Need help with SharpeningCobaltStrike?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

cube0x0
215 Stars 43 Forks 18 Commits 1 Opened issues

Description

in realtime v35/40 dotnet compiler for your linux Cobalt Strike C2. New fresh compiled and obfuscated binary for each use

Services available

!
?

Need anything else?

Contributors list

# 103,589
Shell
Python
wmi
smb
18 commits

SharpeningCobaltStrike

In realtime compiling of dotnet v35/v40 exe/dll binaries + obfuscation with ConfuserEx on your linux cobalt strike server. beaconmenu

When you specify a .cs file to compile and execute on a beacon, the compiler will automaticly search for all .cs dependencies in that source directory and sub directories and compile against them so there is no need for merging everything into 1 .cs file, remember this so you dont put multiple project in the same directory because it will create conflicts. By default, all the .dll files under

Compiler/References/net*/
will be loaded as a References to each compiled project. If you want better opsec and load just the necessary .dll files as References you can do that by dropping a file called
Refs
in the source directory of the project you are compiling and it will import just those .dll names instead of everything. Refs Example ``` [email protected]:/# cat Rubeus-master/Rubeus/Refs

System.DirectoryServices.dll System.DirectoryServices.AccountManagement.dll System.dll mscorlib.dll System.Core.dll System.IdentityModel.dll

ItWillIgnoreLinesStartingWith#.dll

The compiler can be used outside of Cobalt Strike and it might be a good idea to do that for new projects just to verify that there are no missing References, if there are References missing just drop them to `Compiler/References/net*/`

[email protected]:/Compiler# dotnet build -c Release ; dotnet bin/Release/netcoreapp2.1/Compiler.dll -s /Rubeus-master/Rubeus/Program.cs -f /tmp/rub.exe Microsoft (R) Build Engine version 16.2.37902+b5aaefc9f for .NET Core Copyright (C) Microsoft Corporation. All rights reserved.

Restore completed in 60.77 ms for /opt/C2/Cobaltstrike/scripts/SharpCobaltStrike/Compiler/Compiler.csproj. Compiler -> /opt/C2/Cobaltstrike/scripts/SharpCobaltStrike/Compiler/bin/Release/netcoreapp2.1/Compiler.dll

Build succeeded. 0 Warning(s) 0 Error(s)

Time Elapsed 00:00:01.48 [*]Compiling.. Source Dir : ../Rubeus-master/Rubeus Source File : ../Rubeus-master/Rubeus/Program.cs Output Kind : ConsoleApplication .Net Version : Net40 Platform : AnyCpu References : /Compiler/References/net40/System.IdentityModel.dll, /Compiler/References/net40/System.Core.dll, /Compiler/References/net40/System.Management.dll, /Compiler/References/net40/System.dll, /Compiler/References/net40/System.DirectoryServices.AccountManagement.dll, /Compiler/References/net40/System.Management.Automation.dll, /Compiler/References/net40/mscorlib.dll, /Compiler/References/net40/System.DirectoryServices.dll Optimize : False Confuse : False UnsafeCompile : False ```

Another use case is that we can use this to compile .Net loaders to inject beacon shellcode into processes attackmenu

This project uses a modified version of SharpGen to compile .cs source files and obfuscate them with ConfuserEx. All creds to @cobbr for making the compiler, more detials on it here * https://cobbr.io/SharpGen.html * https://github.com/cobbr/SharpGen * https://github.com/cobbr/Covenant

The APC shellcode loader is taken from https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop

To use this you first need to install dotnet core sdk

wget https://packages.microsoft.com/config/ubuntu/19.10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install dotnet-sdk-2.1

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.