Category: security
[VIDEO]Mimikatz how to bypass defender e grab plaintext password in Windows 10
[VIDEO]Abuse TS session With Mimikatz
[VIDEO] Bypass AMSI and Autologging with and without admin right W10
Thanks to
SpecterOps:@SpecterOps
Matt Graeber: @mattifestation
Will Schroeder: @harmj0y
[VIDEO]Install BloodHound Kali 2017.2
Building a Collaborative Attack Platform with Amazon EC2 – Part 2: Armitage
Part 2 – Prepare the Armitage Teamserver
Hello All,
how are you?
Let’s go start to prepare the armitage teamserver…What’s? Armitage is to old? You don’t like hacking via GUI?
Is Armitage only a metasploit GUI ? Are you sure? In my idea, Armitage is the way for create a collaborative metasploit platform for starting pentesting e redteaming operation sharing the shells gained via some type of attack…(server side exploits, client side exploits, malware, now this is not very interesting…) If you don’t like this approach…no problem, see you later for the next article: “EC2 collaboration in Empire”, instead, for those who are interested, let’s start:
We can use the Kali EC2 machine created in part 1a, if you don’t have built the machine, you can watch the video now.
After logon via SSH to your EC2 machine, you must change directory and go to armitage root directory
sudo /bin/bash cd /usr/share/armitageroot@kali:/usr/share/armitage# ./teamserver [*] You must provide: <external IP address> <team password> <external IP address> must be reachable by Armitage clients on port 55553 <team password> is a shared password your team uses to authenticate to the Armitage team server
Now we can start the teamserver with the public IP address of our EC2 machine and one password for securing the connection:
./teamserver 54.154.119.193 Passw0rd
In this case we get an error because the database is not initialized, you can initialize the DB with:
msfdb init
After initializing the DB I can try to start my teamserver again:
./teamserver 54.154.119.193 Passw0rd
wonderful, it’s working, now let’s go to start the armitage client, for do this I’m using another kali machine, but in this case is a local machine, the steps are pretty similar to the previous:
cd /usr/share/armitage
./armitage
The server send you the fingerprinting, if they match you can press yes
and you can choose your nickname…
and voilà, the armitage console is ready for your operation.
For now is all.
Happy hacking and stay tuned
Video: Building a Collaborative Attack Platform with Amazon EC2 – Part 1: CobaltStrike
Building a Collaborative Attack Platform with Amazon EC2 – Part 1b: CobaltStrike
Part 1b – Prepare the CobalStrike Teamserver
Hello all,
today we’re going to install CobaltStrike Teamserver on our previously installed EC2 Kali machine, after this step, all our team members can connect to it and we can share all compromised machines, remember, as already mentioned in the previous article, in real world operation, normally we have several teamserver machines.
For the installation of CobaltStrike Team Server on EC2 linux machine we can start watching the good video of Raphael Mudge @armitagehacker
At this point I can stop writing my article… 🙂
Raphael’s clip is still very good,but it’s based on an old version of CobaltStrike, so (I’m sorry for you) you’ll have to keep reading my article…
The first step is to get the link to download the tar file, for do this we can go at the URL : https://www.cobaltstrike.com/download
Then click on Accept and after on Linux(.tgz), now if you right click on “Download COBALT STRIKE now!” and choose Copy link address (something like https://www.cobaltstrike.com/downloads/81212b015cd9ae028a769c76a38110e3/cobaltstrike-trial.tgz), At this point we are ready to download the installer on our EC2 machine without GUI.
Log on to your kali machine with your favorite ssh client,
Prior to download the file,I usually prefer to create a folder where I put all my installers,then let’s try to install CobaltStrike in a linux shell :
sudo /bin/bash
mkdir /CobaltStrike
mkdir /CobaltStrike/Install
cd /CobaltStrike/Install
wget (paste the URL here with shift+ins) https://www.cobaltstrike.com/downloads/81212b015cd9ae028a769c76a38110e3/cobaltstrike-trial.tgz
tar zxvf cobaltstrike-trial.tgz
mv cobaltstrike ../
cd ../cobaltstrike
Now you must verify if the java version is the correct one:
java -version
javac -version
If so, you can start the teamserver now, otherwise you must upgrade java, depending on the type of virtual machine that you have installed (I talk about recent kali linux machine, but your machine can be different) you can upgrade java in different ways, you can watch this interesting article : http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
these are the recommended commands for debian:
su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer
exit
if you want to set Oracle Java 8 as default:
sudo apt-get install oracle-java8-set-defaultanother way to install java can be:
sudo update-java-alternatives -s java-8-oracle
Remember : It’s not recommended to use OpenJDK in combination with Cobalt Strike on Kali Linux Rolling.
Now we just have to start the teamserver:
./teamserver XX.XX.XX.XX somepassword
where XX.XX.XX.XX is the IP address of your EC2 instance (external IP, do not use ifconfig)
and somepassword is the password that the team will use to join the teamserver
Now we can connect to this teamserver with the cobaltstrike client.
If you don’t have, no problem, now I will tell you how to do:
For client installation, you simply need to extract the same file downloaded for the teamserver and run ./cobaltstrike
You can fill the field with your IP, port, your username and the password used for starting the teamserver
For demo purpose we can use a trial license, but this license is not enought per the real world, because, as Raphael says : The Cobalt Strike 3.0 trial is the full Cobalt Strike product with one [significant] difference. The Cobalt Strike 3.0 trial inserts several “tells” to get caught by standard security products. This change is made possible by Cobalt Strike’s flexibility to change its indicators and artifacts.
If you have a valid commercial license you can just run the ./update command in your teamserver and put your code onto the consolle.
It is not recommended to install a mixed client/server environment with a trial and commercial license,so, go ahead with only one.
Tips : if you want the session persists after closing the ssh terminal , you must use the “screen” command prior to start the teamserver.
For more info : https://www.cobaltstrike.com/help-install
The full CobaltStrike manual is at https://www.cobaltstrike.com/downloads/csmanual36.pdf
For now is all.
Happy hacking and stay tuned
If you missed the first part: http://s0ftwargs.com/blog/2017/01/19/building-a-colla…mazon-ec2-part-1/
Building a Collaborative Attack Platform with Amazon EC2 – Part 1a: CobaltStrike
Part 1a – Prepare the PenTest Machine
For real Red Team Operation we need a complex cloud Infrastructure, in real world the Teamserver machine can have various roles or tier, but this is beyond the scope of this article, for more information you can watch the video of Raphael Mudge @armitagehacker at https://www.youtube.com/watch?v=3gBJOJb8Oi0.
In this three videos we’ll try to build a simple EC2 machine with installed Armitage Teamserver and CobaltStrike teamserver which we will use as needed.
Let’s start
- In real world scenario the Red Team use a business contract and various machines with meticulous capacity analysis for CPU, RAM, HD and network bandwidth, for demo purpose, we’ll use only one Micro Tier machine eligible for free usage tier.
In real world scenarios the EC2 platform is a very clever choice for its scalability, for its bandwidth, because is on-demand and with reasonable costs. We must also consider that the real attackers will use a solution like this, so if we want to emulate the behavior of an attacker we will, in our turn, use cloud platforms. Even the functionality of teamserver usable thanks to the cloud from anywhere, are a convenience for the whole team.
The first step is to create an account on http://aws.amazon.com
This is not an article for script kiddies, we will use one of our real e-mail address and our real credit card number. (If you already have, you can use your Amazon Ec2 account)
We can choose from any VM linux, but for our job I would choose a Kali VM .
After create the new account (or after log in with your existing account) click on AWS services and click on EC2
Now choose instances and Launch instance
If you want to create a Kali Machine, you can’t choose quick start, you must choose AWS Marketplace
and write “kali” in the search field.
Click on select
Now we can choose the machine type, if you want to take advantage of a free tier machine, you must select t2.micro machine, choose the machine and then click Review and Launch, now we can create a new security group, and ssh is the default opened port, but for red teaming operation we need more ports to be opened, if you’d like,you could open all ports (All traffic – all protocol – all port range – all source, not reccomended in production environment ) or only few ports (for example http80, https443, dns53 and TCP 55553 for Armitage Deconfliction Server), for demo purpose we open “any-any-any-permit”
now click on Review and Launch (and the launch, if necessary), at this point,if you already have a key pair,you can just use it,otherwise you can create a new one (it’s very important to save and backup your key pair, if you loose the key, you can’t log on again on your instance)
flag the acknowledgement and then click launch instance
if you click on the instance id you can view your instance list and you can manage y our instance
If you want you can get a new name for your instance or edit the zone where put your instance, for this demo, this details can’t be relevant.
Before installing CobaltStrike you can log on your kali machine with any ssh client, if you are using windows you can download putty.
If your ssh client use .ppk key, you need to convert the .pem certificate, you can follow the official AWS guide at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html
The hostname is something like that : ec2-user@ec2-00-00-00-00.eu-west-1.compute.amazonaws.com where 00-00-00-00 is your real IP. Now you can update and upgrade you linux box with :
sudo apt-get update && sudo apt-get upgrade
For today is all.
watch part 1b – Prepare the CobalStrike teamserver
The video
Part 2 – Build Armitage Teamserver – coming soon
One of my older videos
The full article, in italian, at URL: http://www.overneteducation.it/CommunityContent.aspx?c=74cf7de3-cb9d-4141-989a-4d967dd5a7f1
This video dates back to 2012 🙂
You must be logged in to post a comment.