# Cobalt Strike脚本使用

在Cobalt Strike中有一个非常实用的功能，就是可以加载各种脚本.

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2F-MEWLwIMlcuSiyjfgcos%2F-MEWNpwwULSc4PkR3ZN_%2Fimage.png?alt=media\&token=1f449b0d-2ac9-43e8-95ce-4ec6c7619e91)

* Load 加载脚本
* Unload 卸载脚本
* Reload 重新加载脚本

## 说一些常用常见的脚本

脚本名称：**elevate.cna**

脚本功能：增加五种提权方式

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F412bfd23584c3ad715141d2e7f8be0090ebbdd94.png?generation=1596200838172890\&alt=media)

脚本名称：**ProcessTree.cna** 

脚本功能：让ps命令可以显示父子关系并显示颜色

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Ff032560a22ce9098e85f4ff1434de074476b59e2.png?generation=1596200841844506\&alt=media)

脚本名称：**CVE-2018-4878.cna**

脚本功能：CVE-2018-4878.cna

脚本名称：**ArtifactPayloadGenerator.cna**

脚本功能：创建多种类型的payload。生成的文件在cs目录下的opt\cobaltstrike\\

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fab003154dde020218f1082e63f213d09be55ea22.png?generation=1596200838560025\&alt=media)

脚本名称：**AVQuery.cna**

脚本功能：查询目标所安装的所有杀软

脚本名称：**CertUtilWebDelivery.cna**

脚本功能：利用CertUtil和rundll32生成会话这个应该都知道了解

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F5f56c8b1e954d07dd559714bb0fa557c8c3cf9e7.png?generation=1596200841373989\&alt=media)

脚本名称：**RedTeamRepo.cna**

脚本功能：就是提示一下常用的渗透命令

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F54cd55dc97792249378b54e37c485dc2fc50da26.png?generation=1596200840807998\&alt=media)

脚本名称：**ProcessColor.cna**

脚本功能：显示带有颜色的进程列表(不同颜色有不同含义)

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fdf465753b9a399a2569fa6b9571cdafc35ee4959.png?generation=1596200840377069\&alt=media)

脚本名称：**EDR.cna**

脚本功能：检查有无终端安全产品

脚本名称：**logvis.cna**

脚本功能：显示Beacon命令日志

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fe5b74f104fb787fbf95f61c22b584b7119b3cf33.png?generation=1596200839786000\&alt=media)

脚本名称：**ProcessMonitor.cna**

脚本功能：记录一段时间内程序启动的情况

脚本名称：**SMBPayloadGenerator.cna**

脚本功能：生成基于SMB的payload

脚本名称：**Persistence/Persistence\_Menu.cna**

脚本功能：持久化控制集合

备注:这个脚本是同目录脚本的一个集合

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F05312ac39ef24a38d0701d7f67c609257b0ae53e.png?generation=1596200840154052\&alt=media)

脚本名称：Eternalblue.cna

脚本功能：ms17-010

<https://gist.github.com/rsmudge/9b54a66744a94f3950cc171254057942>

备注：调用exploit/windows/smb/ms17\_010\_eternalblue

更多:<https://mp.weixin.qq.com/s/CEI1XYkq2PZmYsP0DRU7jg>

个人认位这位老哥整理的已经很全面了，为了方便查看我将里面的一些集合脚本介绍的图片列了出来，在此感谢这位老哥

[https://github.com/harleyQu1nn/AggressorScripts](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong)

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F283b40288f208c2f707421a02c45672070db41a6.png?generation=1596200839746341\&alt=media)

[https://github.com/bluscreenofjeff/AggressorScripts](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong)

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F792dfe161e5e4e2bb31c500631b93c3b7ff0db78.png?generation=1596200841195818\&alt=media)

[https://github.com/michalkoczwara/aggressor\_scripts\_collection](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong)\
![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F6a4bb28eb858957deb4c405cc5c6a231e6abd925.png?generation=1596200838971540\&alt=media)

<https://github.com/vysec/Aggressor-VYSEC>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F89a8a9433ccf05d980030af2ebb9d0625bd3af78.png?generation=1596200839220121\&alt=media)

<https://github.com/killswitch-GUI/CobaltStrike-ToolKit>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fa0bd85f598067b9675171d2f62cbce8cd2ed2f1e.png?generation=1596200840625246\&alt=media)

<https://github.com/ramen0x3f/AggressorScripts>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F3f69443f3a61d3c175d94267c82aad7bc51218cc.png?generation=1596200840064761\&alt=media)

<https://github.com/rasta-mouse/Aggressor-Script>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fdfceba3d32953c38ac5062dcf1918cfa4f144c44.png?generation=1596200841034926\&alt=media)

<https://github.com/Und3rf10w/Aggressor-scripts>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F549e9ca6f30153168c33e2a5a33146119a383c26.png?generation=1596200841595822\&alt=media)

<https://github.com/001SPARTaN/aggressor_scripts>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F3b2b9be76dafa764436be797646bd6f5bf08986f.png?generation=1596200839432908\&alt=media)

<https://github.com/gaudard/scripts/tree/master/red-team/aggressor>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fef000ae562374c0eb990ca07f4b1906c84c31fcd.png?generation=1596200837771438\&alt=media)

<https://github.com/branthale/CobaltStrikeCNA>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Ff1c938e0b545bb3f622b9e2ced0a17cb1a3241be.png?generation=1596200838025213\&alt=media)

* <https://github.com/threatexpress/aggressor-scripts>
* <https://github.com/threatexpress/red-team-scripts>
* <https://github.com/threatexpress/persistence-aggressor-script>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2F16515a675dc43d907f4f247a3cc1fe57b004e071.png?generation=1596200838915530\&alt=media)

<https://github.com/FortyNorthSecurity/AggressorAssessor>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2Fsync%2Fb9905d064259db84a6b87bcd2516ae60bf6812c3.png?generation=1596200838593247\&alt=media)

脚本来源:

* [https://github.com/rsmudge/ElevateKit](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong)
* [https://github.com/vysec/CVE-2018-4878](https://wbglil.gitbook.io/cobalt-strike/cobalt-strikejiao-ben-shi-yong)
* <https://github.com/harleyQu1nn/AggressorScripts>
* <https://github.com/bluscreenofjeff/AggressorScripts>
* <https://github.com/ramen0x3f/AggressorScripts>
* <https://github.com/360-A-Team/CobaltStrike-Toolset>
* <https://github.com/ars3n11/Aggressor-Scripts>
* <https://github.com/michalkoczwara/aggressor_scripts_collection>
* <https://github.com/vysec/Aggressor-VYSEC>
* <https://github.com/killswitch-GUI/CobaltStrike-ToolKit>
* <https://github.com/ZonkSec/persistence-aggressor-script>
* <https://github.com/ramen0x3f/AggressorScripts>
* [https://github.com/rasta-mouse/Aggressor-Script ](https://github.com/rasta-mouse/Aggressor-Script)
* <https://github.com/RhinoSecurityLabs/Aggressor-Scripts>
* <https://github.com/Und3rf10w/Aggressor-scripts>
* <https://github.com/Kevin-Robertson/Inveigh>
* <https://github.com/Genetic-Malware/Ebowla>
* <https://github.com/001SPARTaN/aggressor_scripts>
* <https://github.com/gaudard/scripts/tree/master/red-team/aggressor>
* <https://github.com/branthale/CobaltStrikeCNA>
* <https://github.com/oldb00t/AggressorScripts>
* <https://github.com/p292/Phant0m_cobaltstrike>
* <https://github.com/p292/DDEAutoCS>
* <https://github.com/secgroundzero/CS-Aggressor-Scripts>
* <https://github.com/skyleronken/Aggressor-Scripts>
* <https://github.com/tevora-threat/aggressor-powerview>
* <https://github.com/tevora-threat/PowerView3-Aggressor>
* <https://github.com/threatexpress/aggressor-scripts>
* <https://github.com/threatexpress/red-team-scripts>
* <https://github.com/threatexpress/persistence-aggressor-script>
* <https://github.com/FortyNorthSecurity/AggressorAssessor>
* <https://github.com/mdsecactivebreach/CACTUSTORCH>
* <https://github.com/C0axx/AggressorScripts>
* <https://github.com/offsecginger/AggressorScripts>
* <https://github.com/tomsteele/cs-magik>
* <https://github.com/bitsadmin/nopowershell>
* <https://github.com/SpiderLabs/SharpCompile>
* <https://github.com/SpiderLabs/SharpCompile>
* <https://github.com/realoriginal/reflectivepotato>