Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

• All_In_One.cna v1
  • All-purpose script to enhance the user’s experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
  • Thanks to @rsmudge, @enigma0x3, @harmj0y, PowerShell Mafia folks, Nathan Wray, @Und3rFl0w, @oldb00t, bluescreenofjeff for all the help and code snippets.
  • Script must reside in /opt/cobaltstrike/ directory. (Location can be changed inside the script)

All_In_One.cna Dependencies:

Parent Folder/Files: 

    /opt/cobaltstrike/All_In_One.cna

    /opt/cobaltstrike/av_hips_executables.txt 

    /opt/cobaltstrike/logs.py

Sub Folders: 

    /opt/cobaltstrike/scripts/

    /opt/cobaltstrike/Payloads/

    /opt/cobaltstrike/modules/

Elevate Kit (Licensed Users Only)

• ArtifactPayloadGenerator.cna
  • Generates every type of Stageless/Staged Payload based off an HTTP/HTTPS Listener
  • Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads
• AVQuery.cna
  • Queries the Registry with powershell for all AV Installed on the target
  • Quick and easy way to get the AV you are dealing with as an attacker

  

• CertUtilWebDelivery.cna
  • Stageless Web Delivery using CertUtil.exe
  • Powerpick is used to spawn certutil.exe to download the stageless payload on target and execute with rundll32.exe

  

• RedTeamRepo.cna
  • A common collection of OS commands, and Red Team Tips for when you have no Google or RTFM on hand.
  • Script will be updated on occasion, feedback and more inputs are welcomed!

  

Source: https://github.com/harleyQu1nn/