├── Cobalt Strike Docs ├── Aggressor Script Documentation │ ├── 1. Introduction.pdf │ ├── 2.Cobalt Strike.pdf │ ├── 3. Data Model.pdf │ ├── 4. Listeners.pdf │ ├── 5. Beacon.pdf │ ├── 6. Other Topics.pdf │ ├── 7. Custom Reports.pdf │ ├── zz1. Events.pdf │ ├── zz2. Functions.pdf │ ├── zz3. Popup Hooks.pdf │ └── zz4. Reporting Functions.pdf ├── DNS Beacon Setup.png ├── Team Infrastructure.png ├── Team Roles.PNG ├── Use Mimikatz to Implant Skeleton Key on Domain Controllers.pdf └── csmanual32.pdf ├── Install-files └── mimikatz_trunk.zip ├── Kali_Updates.sh ├── LICENSE ├── Phishing Templates └── phish-test.txt ├── README.md ├── RedCell-Kali.sh ├── functions.sh ├── install_cobalt_strike.sh ├── runonce.sh ├── start_cobaltstrike.sh ├── start_cs_teamserver.sh └── zerofree.sh /Cobalt Strike Docs/Aggressor Script Documentation/1. Introduction.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/1. Introduction.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/2.Cobalt Strike.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/2.Cobalt Strike.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/3. Data Model.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/3. Data Model.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/4. Listeners.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/4. Listeners.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/5. Beacon.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/5. Beacon.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/6. Other Topics.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/6. Other Topics.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/7. Custom Reports.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/7. Custom Reports.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/zz1. Events.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/zz1. Events.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/zz2. Functions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/zz2. Functions.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/zz3. Popup Hooks.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/zz3. Popup Hooks.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/Aggressor Script Documentation/zz4. Reporting Functions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Aggressor Script Documentation/zz4. Reporting Functions.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/DNS Beacon Setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/DNS Beacon Setup.png -------------------------------------------------------------------------------- /Cobalt Strike Docs/Team Infrastructure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Team Infrastructure.png -------------------------------------------------------------------------------- /Cobalt Strike Docs/Team Roles.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Team Roles.PNG -------------------------------------------------------------------------------- /Cobalt Strike Docs/Use Mimikatz to Implant Skeleton Key on Domain Controllers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/Use Mimikatz to Implant Skeleton Key on Domain Controllers.pdf -------------------------------------------------------------------------------- /Cobalt Strike Docs/csmanual32.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Cobalt Strike Docs/csmanual32.pdf -------------------------------------------------------------------------------- /Install-files/mimikatz_trunk.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NECPC/RedCell-Kali/407948d94021c21c257e2e357d3e36f0dc66e3ee/Install-files/mimikatz_trunk.zip -------------------------------------------------------------------------------- /Kali_Updates.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Author: Steven Burnell 3 | # Description: Kali Linux customization and update script for Red-Team Operators 4 | # to make life easier. Run this script on a fresh Kali install or before 5 | # going on a mission. Don't forget to check for newer versions of cobalt strike! 6 | # https://www.cobaltstrike.com/download 7 | # Last updated: 05 AUG 2016 8 | 9 | source $INSTALL_DIR/functions.sh 10 | 11 | # Check active resolution 12 | # I might detect resolution and change it only if it's the default 800x600, because that's annoyingly small. 13 | current_resolution=$(xrandr --current | head -1 | cut -d"," -f2 | sed 's/\ //g' | sed 's/current//g') 14 | if [ "$current_resolution" == "800x600" ]; then 15 | echo "currently set to 800x600" 16 | fi 17 | 18 | # Enable root auto-login without password prompt 19 | sed -i 's/.*AutomaticLoginEnable =.*/AutomaticLoginEnable = true/' /etc/gdm3/daemon.conf 20 | sed -i 's/.*AutomaticLogin =.*/AutomaticLogin = root/' /etc/gdm3/daemon.conf 21 | 22 | # Updates the GRUB timeout to be 1 second instead of 5 to improve boot time 23 | sed -i 's/GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub 24 | update-grub 25 | 26 | # Unlock custom aliases 27 | sed -i 's/^#alias ll=/alias ll=/' ~/.bashrc 28 | sed -i 's/^#alias la=/alias la=/' ~/.bashrc 29 | sed -i 's/^#alias l=/alias l=/' ~/.bashrc 30 | 31 | # Create Cobalt Strike Addon directory and setup git clones 32 | if ! [ -d /opt/cobaltstrike-addons ]; then 33 | mkdir /opt/cobaltstrike-addons 34 | fi 35 | 36 | # CobaltStrike's "Cortana" scripts (renamed to Aggressor Scripts in Cobalt Strike 3.x) 37 | if [ -d /opt/cobaltstrike-addons/cortana-scripts ]; then 38 | cd /opt/cobaltstrike-addons/cortana-scripts 39 | git pull 40 | else 41 | cd /opt/cobaltstrike-addons/ 42 | git clone https://github.com/rsmudge/cortana-scripts.git 43 | fi 44 | 45 | # CobaltStrike's Malleable-C2-Profiles 46 | if [ -d /opt/cobaltstrike-addons/Malleable-C2-Profiles ]; then 47 | cd /opt/cobaltstrike-addons/Malleable-C2-Profiles 48 | git pull 49 | else 50 | cd /opt/cobaltstrike-addons/ 51 | git clone https://github.com/rsmudge/Malleable-C2-Profiles.git 52 | fi 53 | 54 | # Veil-Evasion 55 | if [ -d /opt/Veil-Evasion ]; then 56 | cd /opt/Veil-Evasion 57 | git pull 58 | #cd setup 59 | #./setup.sh -s 60 | else 61 | cd /opt/ 62 | git clone https://github.com/Veil-Framework/Veil-Evasion.git 63 | cd Veil-Evasion/setup 64 | #./setup.sh -s 65 | fi 66 | 67 | # Ensure that scripts can be run by double-clicking it from the desktop 68 | gsettings set org.gnome.nautilus.preferences executable-text-activation ask 69 | 70 | # Disable the locking screensaver 71 | gsettings set org.gnome.desktop.screensaver lock-enabled false 72 | 73 | # Disable turning off the display due to inactivity 74 | #gsettings set org.gnome.settings-daemon.plugins.power sleep-display-ac 0 75 | #gsettings set org.gnome.settings-daemon.plugins.power sleep-display-battery 0 76 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0 77 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 0 78 | gsettings set org.gnome.settings-daemon.plugins.power idle-dim false 79 | gsettings set org.gnome.desktop.session idle-delay 0 80 | 81 | # A couple other UI tweaks 82 | gsettings set org.gnome.desktop.interface clock-show-date true 83 | 84 | # Create symlinks on the desktop for helpful shortcuts 85 | for script_name in \ 86 | start_cobaltstrike.sh \ 87 | start_cs_teamserver.sh \ 88 | install_cobalt_strike.sh \ 89 | RedCell-Kali.sh \ 90 | Cobalt\ Strike\ Docs \ 91 | Phishing\ Templates 92 | do 93 | if [ -e "/$USER/Desktop/$script_name" ]; then 94 | rm -f "/$USER/Desktop/$script_name" 95 | fi 96 | 97 | ln -s "$INSTALL_DIR/$script_name" "/$USER/Desktop/$script_name" 98 | done 99 | 100 | # Install Oracle's Java 8 for Cobalt Strike 101 | if ! [ -f /etc/apt/sources.list.d/webupd8team-java.list ]; then 102 | cat >/etc/apt/sources.list.d/webupd8team-java.list<< EOF 103 | deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main 104 | deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main 105 | EOF 106 | 107 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 108 | apt-get update 109 | apt-get install oracle-java8-installer 110 | #rm -f /etc/apt/sources.list.d/1 111 | fi 112 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 113 | apt-get update 114 | apt-get install oracle-java8-installer 115 | 116 | # Tell Kali Linux to use Java 8 by default for CobaltStrike 117 | update-java-alternatives -s java-8-oracle 118 | 119 | # Update metasploit 120 | service postgresql start && msfdb init 121 | msfdb start && msfdb stop 122 | msfupdate 123 | 124 | # Configure postgresql to start on boot 125 | update-rc.d postgresql enable 126 | 127 | # Install extra packages 128 | apt-get install \ 129 | rarcrack \ 130 | vmfs-tools \ 131 | zerofree \ 132 | ntpdate 133 | 134 | # Ensure ntp service runs at bootup 135 | update-rc.d ntp enable 136 | 137 | # Update packages 138 | apt-get update && apt-get upgrade && apt-get autoremove 139 | apt-get dist-upgrade && apt-get autoremove 140 | 141 | #Clean up package repo 142 | #apt-get clean 143 | 144 | echo "" 145 | echo "" 146 | echo "" 147 | pause 'Press [Enter] key to continue...' 148 | 149 | 150 | #How to run zerofree and punch zeros from vmware player 151 | #1) Boot into single user mode. (From grub menu, press 'E' to edit) and add "single" to the end of the line that ends with "quiet" 152 | #2a) Run the script that does steps 2b, 3, and 4: ./zerofree.sh 153 | #2b) mount -o remount,ro / 154 | #3) zerofree /dev/sda1 155 | #4) shutdown now -h 156 | #5) from vmware, edit virtual machine settings, select the disk, then click "compact disk". 157 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 NECPC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Phishing Templates/phish-test.txt: -------------------------------------------------------------------------------- 1 | blank file, sorry! Coming soon! -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # RedCell-Kali 2 | Red Teaming with Kali Linux. OS Customization, additional tools, and automated updates 3 | 4 | # Initial setup 5 | ``` 6 | git clone https://github.com/NECPC/RedCell-Kali.git 7 | cd RedCell-Kali 8 | ./RedCell-Kali.sh 9 | ``` 10 | 11 | # Continued use 12 | Once you have run the program once, it will create desktop shortcuts for quick and easy reference. Thus you can simply double-click the "RedCell-Kali.sh" script on the desktop from now on or run it from the command line - however you prefer. 13 | 14 | The "RedCell-Kali.sh" script will operate as the primary script used to update this git repo (self-updating you say?? handy!), reiterate configuration settings, and ensure any other git repos that I have placed in /opt are also updated as well. Basically, the best way to make sure you always have the latest version of this script, is to simply run it. 15 | 16 | -------------------------------------------------------------------------------- /RedCell-Kali.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ ! -f /etc/redcell-kali/RedCell-Kali.conf ]; then 3 | ./runonce.sh 4 | fi 5 | source /etc/redcell-kali/RedCell-Kali.conf 6 | export INSTALL_DIR=$INSTALL_DIR 7 | cd $INSTALL_DIR 8 | git pull && ./Kali_Updates.sh 9 | -------------------------------------------------------------------------------- /functions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Because I want a pause button... 4 | function pause(){ 5 | read -p "$*" 6 | } 7 | -------------------------------------------------------------------------------- /install_cobalt_strike.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source /etc/redcell-kali/RedCell-Kali.conf 3 | source $INSTALL_DIR/functions.sh 4 | 5 | tar xzf $INSTALL_DIR/install-files/cobaltstrike-trial.tgz -C /opt/ 6 | -------------------------------------------------------------------------------- /runonce.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ ! -d /etc/redcell-kali ]; then 3 | mkdir /etc/redcell-kali 4 | fi 5 | echo "INSTALL_DIR=`pwd`" > /etc/redcell-kali/RedCell-Kali.conf 6 | -------------------------------------------------------------------------------- /start_cobaltstrike.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source /etc/redcell-kali/RedCell-Kali.conf 3 | source $INSTALL_DIR/functions.sh 4 | 5 | ## Check to see that Cobalt Strike has been installed 6 | if ! [ -e /opt/cobaltstrike ]; then 7 | echo "You need to run the 'install_cobalt_strike.sh' script first" 8 | pause 'Press [Enter] key to quit...' 9 | exit 10 | fi 11 | 12 | ## For Cobalt Strike Trial install: 13 | cd /opt/cobaltstrike 14 | 15 | ./cobaltstrike 16 | -------------------------------------------------------------------------------- /start_cs_teamserver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source /etc/redcell-kali/RedCell-Kali.conf 3 | source $INSTALL_DIR/functions.sh 4 | 5 | # Configure these variables 6 | # Nevermind, I decided to do it for you, change them if you like to do things manually. 7 | IPAddress=$(ifconfig -a eth0 | grep "inet " | cut -d":" -f 2 | cut -d" " -f 1) 8 | Password="hacktheplanet" 9 | CobaltStrikeDir=/opt/cobaltstrike 10 | 11 | ## Check to see that Cobalt Strike has been installed 12 | if ! [ -e $CobaltStrikeDir ]; then 13 | echo "You need to run the 'install_cobalt_strike.sh' script first" 14 | pause 'Press [Enter] key to quit...' 15 | exit 16 | fi 17 | 18 | 19 | # Display Teamserver Info for quick reference 20 | echo "Teamserver IP: $IPAddress" 21 | echo "Teamserver password: $Password" 22 | echo "Cobalt Strike Working Directory: $CobaltStrikeDir" 23 | 24 | if [ -z "$IPAddress" ] || [ -z "$Password" ]; then 25 | echo "Could not determine IP Address or teamserver password. Edit this script, ensure you have an IP address on eth0, and/or ensure the command at the top is actually finding your IP" 26 | pause 'Press [Enter] key to continue...' 27 | else 28 | echo "Press CTRL+C to stop the server..." 29 | cd $CobaltStrikeDir 30 | ./teamserver $IPAddress $Password 31 | echo "" 32 | pause 'Done hacking the Gibson so soon?' 33 | fi 34 | -------------------------------------------------------------------------------- /zerofree.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## MUST BE RUN FROM SINGLE USER MODE 4 | 5 | ## Needed this for previous Kali versions 6 | #killall dhclient; 7 | 8 | mount -o remount,ro / 9 | zerofree /dev/sda1 10 | shutdown now -h 11 | --------------------------------------------------------------------------------