Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vestjoe/cobaltstrike_services
AutoStart teamserver and listeners with services
https://github.com/vestjoe/cobaltstrike_services
Last synced: 21 days ago
JSON representation
AutoStart teamserver and listeners with services
- Host: GitHub
- URL: https://github.com/vestjoe/cobaltstrike_services
- Owner: vestjoe
- Created: 2021-04-26T20:09:35.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-12-23T15:11:34.000Z (almost 3 years ago)
- Last Synced: 2024-02-11T21:19:33.739Z (10 months ago)
- Size: 8.79 KB
- Stars: 66
- Watchers: 4
- Forks: 18
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
- awesome-hacking-lists - vestjoe/cobaltstrike_services - AutoStart teamserver and listeners with services (Others)
README
# Running Cobalt Strike Teamserver as a Service
These scripts can be used as a template to set up teamserver as a service and autostart listeners.
These scripts have been tested on Ubuntu server, and will need to be adjusted based on your use case.
## Changelog
- 23 Dec 2021 (CS 4.5 update)
- Added Max Retry Strategy to script## Steps
- Update the service files to match your environment.
- teamserver.service
- listener.service
- listener_service.cna
- Copy the service files to your teamserver
- /etc/systemd/system/teamserver.service
- /etc/systemd/system/listener.service
- /etc/cobaltstrike/listener_service.cna
- Register the new services
- `systemctl daemon-reload`
- Start the services
- `systemctl start teamserver.service`
- `systemctl start listener.service`
- Test## Teamserver Service
Update the settings to match your environment.
- WorkingDirectory: set to the cobaltstrike directory
- ExecStart: Set with your values```
# teamserver.service
[Unit]
Description=Cobalt Strike Teamserver Service
After=network.target
Wants=network.target[Service]
Type=Simple
WorkingDirectory=/opt/cobaltstrike
ExecStart=/opt/cobaltstrike/teamserver# Example
# ExecStart=/opt/cobaltstrike/teamserver `hostname -I` thisismypassword /opt/cobaltstrike/c2.profile[Install]
WantedBy=multi-user.target```
## Listener Service
Update the settings to match your environment.
- WorkingDirectory: set to the cobaltstrike directory
- ExecStart: Set with your values```
# listener.service
[Unit]
Description=Cobalt Strike aggressor service
After=teamserver.service network.target
Wants=teamserver.service
StartLimitIntervalSec=33[Service]
Restart=on-failure
RestartSec=10
WorkingDirectory=/opt/cobaltstrike
ExecStartPre=/bin/sleep 60
ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050# Example
# ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050 listener_service thisismypassword /opt/cobaltstrike/listener_service.cna[Install]
WantedBy=multi-user.target
```## Headless aggressor script
This must be updated to reflect your environment.
This example aggressor script is used to start an HTTP, HTTPS, and SMB listener with all the needed parameters
What to change?
- HTTP Listener
- Listnername
- host
- althost
- HTTPS Listener
- Listnername
- host
- althost
- SMB Listener
-```
println("
###################################################################
CobaltStrike Aggressor Script
Author: Joe Vest
Description: Headless script to create listeners
###################################################################");println('Loading listener_service.cna...');
on ready{
println('listener_service.cna: Creating HTTP Listener...');
listener_create_ext("HTTP", "windows/beacon_http/reverse_http", %(host => "iheartredteams.com", port => 80, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 80));println('listener_service.cna: Creating HTTPS Listener...');
listener_create_ext("HTTPS", "windows/beacon_https/reverse_https", %(host => "iheartredteams.com", port => 443, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 443));println('listener_service.cna: Creating SMB Listener...');
listener_create_ext("SMB", "windows/beacon_bind_pipe", %(port => "mojo.5887.8051.34782273429370473##"));
sleep(10000);
}
```