/av34171888/


https://github.com/Lz1y/cobalt_strike_3.12_patch







            

            
posted @ 
2018-10-21 18:29 
ssooking 
阅读(13034) 
评论(4编辑 
收藏 
举报