CobaltStrike3.13 破解版
- 发表于
- 安全工具
破解记录
关键文件位置
aggressor/dialogs/ListenerDialog.class
common/ArtifactUtils.class
common/License.class
server/ProfileEdits.class
resources/xor.bin
resources/xor64.bin
common.ListenerConfig
resources/template.x64.ps1、resources/template.x86.ps1License
两种破解思路
(1)直接改试用时间
private static long life = 99999L;(2)修改isTrail的判断逻辑
把这里的true改为false
public static boolean isTrial()
{
return true;
}把这两个函数中的内容删掉,启动时可以不显示试用信息
public static void checkLicenseGUI(Authorization auth)
public static void checkLicenseConsole(Authorization auth)去除listener个数限制
去掉这段,去除只能添加一个listener的限制
else if ((Listener.isEgressBeacon(payload)) && (DataUtils.isBeaconDefined(this.datal)) && (!name.equals(DataUtils.getEgressBeaconListener(this.datal))))
{
DialogUtils.showError("You may only define one egress Beacon per team server.\nThere are a few things I need to sort before you can\nput multiple Beacon HTTP/DNS listeners on one server.\nSpin up a new team server and add your listener there.");
}后门特征指纹
存在后门特征指纹的几个地方
common/ArtifactUtils.class
packer.addString("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");server/ProfileEdits.class
c2profile.addCommand(".http-get.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-post.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".http-stager.server", "!header", "X-Malware: X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x86", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
c2profile.addCommand(".stage.transform-x64", "append", "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");common.ListenerConfig
-result.append("5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*\u0000");+result.append("123\u0000");resources/template.x64.ps1、resources/template.x86.ps1
$eicar = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'+$eicar = ''common.ArtifactUtils
已经修改了License.isTrial()返回值为false,所以改不改也没什么影响
清除cobaltstrike缓存
rm -rf logs data cobaltstrike.store CobaltStrike3.13 破解版下载
链接: https://pan.baidu.com/s/14e0tpVPzUhiAhYU2_jvBag 提取码: d9uf
MacOS客户端:
链接: https://pan.baidu.com/s/1h8KwLQ58I-P58tdbz7z3QA 提取码: 8sae
原文连接:CobaltStrike3.13 破解版
所有媒体,可在保留署名、
原文连接的情况下转载,若非则不得使用我方内容。
