Skip to content
/ Rust_Beacon Public

使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon

License

MIT license
113 stars 22 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fdx-xdf/Rust_Beacon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
images
images
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 
dump_key.py
dump_key.py
 
 

Repository files navigation

Rust-Beacon 🚀

使用 Rust 实现的 CobaltStrike 的 beacon。

本项目仅供学习协议分析和逆向工程使用,如有侵犯他人权益,请联系我删除该项目,请勿非法使用。

This project is implemented in Rust for CobaltStrike's beacon. It is intended for educational purposes only, such as protocol analysis and reverse engineering. If this project infringes on any rights, please contact me to remove it. Do not use it illegally.

Features ✨

目前实现了以下功能:

  • http/https 通信
  • 命令执行
  • 文件管理
  • 进程管理
  • 进程注入/迁移(支持自注入选项)
  • 令牌伪造/提权
  • CS 原生 hashdump
  • BOF 内存加载

部分功能可能存在 bug,欢迎提交 issue 进行反馈。

Currently implemented features:

  • HTTP/HTTPS communication
  • Command execution
  • File management
  • Process management
  • Process injection/migration (supports self-injection)
  • Token impersonation/privilege escalation
  • Native CS hashdump
  • BOF memory loading

Some features may have bugs. Feel free to submit issues for feedback.

环境要求 🔧

  • Rust 工具链 (推荐使用 nightly-x86_64-pc-windows-gnu)
  • Python 3.x (用于密钥提取)
  • CobaltStrike 4.x

Environment Requirements:

  • Rust toolchain (recommended: nightly-x86_64-pc-windows-gnu)
  • Python 3.x (for key extraction)
  • CobaltStrike 4.x

Usage 🛠️

Step 1

首先找到你的 .cobaltstrike.beacon_keys 文件,和项目中的 dump_key.py 放到同一目录下,运行命令:

First, locate your .cobaltstrike.beacon_keys file and place it in the same directory as dump_key.py. Run the command:

python dump_key.py

image-20241018145017907

将得到的 public key 放到 src/config/mod.rs 处即可

Place the obtained public key in src/config/mod.rs.

image-20241018145236841

Step 2

src/config/mod.rs处填写自定义内容,如server端 ip,端口等

Fill in custom content in src/config/mod.rs, such as server IP, port, etc.

Step 3

编译项目

Compile the project:

cargo build --release

测试时工具链使用的是nightly-x86_64-pc-windows-gnu

The toolchain used for testing is nightly-x86_64-pc-windows-gnu.

ToDo 📋

  • 内存加载 PowerShell/C#

  • 完善 job 功能

  • DNS 类型 Beacon 适配

  • 更丰富的 profile 内容适配

  • Memory loading for PowerShell/C#

  • Improve job functionality

  • Adaptation for DNS type Beacon

  • More comprehensive profile content adaptation

Reference 📚

感谢以下项目和文章的帮助:

Thanks to the following projects and articles:

免责声明

  • 本项目仅用于网络安全技术的学习研究,若使用者在使用本项目的过程中存在任何违法行为或造成任何不良影响,需使用者自行承担责任,与项目作者无关。
  • 本项目完全开源,请勿将本项目用于任何商业用途。
  • 本人不参加各类攻防演练以及境内外渗透项目,如溯源到本人id或者项目,纯属巧合。

Stargazers over time

Stargazers over time

About

使用 rust 实现 CobaltStrike 的 beacon || Using Rust to implement CobaltStrike's Beacon

Resources

Readme

License

MIT license
Activity

Stars

113 stars

Watchers

4 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages