- Автор темы
- Добавить закладку
- #101
also, did you vote in contest ? https://xss.pro/threads/69761/
you have rights to vote for 3 participates there, dont miss that.
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Статья Hide your CobaltStrike like a PRO! & Bypass Kaspersky End Point Security AV/EDR (PART 2)
- Автор темы r1z
- Дата начала
you have rights to vote for 3 participates there, dont miss that.
I'll vote for you now! Please read my last question.
Anyone can help me. It feels like it's just a little bit closer to being ready to run
- Автор темы
- Добавить закладку
- #104
You dont need to put the auth file there, you need to put the key in cracksleeve and decrypt the files.
- Автор темы
- Добавить закладку
- #106
No, only put one key.
check the keys in article, don't read blindy.
here you go.
./r1z
Код:
import common.*;
import dns.SleeveSecurity;
import java.io.*;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
public class CrackSleeve {
private static byte[] OriginKey = {58, 68, 37, 73, 15, 56, -102, -18, -61, 18, -67, -41, 88, -83, 43, -103};
private static byte[] CustomizeKey = null;
private String DecDir = "Resource/Decode/sleeve";
private String EncDir = "Resource/Encode/sleeve";
public static void main(String[] args) throws IOException {
if (args.length == 0 || args[0].equals("-h") || args[0].equals("--help")) {
System.out.println("UseAge: CrackSleeve OPTION [key]");
System.out.println("Options:");
System.out.println("\tdecode\t\tDecode sleeve files");
System.out.println("\tencode\t\tEncode sleeve files");
System.out.println("\tkey\t\tCustomize key string for encode sleeve files");
System.exit(0);
}
String option = args[0];
// if (option.toLowerCase().equals("encode"))
// {
// if (args.length <= 1){
// System.out.println("[-] Please enter key.");
// System.exit(0);
// }
// String CustomizeKeyStr = args[1];
// if (CustomizeKeyStr.length() < 16)
// {
// System.out.println("[-] key length must be 16.");
// System.exit(0);
// }
// System.out.println("Init Key: "+CustomizeKeyStr.substring(0,16));
// CustomizeKey = CustomizeKeyStr.substring(0,16).getBytes();
// }
CrackSleeve Cracker = new CrackSleeve();
// 使用正版key初始化SleeveSecurity中的key
if (option.equals("decode")){
CrackSleevedResource.Setup(OriginKey);
Cracker.DecodeFile();
}else if (option.equals("encode")){
CrackSleevedResource.Setup(CustomizeKey);
Cracker.EncodeFile();
}
}
private void DecodeFile() throws IOException {
File saveDir = new File(this.DecDir);
if (!saveDir.isDirectory())
saveDir.mkdirs();
try {
String path = this.getClass().getClassLoader().getResource("sleeve").getPath();
String jarPath = path.substring(5,path.indexOf("!/"));
Enumeration<JarEntry> jarEnum = new JarFile(new File(jarPath)).entries();
while (jarEnum.hasMoreElements())
{
JarEntry Element = jarEnum.nextElement();
String FileName = Element.getName();
if (FileName.indexOf("sleeve")>=0 && !FileName.equals("sleeve/")) {
System.out.print("[+] Decoding "+FileName+"......");
byte[] decBytes = CrackSleevedResource.DecodeResource(FileName);
if (decBytes.length > 0) {
System.out.println("Done.");
CommonUtils.writeToFile(new File(saveDir,"../"+FileName),decBytes);
}
else
System.out.println("Fail.");
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
private void EncodeFile(){
// 文件保存目录
File saveDir = new File(this.EncDir);
if (!saveDir.isDirectory())
saveDir.mkdirs();
File decDir = new File(this.DecDir);
File[] decFiles = decDir.listFiles();
if (decFiles.length == 0) {
System.out.println("[-] There's no file to encode, please decode first.");
System.exit(0);
}
for (File file : decFiles){
String filename = decDir.getPath()+"/"+file.getName();
System.out.print("[+] Encoding " + file.getName() + "......");
byte[] encBytes = CrackSleevedResource.EncodeResource(filename);
if (encBytes.length > 0) {
System.out.println("Done.");
CommonUtils.writeToFile(new File(saveDir,file.getName()),encBytes);
}
else
System.out.println("Fail.");
}
}
}
class CrackSleevedResource{
private static CrackSleevedResource singleton;
private SleeveSecurity data = new SleeveSecurity();
public static void Setup(byte[] paramArrayOfbyte) {
//singleton = new CrackSleevedResource(paramArrayOfbyte);
singleton = new CrackSleevedResource(CommonUtils.readResource("resources/cobaltstrike.auth"));
}
public static byte[] DecodeResource(String paramString) {
return singleton._DecodeResource(paramString);
}
public static byte[] EncodeResource(String paramString) {
return singleton._EncodeResource(paramString);
}
private CrackSleevedResource(byte[] paramArrayOfbyte) {
this.data.registerKey(paramArrayOfbyte);
}
private byte[] _DecodeResource(String paramString) {
byte[] arrayOfByte1 = CommonUtils.readResource(paramString);
if (arrayOfByte1.length > 0) {
long l = System.currentTimeMillis();
return this.data.decrypt(arrayOfByte1);
}
byte[] arrayOfByte2 = CommonUtils.readResource(paramString);
if (arrayOfByte2.length == 0) {
CommonUtils.print_error("Could not find sleeved resource: " + paramString + " [ERROR]");
} else {
CommonUtils.print_stat("Used internal resource: " + paramString);
}
return arrayOfByte2;
}
private byte[] _EncodeResource(String paramString){
try {
File fileResource = new File(paramString);
InputStream fileStream = new FileInputStream(fileResource);
if (fileStream != null)
{
byte[] fileBytes = CommonUtils.readAll(fileStream);
if (fileBytes.length > 0)
{
byte[] fileEncBytes = this.data.encrypt(fileBytes);
return fileEncBytes;
}
}
} catch (FileNotFoundException e) {
e.printStackTrace();
}
return null;
}
}check the keys in article, don't read blindy.
Код:
//private static byte[] OriginKey40 = {27, -27, -66, 82, -58, 37, 92, 51, 85, -114, -118, 28, -74, 103, -53, 6 };
//private static byte[] OriginKey4.1 = {-128, -29, 42, 116, 32, 96, -72, -124, 65, -101, -96, -63, 113, -55, -86, 118 };
//private static byte[] OriginKey4.2 = {-78, 13, 72, 122, -35, -44, 113, 52, 24, -14, -43, -93, -82, 2, -89, -96};
//private static byte[] OriginKey4.3 = {58, 68, 37, 73, 15, 56, -102, -18, -61, 18, -67, -41, 88, -83, 43, -103};
//private static byte[] OriginKey4.4 = {94, -104, 25, 74, 1, -58, -76, -113, -91, -126, -90, -87, -4, -69, -110, -42}
//private static byte[] OriginKey4.5 = {-13,-114,-77,-47,-93,53,-78,82,-75,-117,-62,-84,-34,-127,-75,66};
Код:
4.0 1be5be52c6255c33558e8a1cb667cb06
4.1 80e32a742060b884419ba0c171c9aa76
4.2 b20d487addd4713418f2d5a3ae02a7a0
4.3 3a4425490f389aeec312bdd758ad2b99
4.4 5e98194a01c6b48fa582a6a9fcbb92d6
4.5 f38eb3d1a335b252b58bc2acde81b542here you go.
./r1z
{58, 68, 37, 73, 15, 56, -102, -18, -61, 18, -67, -41, 88, -83, 43, -103};
This is the 4.3 key, right? I'm cracking 4.5, so I'll just replace it with the {-13,-114,-77,-47,-93,53,-78,82,-75,-117,-62,-84,-34,-127,-75,66} , right?
Also, you did the decryption part before the encryption in your article, do I have to follow your steps exactly?
Also, you did the decryption part before the encryption in your article, do I have to follow your steps exactly?
- Автор темы
- Добавить закладку
- #109
If you want modify the beacon64.dll then don't follow, just start from cracksleeve.
if you want modify files in cobaltstrike then yes, follow.
gn.
if you want modify files in cobaltstrike then yes, follow.
gn.
Ok, I'll try again, thank you! If my test is successful, I hope I can repay you by paying
Hello, I followed the script you gave me to complete the first part of the decryption, but when I continue to operate the encryption, there is still an error, this is the error message and command, I cracked cobaltstrike4.5, please answer again!
- Автор темы
- Добавить закладку
- #112
What you have in this folder ? (Cracksleeve).. show me files.
- Автор темы
- Добавить закладку
- #114
Hi,
The problem here is that you mention first post that you want to crack cobaltstrike 4.3, and now you say you want to crack cobaltstrike 4.5 ?!!
The error above is clear and simple to understand that the key is incorrect.
Make sure the JAR file of cobaltstrike is the correct/matched version of the key your using in CrackSleeve.
I provide you key for cobaltstrike 4.3 as you were looking to modifiy it, i also provide you all the keys from 4.0 to 4.5, you can change them and also make sure to change the jar file as per your key.
This topic posted for the contest, no need to pay).
The problem here is that you mention first post that you want to crack cobaltstrike 4.3, and now you say you want to crack cobaltstrike 4.5 ?!!
The error above is clear and simple to understand that the key is incorrect.
Make sure the JAR file of cobaltstrike is the correct/matched version of the key your using in CrackSleeve.
I provide you key for cobaltstrike 4.3 as you were looking to modifiy it, i also provide you all the keys from 4.0 to 4.5, you can change them and also make sure to change the jar file as per your key.
This topic posted for the contest, no need to pay).
Последнее редактирование:
Nice bro
No bro, I've been cracking cobaltstrike 4.5 since the beginning, never cracked cobaltstrike 4.3.... .LOL
And I'm using the 4.5 key you provided to operate
Hi,
I tried to build the project after finishing modification of the files Webserver / CommonUtils but when I get the new artifact in the output folder I checked it and the modifications are not done, the files are the same as the original cobalstrike.jar . I don't know what I'm doing wrong.
Here I tried both Build Project and Build Artifacts
Thanks for the guide, very helpful.
I tried to build the project after finishing modification of the files Webserver / CommonUtils but when I get the new artifact in the output folder I checked it and the modifications are not done, the files are the same as the original cobalstrike.jar . I don't know what I'm doing wrong.
Here I tried both Build Project and Build Artifacts
Thanks for the guide, very helpful.
- Автор темы
- Добавить закладку
- #118
No I'm trying with 4.5 currently
Бро запиши уже 1 раз видео им быстрое минут на 10 а то тебя так и будут дрочить )