Cobalt Strike脚本使用

在Cobalt Strike中有一个非常实用的功能，就是可以加载各种脚本.

• Load 加载脚本

• Unload 卸载脚本

• Reload 重新加载脚本

说一些常用常见的脚本

脚本名称：elevate.cna

脚本功能：增加五种提权方式

脚本名称：ProcessTree.cna

脚本功能：让ps命令可以显示父子关系并显示颜色

脚本名称：CVE-2018-4878.cna

脚本功能：CVE-2018-4878.cna

脚本名称：ArtifactPayloadGenerator.cna

脚本功能：创建多种类型的payload。生成的文件在cs目录下的opt\cobaltstrike\

脚本名称：AVQuery.cna

脚本功能：查询目标所安装的所有杀软

脚本名称：CertUtilWebDelivery.cna

脚本功能：利用CertUtil和rundll32生成会话这个应该都知道了解

脚本名称：RedTeamRepo.cna

脚本功能：就是提示一下常用的渗透命令

脚本名称：ProcessColor.cna

脚本功能：显示带有颜色的进程列表(不同颜色有不同含义)

脚本名称：EDR.cna

脚本功能：检查有无终端安全产品

脚本名称：logvis.cna

脚本功能：显示Beacon命令日志

脚本名称：ProcessMonitor.cna

脚本功能：记录一段时间内程序启动的情况

脚本名称：SMBPayloadGenerator.cna

脚本功能：生成基于SMB的payload

脚本名称：Persistence/Persistence_Menu.cna

脚本功能：持久化控制集合

备注:这个脚本是同目录脚本的一个集合

脚本名称：Eternalblue.cna

脚本功能：ms17-010

​https://gist.github.com/rsmudge/9b54a66744a94f3950cc171254057942​

备注：调用exploit/windows/smb/ms17_010_eternalblue

更多:https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg​

个人认位这位老哥整理的已经很全面了，为了方便查看我将里面的一些集合脚本介绍的图片列了出来，在此感谢这位老哥

​https://github.com/harleyQu1nn/AggressorScripts​

​https://github.com/bluscreenofjeff/AggressorScripts​

​https://github.com/michalkoczwara/aggressor_scripts_collection ​

​https://github.com/vysec/Aggressor-VYSEC​

​https://github.com/killswitch-GUI/CobaltStrike-ToolKit​

​https://github.com/ramen0x3f/AggressorScripts​

​https://github.com/rasta-mouse/Aggressor-Script​

​https://github.com/Und3rf10w/Aggressor-scripts​

​https://github.com/001SPARTaN/aggressor_scripts​

​https://github.com/gaudard/scripts/tree/master/red-team/aggressor​

​https://github.com/branthale/CobaltStrikeCNA​

• ​https://github.com/threatexpress/aggressor-scripts​
• ​https://github.com/threatexpress/red-team-scripts​
• ​https://github.com/threatexpress/persistence-aggressor-script​

​https://github.com/FortyNorthSecurity/AggressorAssessor​

脚本来源:

• ​https://github.com/rsmudge/ElevateKit​
• ​https://github.com/vysec/CVE-2018-4878​
• ​https://github.com/harleyQu1nn/AggressorScripts​
• ​https://github.com/bluscreenofjeff/AggressorScripts​
• ​https://github.com/ramen0x3f/AggressorScripts​
• ​https://github.com/360-A-Team/CobaltStrike-Toolset​
• ​https://github.com/ars3n11/Aggressor-Scripts​
• ​https://github.com/michalkoczwara/aggressor_scripts_collection​
• ​https://github.com/vysec/Aggressor-VYSEC​
• ​https://github.com/killswitch-GUI/CobaltStrike-ToolKit​
• ​https://github.com/ZonkSec/persistence-aggressor-script​
• ​https://github.com/ramen0x3f/AggressorScripts​
• ​https://github.com/rasta-mouse/Aggressor-Script ​
• ​https://github.com/RhinoSecurityLabs/Aggressor-Scripts​
• ​https://github.com/Und3rf10w/Aggressor-scripts​
• ​https://github.com/Kevin-Robertson/Inveigh​
• ​https://github.com/Genetic-Malware/Ebowla​
• ​https://github.com/001SPARTaN/aggressor_scripts​
• ​https://github.com/gaudard/scripts/tree/master/red-team/aggressor​
• ​https://github.com/branthale/CobaltStrikeCNA​
• ​https://github.com/oldb00t/AggressorScripts​
• ​https://github.com/p292/Phant0m_cobaltstrike​
• ​https://github.com/p292/DDEAutoCS​
• ​https://github.com/secgroundzero/CS-Aggressor-Scripts​
• ​https://github.com/skyleronken/Aggressor-Scripts​
• ​https://github.com/tevora-threat/aggressor-powerview​
• ​https://github.com/tevora-threat/PowerView3-Aggressor​
• ​https://github.com/threatexpress/aggressor-scripts​
• ​https://github.com/threatexpress/red-team-scripts​
• ​https://github.com/threatexpress/persistence-aggressor-script​
• ​https://github.com/FortyNorthSecurity/AggressorAssessor​
• ​https://github.com/mdsecactivebreach/CACTUSTORCH​
• ​https://github.com/C0axx/AggressorScripts​
• ​https://github.com/offsecginger/AggressorScripts​
• ​https://github.com/tomsteele/cs-magik​
• ​https://github.com/bitsadmin/nopowershell​
• ​https://github.com/SpiderLabs/SharpCompile​
• ​https://github.com/SpiderLabs/SharpCompile​
• ​https://github.com/realoriginal/reflectivepotato​