cs-magik

module

v0.0.0-...-5b5d160 Latest Latest Go to latest Published: Dec 26, 2018 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tomsteele/cs-magik

Links

Open Source Insights

README ¶

cs-magik

Implements an events channel and job queue using Redis for Cobalt Strike. This is implemented by listening on * events on the teamserver and executing dynamic Sleep using a standard job queue implementation.

.\cs-magik-call.exe -redis-addr=192.168.24.137:6379 -server-id=x "return beacon_commands();"
DEBUG: encoding return beacon_commands();
DEBUG: Encoded job: NmQ4ODlmNGUtM2E3ZS00NDdjLTgyMmMtMTA4NTllM2I1M2Vl|cmV0dXJuIGJlYWNvbl9jb21tYW5kcygpOw==|
DEBUG: polling for result
Result:
{"result":["cancel","runas","psexec_psh","ps","bypassuac","upload","portscan","rportfwd","ls","psinject","ssh","mode dns6","run","download","checkin","dllload","reg","powershell","kerberos_ticket_use","net","elevate","execute-assembly","mkdir","steal_token","socks"
,"powershell-import","mv","winrm","shspawn","spawnto","execute","ppid","exit","make_token","dllinject","getuid","drives","logonpasswords","shell","psexec","covertvpn","rm","mode smb","pwd","shinject","note","link","setenv","powerpick","getsystem","screenshot","getp
rivs","jobkill","kerberos_ticket_purge","runasadmin","spawnu","sleep","wmi","desktop","downloads","kerberos_ccache_use","rev2self","dcsync","wdigest","mode dns","mimikatz","hashdump","cd","ssh-key","pth","jobs","mode http","clear","kill","cp","timestomp","help","sp
awn","keylogger","unlink","spawnas","browserpivot","socks stop","inject","mode dns-txt","runu"],"id":"6d889f4e-3a7e-447c-822c-10859e3b53ee"}

Code Execution

Yep, you can send dynamic sleep code that is executed on the teamserver. Be smart, use authentication, use network filtering, etc on your Redis instance.

But Why?

First, why not? Second, use your imagination, imagine being able to see new beacons coming in and reacting to them on the server-side using an established proxy using Python with impacket, could be cool?

Up and Running

Copy jar_files to /opt and change permissions accordingly. Then on the servers-side set the following environment variables:

REDIS_URL
TEAMSERVER_ID

Run either the queue.cna or events.cna using agscript. You can now subscribe to events:$teamserver_id for events. See cmd/cs-magik-call/main.go for an example of how to use the job queue.

Directories ¶

Path	Synopsis
cmd
cs-magik-call

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL