Статья Hide your CobaltStrike like a PRO! & Bypass Kaspersky End Point Security AV/EDR (PART 2)

[r1z]

There are errors in the script, which can be seen in the author's screenshot.

public class EchoTest {
    public static long checksum8(String text) {
        if (text.length() < 4) {
            return 0L;
        }
        text = text.replace("/", "");
        long sum = 0L;
        for (int x = 0; x < text.length(); x++) {
            sum += text.charAt(x);
        }
        return sum;
    }
    public static void main(String[] args) throws Exception {
        System.out.println(checksum8("xssr1zxssr1zxssr1z.pdf"));
    }
}

TS, if it is not too much trouble for you, please make a correction.

first if your problem with permission denied then you can solve it by running

chmod +x cobaltstrike.jar

make sure the user is belong to who running this, ex: coblaltstrike.jar is belong to root user and your running this from normal user.

also what key your using inside crackjava ?

 

[duda]

With root the error remained, chmod +x also did not help, I think the error in the syntax because I use linux.
For crackslave.java I use
{-13,-114,-77,-47,-93,53,-78,82,-75,-117,-62,-84,-34,-127,-75,66};
for version 4.5

 

[r1z]

With root the error remained, chmod +x also did not help, I think the error in the syntax because I use linux.
For crackslave.java I use
{-13,-114,-77,-47,-93,53,-78,82,-75,-117,-62,-84,-34,-127,-75,66};
for version 4.5

Посмотреть вложение 46803

make sure the cobaltstrike.jar is belong to 4.5, and delete your current cracksleeve.java file and use this one.

 

[duda]

Judging by the fact that java gives help, most likely under linux you need to fix something. javac works without any problems. Version 4.5 exactly.

$ java -version

openjdk version "17.0.5" 2022-10-18

OpenJDK Runtime Environment (build 17.0.5+8-Debian-2)

OpenJDK 64-Bit Server VM (build 17.0.5+8-Debian-2, mixed mode, sharing

 

[r1z]

Посмотреть вложение 46804
Judging by the fact that java gives help, most likely under linux you need to fix something. javac works without any problems. Version 4.5 exactly.

$ java -version

openjdk version "17.0.5" 2022-10-18

OpenJDK Runtime Environment (build 17.0.5+8-Debian-2)

OpenJDK 64-Bit Server VM (build 17.0.5+8-Debian-2, mixed mode, sharing

You need to consider everything with you self before publish your issue, mostly java version will cause problem, i suggest using java 18 or java 1.8 for decompiling.

 

[duda]

You need to consider everything with you self before publish your issue, mostly java version will cause problem, i suggest using java 18 or java 1.8 for decompiling.

 

[duda]

YEAP!!!

The problem was solved and it was in the syntax.

The problem was solved and it was in the syntax.

In place of

java -classpath ./cobaltstrike.jar;.\ CrackSleeve decode

Need

java -classpath ./cobaltstrike.jar:. CrackSleeve decode

 

[r1z]

Посмотреть вложение 46807


YEAP!!!

The problem was solved and it was in the syntax.

The problem was solved and it was in the syntax.

In place of

java -classpath ./cobaltstrike.jar;.\ CrackSleeve decode

Need

java -classpath ./cobaltstrike.jar:. CrackSleeve decode

This is what we call "Experiance".

 

[duda]

after all successful compilations, encountered the following error at startup cobalt strike 4.5
used the following loader https://github.com/Like0x/0xagent

 

[r1z]

Please try to make the folder r1z@xss_cobaltstrike (2)/4.5 without space, and try to compile with java 18.. bombing topics with issue like this it's not cool, you need to learn yourself by trying several ways to fix your problem.. better to bomb topic with no-usefull issues.

 

[molotov477]

Hi there, I know this question might be irrelevant to this since it's pretty basic but I needed help setting up cobalt strike, everytime I run the team server, it asks for the msfdb service to be running since it's missing the database.yml file, I run that service, team server starts up, gives me a host ip and other details, I run the cobalt strike client put in the credentials, but the fingerprint never matches and the client doesnt connect, am I missing something here? I tried running armitage after the teamserver was us, that connects to it but cobalt strike client doesnt, does it have anything to do with the database it needs of msfdb or what am I doing wrong here? Any help would be appreciated fo this.

 

[loftuscheeks]

The tool will be posted after this post, im still shaping the code and make sure it's compatible with debian, ubuntu destro.. so all these featues, modified cobalt strikes version from 4.3 due 4.6 will be in this tool. ( currently only for 4.5 ), but keep tunned as always.. as my first promising in releasing cobaltstrike 4.4, the new cobaltstrike 4.6 will be included in this tool soon, and only XSS community will have this update, and some old friends ofcourse

We will talk now in this topic on how to modify checksum8 for begginners, and modify cobaltstrike URI features manually to have your stagers untracbles and clean from default URI

Now the series time !

Now Let's start to Download Original CobaltStrike 4.5 + 4.4.

https://verify.cobaltststrike.com

Hi. Please what's the password for the zip file?

 

[molotov477]

Hi there, I know this question might be irrelevant to this since it's pretty basic but I needed help setting up cobalt strike, everytime I run the team server, it asks for the msfdb service to be running since it's missing the database.yml file, I run that service, team server starts up, gives me a host ip and other details, I run the cobalt strike client put in the credentials, but the fingerprint never matches and the client doesnt connect, am I missing something here? I tried running armitage after the teamserver was us, that connects to it but cobalt strike client doesnt, does it have anything to do with the database it needs of msfdb or what am I doing wrong here? Any help would be appreciated fo this.

So it took me a while to get things working but managed to do that, now onto the next step, learning how to obfuscate my beacons so they go undetected by the AVs.

 

[llikecooki999]

can u tell me password for zip(r1z@XSS_cobaltstrike.zip) ?

 

[r1z]

can u tell me password for zip(r1z@XSS_cobaltstrike.zip) ?

Pass: r1z@xss.pro

 

[piaf]

it's always a pleasure reading your posts i love it !!!!

 

[Hongkong50]

what is the password for the archive

 

[JinnX93]

Dear r1z! please could you update the links or re-upload files of this article https://xss.pro/threads/68547/page-12#post-553309 ??

Thank you

 

[r1z]

what is the password for the archive

r1z@xss.pro

 

[rotorrr]

Topic not finish yet, today there is an update will be post, keep tunned !

moveaxeax LOL ! i dare all of you if you know how to crack a peace of code in JAVA... today is your day, World Children's Day !

Pernat1y, do you know how cobaltstrike 4.4 got cracked ? or you still digging around how i crack it))? you can write admin or anybody you want, but your so much far of speaking about something you don't have a clue about.

R1Z PLEASE CAN YOU SHARE ME YOUR R1Z.SH SCRIPT I WOULD LOVE TO LEARN, USE, AND BUILD ON IT.