Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

希望可以不解析.cobaltstrike.beacon_keys,直接指定RSA密钥 #208

Closed
yjthrstgeragr opened this issue Oct 16, 2023 · 2 comments
Closed

希望可以不解析.cobaltstrike.beacon_keys,直接指定RSA密钥 #208

yjthrstgeragr opened this issue Oct 16, 2023 · 2 comments

Comments

@yjthrstgeragr
Copy link

二开CS生成的.cobaltstrike.beacon_keys无法被正确解析

使用geacon的BeaconTool解析.cobaltstrike.beacon_keys时返回错误

>java -jar BeaconTool.jar -i .cobaltstrike.beacon_keys -rsa
readObject: .cobaltstrike.beacon_keysfailed and exception is: java.io.InvalidClassException: sleep.runtime.Scalar; local class incompatible: stream classdesc serialVersionUID = -4060987368819590822, local class serialVersionUID = -4850599259538399162
Exception in thread "main" java.lang.NullPointerException
        at com.blackh4t.AsymmetricCrypto.<init>(AsymmetricCrypto.java:19)
        at com.blackh4t.BeaconTool.main(BeaconTool.java:57)

需要修改BeaconTool依赖的sleep库才可以正确解析,CrossC2无法解析.cobaltstrike.beacon_keys可能是相同原因,所以希望可以直接通过RSA密钥生成beacon
@gloxec
Copy link
Owner

gloxec commented Oct 16, 2023

绝大多数的二开cs测试是可正常使用的,上面因jdk打包等导致的问题暂时可以尝试

  1. 二开cs内置的sleep库进行修改
  2. 在生成时使用4.4-src版本./genCrossC2.MacOS-3.1.2 127.0.0.1 443 .cobaltstrike.beacon_keys null Linux x64 a.out upx 4.4-src

后续考虑将加入上述指定rsa的方法

@gloxec
Copy link
Owner

gloxec commented Nov 20, 2023

@GPiiiiii 已添加支持 https://github.com/gloxec/CrossC2/releases/tag/v3.3

@gloxec gloxec closed this as completed Nov 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gloxec @yjthrstgeragr