├── README.md
├── README_zh.md
├── media
    ├── 15718834682843
    │   ├── 15794530854426.jpg
    │   ├── 15794531704394.jpg
    │   └── 15794546043572.jpg
    └── 15794884596715
    │   ├── 15794993795360.jpg
    │   └── 15795001494711.jpg
└── src
    ├── CrossC2.cna
    └── genCrossC2.MacOS


/README.md:
--------------------------------------------------------------------------------
  1 | # Cross C2
  2 | 
  3 | [README](README.md) | [中文文档](README_zh.md)
  4 | 
  5 | # Cross C2 - Generator CobaltStrike's cross-platform beacon
  6 | 
  7 | ```
  8 |      ▄████▄   ██▀███   ▒█████    ██████   ██████     ▄████▄   ██████▄ 
  9 |     ▒██▀ ▀█  ▓██ ▒ ██▒▒██▒  ██▒▒██    ▒ ▒██    ▒    ▒██▀ ▀█        ██░
 10 |     ▒▓█    ▄ ▓██ ░▄█ ▒▒██░  ██▒░ ▓██▄   ░ ▓██▄      ▒▓█        █████▒ 
 11 |     ▒▓▓▄ ▄██▒▒██▀▀█▄  ▒██   ██░  ▒   ██▒  ▒   ██▒   ▒▓▓▄ ▄█ ░▒██      
 12 |     ▒ ▓███▀ ░░██▓ ▒██▒░ ████▓▒░▒██████▒▒▒██████▒▒   ▒ ▓███▀  ░▒▓█████▓
 13 |     ░ ░▒ ▒  ░░ ▒▓ ░▒▓░░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░   ░ ░▒ ▒    ░▒ ░▓ ░░
 14 |       ░  ▒     ░▒ ░ ▒░  ░ ▒ ▒░ ░ ░▒  ░ ░░ ░▒  ░ ░     ░  ▒     ░ ░░ ░ 
 15 |     ░          ░░   ░ ░ ░ ░ ▒  ░  ░  ░  ░  ░  ░     ░         by:░hook
 16 |     ░ ░         ░         ░ ░        ░        ░     ░ ░          ░    
 17 |     ░                                               ░                 
 18 |               
 19 | ```
 20 | 
 21 | ![](media/15794884596715/15794993795360.jpg)
 22 | 
 23 | # Description
 24 | 
 25 | Add beacon generation functions for CobaltStrike's cross-platform beacon. Currently only supported on **Linux** & **MacOS**.
 26 | 
 27 | 
 28 | 
 29 | |  | Windows | Linux | MacOS | iOS | Android | Embedded |
 30 | | --- | --- | --- | --- | --- | --- | --- |
 31 | | Run Env (x86) |  | √ |  |  |  |  |
 32 | | Run Env (x64) |  | √ | √ |  |  |  |
 33 | | gen beacon (x86) |  | √ |  |  |  |  |
 34 | | gen beacon (x64) |  | √ | √ |  |  |  |
 35 | | gen beacon (armv7) |  |  |  | ⍻ | ⍻ |  |
 36 | | gen beacon (arm64) |  |  |  | ⍻ | ⍻ |  |
 37 | | gen beacon (mips[el]) |  |  |  |  |  | ⍻ |
 38 | 
 39 | Restricted description:
 40 | * MacOS: Latest systems only support 64-bit programs
 41 | * iOS: sandbox, restricted cmd
 42 | * Embedded: only *nix
 43 | * ⍻ : Loader is still in progress
 44 | 
 45 | 
 46 | # Install
 47 | 
 48 | Download:
 49 | 
 50 | > 
 51 | * **CrossC2.cna**
 52 | * **genCrossC2** `CS Env`
 53 | 
 54 | 1. copy **CrossC2.cna** and **genCrossC2** file to `CobaltStrike`'s **rootdir**  (Must be in the **same directory** )
 55 | 2. choose `Script Manager`，add `CrossC2.cna` (If successfully installed, the menu bar will have an additional item `CrossC2`)
 56 | 3. Modify the `genCrossC2` path in the` CrossC2.cna` script to the **real path**
 57 | 
 58 | ```
 59 | exec("/xxx/xxx/genCrossC2"... -> exec("/opt/cs/genCrossC2"...
 60 | ```
 61 | 
 62 | 
 63 | # Usage
 64 | 
 65 | ## teamserver
 66 | 
 67 | For some reasons, only HTTPS beacon is currently supported. When setting C2Profile, please add an '/ login' to the URI list configured by http-get, and add an '/ logout' to the http-post URI list.
 68 | `C2Profile dynamic analysis will be supported in the future`
 69 | 
 70 | ## cna plugin way
 71 | 
 72 | ```
 73 | Menu bar: CrossC2 -> CrossC2 Payload Generator -> genCrossC2
 74 | 
 75 | Can be configured in the pop-up dialog:
 76 | 1. Operating System
 77 | 2. Arach
 78 | 3. Payload Type(Currently only supports Stageless, Staged is being updated)
 79 | 4. Generate file save path
 80 | 
 81 | ```
 82 | ![](media/15718834682843/15794531704394.jpg)
 83 | 
 84 | ## Run the underlying program directly
 85 | 
 86 | In addition to cna GUI generation, you can also directly call the underlying program to generate directly.
 87 | 
 88 | ```
 89 | [usage]: genCrossC2 [host] [port] [getURI] [postURI] [platform] [arch] [outputFileName]
 90 | 
 91 | 
 92 | -platform		'MacOS' / 'Linux'
 93 | -arch    		'x86' / 'x64'
 94 | 
 95 | [ex]:
 96 | 	genCrossC2 127.0.0.1 4444 null null MacOS x64 ./CrossC2-test
 97 | ```
 98 | ![](media/15718834682843/15794546043572.jpg)
 99 | 
100 | 
101 | # Coming soon
102 | 
103 | 1. Rich C2Porfile support
104 | 2. Staged Type Shellcode Generation
105 | 3. http-proxy (auth) & socks proxy back connection support
106 | 4. Proxy-Pivots 
107 | 5. node beacon? (Single node type, can host other beacon without relying on teamserver)
108 | 
109 | 
110 | # Examples
111 | 
112 | 
113 | ![](media/15794884596715/15795001494711.jpg)
114 | 
115 | # Bug
116 | 
117 | 1. GUI file manager and process viewing functions are not currently supported
118 | 2. Uploading and downloading files that are too large may have incomplete end bytes
119 | 
120 | 
121 | 


--------------------------------------------------------------------------------
/README_zh.md:
--------------------------------------------------------------------------------
  1 | # Cross C2
  2 | 
  3 | [README](README.md) | [中文文档](README_zh.md)
  4 | 
  5 | # Cross C2 - 生成CobaltStrike的跨平台beacon
  6 | 
  7 | ```
  8 |      ▄████▄   ██▀███   ▒█████    ██████   ██████     ▄████▄   ██████▄ 
  9 |     ▒██▀ ▀█  ▓██ ▒ ██▒▒██▒  ██▒▒██    ▒ ▒██    ▒    ▒██▀ ▀█        ██░
 10 |     ▒▓█    ▄ ▓██ ░▄█ ▒▒██░  ██▒░ ▓██▄   ░ ▓██▄      ▒▓█        █████▒ 
 11 |     ▒▓▓▄ ▄██▒▒██▀▀█▄  ▒██   ██░  ▒   ██▒  ▒   ██▒   ▒▓▓▄ ▄█ ░▒██      
 12 |     ▒ ▓███▀ ░░██▓ ▒██▒░ ████▓▒░▒██████▒▒▒██████▒▒   ▒ ▓███▀  ░▒▓█████▓
 13 |     ░ ░▒ ▒  ░░ ▒▓ ░▒▓░░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░   ░ ░▒ ▒    ░▒ ░▓ ░░
 14 |       ░  ▒     ░▒ ░ ▒░  ░ ▒ ▒░ ░ ░▒  ░ ░░ ░▒  ░ ░     ░  ▒     ░ ░░ ░ 
 15 |     ░          ░░   ░ ░ ░ ░ ▒  ░  ░  ░  ░  ░  ░     ░         by:░hook
 16 |     ░ ░         ░         ░ ░        ░        ░     ░ ░          ░    
 17 |     ░                                               ░                 
 18 |               
 19 | ```
 20 | 
 21 | ![](media/15794884596715/15794993795360.jpg)
 22 | 
 23 | # Description
 24 | 
 25 | 为CobaltStrike添加其他平台的beacon生成功能，暂时仅支持在 **Linux** & **MacOS** 上运行。
 26 | 
 27 | 
 28 | |  | Windows | Linux | MacOS | iOS | Android | Embedded |
 29 | | --- | --- | --- | --- | --- | --- | --- |
 30 | | Run Env (x86) |  | √ |  |  |  |  |
 31 | | Run Env (x64) |  | √ | √ |  |  |  |
 32 | | gen beacon (x86) |  | √ |  |  |  |  |
 33 | | gen beacon (x64) |  | √ | √ |  |  |  |
 34 | | gen beacon (armv7) |  |  |  | ⍻ | ⍻ |  |
 35 | | gen beacon (arm64) |  |  |  | ⍻ | ⍻ |  |
 36 | | gen beacon (mips[el]) |  |  |  |  |  | ⍻ |
 37 | 
 38 | 受限说明:
 39 | * MacOS: 新系统仅支持64位程序
 40 | * iOS: sandbox, 受限的cmd
 41 | * Embedded: only *nix
 42 | * ⍻ : 加载还在完善中
 43 | 
 44 | 
 45 | # Install
 46 | 
 47 | 下载基础文件:
 48 | 
 49 | > 
 50 | * **CrossC2.cna**
 51 | * **genCrossC2** `CS运行环境`
 52 | 
 53 | 1. 拷贝 **CrossC2.cna** 与 **genCrossC2** 文件到CobaltStrike **根目录** 下 (必须处于 **同目录** )
 54 | 2. 选择`Script Manager`，添加`CrossC2.cna` (如果成功安装，菜单栏会多出一项 `CrossC2`)
 55 | 3. 修改`CrossC2.cna`脚本中`genCrossC2`路径为**真实路径**
 56 | 
 57 | ```
 58 | exec("/xxx/xxx/genCrossC2"... -> exec("/opt/cs/genCrossC2"...
 59 | ```
 60 | 
 61 | 
 62 | # Usage
 63 | 
 64 | ## teamserver
 65 | 
 66 | 因为一些原因，目前强制只支持HTTPS beacon，并且在设定C2Profile时，在http-get配置的URI列表中请增加一项'/login', http-post URI列表中增加一项'/logout'
 67 | `后续将支持C2Profile动态解析`
 68 | 
 69 | ## cna插件方式
 70 | 
 71 | ```
 72 | 菜单栏: CrossC2 -> CrossC2 Payload Generator -> genCrossC2
 73 | 
 74 | 弹出的对话框中可以配置:
 75 | 1. 操作系统
 76 | 2. 运行位数
 77 | 3. Payload类型(目前仅支持Stageless, Staged正在更新中)
 78 | 4. 生成文件保存路径
 79 | 
 80 | ```
 81 | ![](media/15718834682843/15794531704394.jpg)
 82 | 
 83 | ## 直接运行底层程序
 84 | 
 85 | 除过cna GUI生成外，也可以直接调用底层程序直接生成。
 86 | 
 87 | ```
 88 | [usage]: genCrossC2 [host] [port] [getURI] [postURI] [platform] [arch] [outputFileName]
 89 | 
 90 | 
 91 | -platform		'MacOS' / 'Linux'
 92 | -arch    		'x86' / 'x64'
 93 | 
 94 | [ex]:
 95 | 	genCrossC2 127.0.0.1 4444 null null MacOS x64 ./CrossC2-test
 96 | ```
 97 | ![](media/15718834682843/15794546043572.jpg)
 98 | 
 99 | 
100 | # 即将上线
101 | 
102 | 1. 丰富的C2Porfile支持
103 | 2. Staged类型Shellcode生成
104 | 3. http-proxy (auth) & socks 代理回连支持
105 | 4. 流量中转支持 
106 | 5. node beacon? (单个节点式，可进行不依靠teamserver托管其他beacon)
107 | 
108 | # Examples
109 | 
110 | ![](media/15794884596715/15795001494711.jpg)
111 | 
112 | # 可能存在问题
113 | 
114 | 1. GUI的文件管理 与 进程查看功能暂不支持
115 | 2. 传输文件时过大的文件可能存在末尾字节写入不全的情况
116 | 
117 | 
118 | 


--------------------------------------------------------------------------------
/media/15718834682843/15794530854426.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/media/15718834682843/15794530854426.jpg


--------------------------------------------------------------------------------
/media/15718834682843/15794531704394.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/media/15718834682843/15794531704394.jpg


--------------------------------------------------------------------------------
/media/15718834682843/15794546043572.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/media/15718834682843/15794546043572.jpg


--------------------------------------------------------------------------------
/media/15794884596715/15794993795360.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/media/15794884596715/15794993795360.jpg


--------------------------------------------------------------------------------
/media/15794884596715/15795001494711.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/media/15794884596715/15795001494711.jpg


--------------------------------------------------------------------------------
/src/CrossC2.cna:
--------------------------------------------------------------------------------
 1 | menubar("CrossC2", "generator", 2);
 2 | 
 3 | popup generator {
 4 |     menu "&CrossC2 Payload Generator" {
 5 |         item "&genCrossC2" {
 6 |             genCrossC2()
 7 |         }
 8 |     }
 9 |     item "&About" {
10 |         projectAbout()
11 |     }
12 | }
13 | 
14 | sub dialogCallBack {
15 |     $system = $3['system'];
16 |     $arch = $3['arch'];
17 |     $payload_type = $3['payload_type'];
18 |     $listener = $3['listener'];
19 |     $outputFileName = $3['outputFileName'];
20 | 
21 |     $listener_info = listener_info($listener);
22 |     $host = $listener_info['host'];
23 |     $port = $listener_info['port'];
24 | 
25 |     exec("/xxx/xx/xx/genCrossC2 ".$host." ". $port." null null ".$system." ".$arch." ".$outputFileName)
26 | }
27 | 
28 | sub genCrossC2 {
29 |     $dialog = dialog("CrossC2 Payload Generator", %(listener => "Listener: ", system => "System: ", arch => "Arch: ", payload_type => "Payload_Type: ", outputFileName => "./CrossC2-test"), &dialogCallBack);
30 |     dialog_description($dialog, "Export CrossC2 Payload");
31 |     drow_combobox($dialog, "system", "System: ", @("Linux", "MacOS"));
32 |     drow_listener($dialog, "listener", "Listener: ");
33 |     drow_combobox($dialog, "arch", "Arch: ", @("x86", "x64"));
34 |     drow_combobox($dialog, "payload_type", "Payload_Type: ", @("Staged", "Stageless"));
35 |     drow_text($dialog, "outputFileName", "OutputFileName: ");
36 |     dbutton_action($dialog, "Build");
37 |     dialog_show($dialog);
38 | }
39 | 
40 | sub projectAbout {
41 |     $dialog = dialog("Cross C2 About");
42 |     dialog_description($dialog, "Export CrossC2 Payload");
43 |     dialog_show($dialog);
44 | }
45 | 
46 | 


--------------------------------------------------------------------------------
/src/genCrossC2.MacOS:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dr0op/CrossC2/200a23ad1d96262a292299a5925d37bbfd5c3031/src/genCrossC2.MacOS


--------------------------------------------------------------------------------