惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 【当耐特】
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
博客园_首页
MyScale Blog
MyScale Blog
The Cloudflare Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
美团技术团队
Stack Overflow Blog
Stack Overflow Blog
博客园 - 聂微东
M
MIT News - Artificial intelligence
Microsoft Security Blog
Microsoft Security Blog
F
Full Disclosure
V
V2EX
博客园 - Franky
博客园 - 三生石上(FineUI控件)
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
N
Netflix TechBlog - Medium
S
Secure Thoughts
酷 壳 – CoolShell
酷 壳 – CoolShell
Hacker News: Ask HN
Hacker News: Ask HN
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Martin Fowler
Martin Fowler
PCI Perspectives
PCI Perspectives
S
Security @ Cisco Blogs
Recorded Future
Recorded Future
Help Net Security
Help Net Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
AI
AI
Microsoft Azure Blog
Microsoft Azure Blog
K
Kaspersky official blog
G
GRAHAM CLULEY
H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
Tor Project blog
Cloudbric
Cloudbric
Hacker News - Newest:
Hacker News - Newest: "LLM"
MongoDB | Blog
MongoDB | Blog
GbyAI
GbyAI
T
The Blog of Author Tim Ferriss
Security Latest
Security Latest
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

博客园 - ssooking

cobaltstrike4.0 cracked CobaltStrike3.14破解 MobaXterm v10.9破解 BlackHat Arsenal USA 2018 ToolsWatch黑客工具库 - ssooking Jupyter/JupyterLab安装使用 - ssooking - 博客园 WordPress <= 4.6 命令执行漏洞(PHPMailer)复现分析 linux下pppoe连接管理 SQL注入学习资料总结 Win10添加右键在此处打开命令行 2018铁三测评题write以及一些想送给你们的话 GPG 认识浏览器请求头User-Agent 构建基于Suricata+Splunk的IDS入侵检测系统 iptables转发技术 博客园html测试 60cms Cookies欺骗漏洞审计 CTF线下防御战 — 让你的靶机变成“铜墙铁壁” 攻击流量的清洗 拒绝服务攻击的常见类型
CobaltStrike3.12/13 破解
ssooking · 2018-10-21 · via 博客园 - ssooking

更新3.13破解版

链接: https://pan.baidu.com/s/14e0tpVPzUhiAhYU2_jvBag 提取码: d9uf

MacOS客户端:

链接: https://pan.baidu.com/s/1h8KwLQ58I-P58tdbz7z3QA 提取码: 8sae

一.CobaltStrike3.12下载

校验:https://verify.cobaltstrike.com/

xor.bin:https://github.com/verctor/CS_xor64

github上因为DMCA不能上传了,这里给个网盘链接:

链接:https://pan.baidu.com/s/1n6h2w5j0TCx9GnnC5Z7gZg

提取码:1sxu 

注意:

一开始放的版本CSDN破解时没注意,EICAR指纹没有清除干净,主要存在于这三个文件:

common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1

网盘链接是已经更新的,可以替换cobaltstrike.jar文件。或者自行对此三个文件进行反编译修改。

附一些教程

官方教程中文字幕

YouTube 英文教程

链接:https://pan.baidu.com/s/1_ClGEELSHzXNC6PAEVcUVA 

二.破解记录

关键文件位置

aggressor/dialogs/ListenerDialog.class
common/ArtifactUtils.class
common/License.class
server/ProfileEdits.class
resources/xor.bin
resources/xor64.bin
common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1

License

两种破解思路

(1)直接改试用时间

private static long life = 99999L;

(2)修改isTrail的判断逻辑

把这里的true改为false

public static boolean isTrial()
  {
    return true;
  }

把这两个函数中的内容删掉,启动时可以不显示试用信息

public static void checkLicenseGUI(Authorization auth)
public static void checkLicenseConsole(Authorization auth)

去除listener个数限制

去掉这段,去除只能添加一个listener的限制

 else if ((Listener.isEgressBeacon(payload)) && (DataUtils.isBeaconDefined(this.datal)) && (!name.equals(DataUtils.getEgressBeaconListener(this.datal))))
    {
      DialogUtils.showError("You may only define one egress Beacon per team server.\nThere are a few things I need to sort before you can\nput multiple Beacon HTTP/DNS listeners on one server.\nSpin up a new team server and add your listener there.");
    }

后门特征指纹

存在后门特征指纹的几个地方

common/ArtifactUtils.class

packer.addString("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

server/ProfileEdits.class

c2profile.addCommand(".http-get.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-post.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-stager.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x86", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x64", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");

common.ListenerConfig

-  result.append("5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*\u0000");+  result.append("123\u0000");

resources/template.x64.ps1、resources/template.x86.ps1

 $eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'+  $eicar = ''

common.ArtifactUtils

已经修改了License.isTrial()返回值为false,所以改不改也没什么影响

清除cobaltstrike缓存

rm -rf logs data cobaltstrike.store 

参考

https://xz.aliyun.com/t/2170

https://www.bilibili.com/video/av34171888/

https://github.com/Lz1y/cobalt_strike_3.12_patch

声明:
作者:ssooking  联系邮箱:c3Nvb2tpbmdAeWVhaC5uZXQ=
若无特殊说明,所发博文皆为原创,转载请务必注明出处、保留原文地址。欢迎交流分享!如果您有任何问题,请联系我!