infosecn1nja
/
AggressorScripts
mirror of https://github.com/infosecn1nja/AggressorScripts.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
46 Commits
3 Branches
0 Tags
211 KiB
C# 71%
Python 19%
PowerShell 10%
 
 
 
Go to file
Harley Lebeau 9276c838c2 WMI Event Persistence using Powershell 2017-05-22 15:34:28 -04:00
Persistence WMI Event Persistence using Powershell 2017-05-22 15:34:28 -04:00
All_In_One.cna Update All_In_One.cna 2017-05-20 04:08:18 -04:00
Logger.cna Update Logger.cna 2017-05-20 04:08:35 -04:00
README.md Update README.md 2017-05-10 08:44:49 -04:00
av_hips_executables.txt Add files via upload 2017-04-21 08:22:13 -04:00
logs.py logs.py to collect all CS logs 2017-04-25 15:17:52 -04:00

README.md

Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

  • All_In_One.cna v1

    • All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
    • Thanks to @rsmudge, @enigma0x3, @harmj0y, PowerShell Mafia folks, Nathan Wray, @Und3rFl0w, @oldb00t, bluescreenofjeff for all the help and code snippets.
    • Script must reside in /opt/cobaltstrike/ directory. (Location can be changed inside the script)

All_In_One.cna Dependencies:

Parent Folder/Files: 
    /opt/cobaltstrike/All_In_One.cna
    /opt/cobaltstrike/av_hips_executables.txt 
    /opt/cobaltstrike/logs.py
Sub Folders: 
    /opt/cobaltstrike/scripts/
    /opt/cobaltstrike/Payloads/
    /opt/cobaltstrike/modules/
Elevate Kit (Licensed Users Only)

  • Logger.cna

    • Logging script that captures all the Beacon outputs. Formats the Beacon input line to display timestamps. Use with logs.py to export all the logs for each operator.
    • All logs will be created inside the /opt/cobaltstrike/logs/ directory

    logs logs1

Logger.cna Dependencies:

Parent Folder:
/opt/cobaltstrike/Logger.cna
/opt/cobaltstrike/av_hips_executables.txt
/opt/cobaltstrike/logs.py

  • UserSchtasksPersist.cna

    • User Schtasks Persistence that runs as current user for the selected beacon

    • Meant for quick user level persistence upon initial access

    • Thanks to @noone and bluescreenofjeff for assistance

  • ServiceEXEPersist.cna

    • Admin Level Custom Service EXE Persistence

    • Runs as elevated user/SYSTEM for the selected beacon

  • WMICEventPersist.cna

    • Generates a Custom WMI Event using WMIC for SYSTEM Level persistence on selected beacon

    • Very syntax heavy, Test first before using on live targets

    wmic4

  • RegistryPersist.cna

    • Creates a Custom Registry Key, Value, Type, and Payload Location based on user input for selected beacon

  • logs.py

    • Author: Matthew Merrill @noone

    • Python Script to parse all cobalt input/output logs and export into a HTML document

    • *Still in Beta Stage

    • Syntax: ./logs.py [Teamserver NickName]