Cobaltstrike系列教程(十)安装扩展

0x000-前文

有技术交流或渗透测试培训需求的朋友欢迎联系QQ/VX-547006660，需要代码审计、渗透测试、红蓝对抗网络安全相关业务可以咨询我

2000人网络安全交流群，欢迎大佬们来玩
群号820783253

0x001-扩展的加载

扩展是Cobaltstrike一个极为重要的模块，它有效地丰盈了cobaltstrike的功能
选择菜单栏的CobaltStrike–>脚本管理器，点击load，然后选择cna扩展文件即可，旁边的unload为去除该扩展，，reload为重新加载该扩展

0x002-个人常用扩展

本人在此放出几个自己常用的扩展，老哥们可以回复下载

0x003-其他扩展汇总(来自WBG老哥)

脚本名称：elevate.cna
脚本功能：增加五种提权方式

脚本名称：ProcessTree.cna
脚本功能：让ps命令可以显示父子关系并显示颜色

脚本名称：CVE-2018-4878.cna
脚本功能：CVE-2018-4878.cna

脚本名称：ArtifactPayloadGenerator.cna
脚本功能：创建多种类型的payload。生成的文件在cs目录下的opt\cobaltstrike

脚本名称：AVQuery.cna
脚本功能：查询目标所安装的所有杀软

脚本名称：CertUtilWebDelivery.cna
脚本功能：利用CertUtil和rundll32生成会话这个应该都知道了解

脚本名称：RedTeamRepo.cna
脚本功能：就是提示一下常用的渗透命令

脚本名称：ProcessColor.cna
脚本功能：显示带有颜色的进程列表(不同颜色有不同含义)

脚本名称：EDR.cna
脚本功能：检查有无终端安全产品

脚本名称：logvis.cna
脚本功能：显示Beacon命令日志

脚本名称：ProcessMonitor.cna
脚本功能：记录一段时间内程序启动的情况

脚本名称：SMBPayloadGenerator.cna
脚本功能：生成基于SMB的payload

脚本名称：Persistence/Persistence_Menu.cna
脚本功能：持久化控制集合
备注:这个脚本是同目录脚本的一个集合

脚本名称：Eternalblue.cna 脚本功能：ms17-010
https://gist.github.com/rsmudge/9b54a66744a94f3950cc171254057942
备注：调用exploit/windows/smb/ms17_010_eternalblue

更多:https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg
个人认位这位老哥整理的已经很全面了，为了方便查看我将里面的一些集合脚本介绍图片列了出来。

https://github.com/harleyQu1nn/AggressorScripts

https://github.com/bluscreenofjeff/AggressorScripts

https://github.com/michalkoczwara/aggressor_scripts_collection

https://github.com/vysec/Aggressor-VYSEC

https://github.com/killswitch-GUI/CobaltStrike-ToolKit

https://github.com/ramen0x3f/AggressorScripts

https://github.com/rasta-mouse/Aggressor-Script

https://github.com/Und3rf10w/Aggressor-scripts

https://github.com/001SPARTaN/aggressor_scripts

https://github.com/gaudard/scripts/tree/master/red-team/aggressor
https://github.com/branthale/CobaltStrikeCNA
https://github.com/threatexpress/aggressor-scripts https://github.com/threatexpress/red-team-scripts https://github.com/threatexpress/persistence-aggressor-script

https://github.com/FortyNorthSecurity/AggressorAssessor

脚本来源:

https://github.com/rsmudge/ElevateKit
https://github.com/vysec/CVE-2018-4878 https://github.com/harleyQu1nn/AggressorScripts https://github.com/bluscreenofjeff/AggressorScripts https://github.com/ramen0x3f/AggressorScripts
https://github.com/360-A-Team/CobaltStrike-Toolset https://github.com/ars3n11/Aggressor-Scripts https://github.com/michalkoczwara/aggressor_scripts_collection https://github.com/vysec/Aggressor-VYSEC
https://github.com/killswitch-GUI/CobaltStrike-ToolKit https://github.com/ZonkSec/persistence-aggressor-script https://github.com/ramen0x3f/AggressorScripts
https://github.com/rasta-mouse/Aggressor-Script https://github.com/RhinoSecurityLabs/Aggressor-Scripts https://github.com/Und3rf10w/Aggressor-scripts
https://github.com/Kevin-Robertson/Inveigh
https://github.com/Genetic-Malware/Ebowla https://github.com/001SPARTaN/aggressor_scripts https://github.com/gaudard/scripts/tree/master/red-team/aggressor https://github.com/branthale/CobaltStrikeCNA https://github.com/oldb00t/AggressorScripts https://github.com/p292/Phant0m_cobaltstrike https://github.com/p292/DDEAutoCS https://github.com/secgroundzero/CS-Aggressor-Scripts https://github.com/skyleronken/Aggressor-Scripts https://github.com/tevora-threat/aggressor-powerview https://github.com/tevora-threat/PowerView3-Aggressor https://github.com/threatexpress/aggressor-scripts https://github.com/threatexpress/red-team-scripts
https://github.com/threatexpress/persistence-aggressor-script https://github.com/FortyNorthSecurity/AggressorAssessor https://github.com/mdsecactivebreach/CACTUSTORCH https://github.com/C0axx/AggressorScripts https://github.com/offsecginger/AggressorScripts https://github.com/tomsteele/cs-magik https://github.com/bitsadmin/nopowershell https://github.com/SpiderLabs/SharpCompile https://github.com/SpiderLabs/SharpCompile https://github.com/realoriginal/reflectivepotato
还有很多很多我就不列出来了太麻烦了。

0x004-下载
本人常用扩展
链接：https://pan.baidu.com/s/19xoyAOfhsdnhx5CPoJEa-w
提取码：byx2