├── teamserver.service ├── listener.service ├── .gitignore ├── listener_service.cna └── readme.md /teamserver.service: -------------------------------------------------------------------------------- 1 | # teamserver.service 2 | [Unit] 3 | Description=Cobalt Strike Teamserver Service 4 | After=network.target 5 | Wants=network.target 6 | 7 | [Service] 8 | Type=Simple 9 | WorkingDirectory=/opt/cobaltstrike 10 | ExecStart=/opt/cobaltstrike/teamserver 11 | 12 | # Example 13 | # ExecStart=/opt/cobaltstrike/teamserver `hostname -I` thisismypassword /opt/cobaltstrike/c2.profile 14 | 15 | [Install] 16 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /listener.service: -------------------------------------------------------------------------------- 1 | # listener.service 2 | [Unit] 3 | Description=Cobalt Strike aggressor service 4 | After=teamserver.service network.target 5 | Wants=teamserver.service 6 | StartLimitIntervalSec=33 7 | 8 | [Service] 9 | Restart=on-failure 10 | RestartSec=10 11 | WorkingDirectory=/opt/cobaltstrike 12 | ExecStartPre=/bin/sleep 60 13 | ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050 14 | 15 | # Example 16 | # ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050 listener_service thisismypassword /opt/cobaltstrike/listener_service.cna 17 | 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Misc 2 | *.suo 3 | *.user 4 | *.sln.docstates 5 | [Dd]ebug/ 6 | [Rr]elease/ 7 | x64/ 8 | [Bb]in/ 9 | [Oo]bj/ 10 | *.nupkg 11 | **/packages/* 12 | !**/packages/build/ 13 | *_i.c 14 | *_p.c 15 | *.ilk 16 | *.meta 17 | *.obj 18 | *.pch 19 | *.pdb 20 | *.pgc 21 | *.pgd 22 | *.rsp 23 | *.sbr 24 | *.tlb 25 | *.tli 26 | *.tlh 27 | *.tmp 28 | *.tmp_proj 29 | *.log 30 | *.vspscc 31 | *.vssscc 32 | .builds 33 | *.pidb 34 | *.log 35 | *.scc 36 | *.psess 37 | *.vsp 38 | *.vspx 39 | .svn 40 | Desktop.ini 41 | .vs/ 42 | project.lock.json 43 | 44 | # MacOS Stuff 45 | # General 46 | .DS_Store 47 | .AppleDouble 48 | .LSOverride 49 | 50 | # Icon must end with two \r 51 | Icon 52 | 53 | # Thumbnails 54 | ._* 55 | 56 | # Files that might appear in the root of a volume 57 | .DocumentRevisions-V100 58 | .fseventsd 59 | .Spotlight-V100 60 | .TemporaryItems 61 | .Trashes 62 | .VolumeIcon.icns 63 | .com.apple.timemachine.donotpresent 64 | 65 | # Directories potentially created on remote AFP share 66 | .AppleDB 67 | .AppleDesktop 68 | Network Trash Folder 69 | Temporary Items 70 | .apdisk -------------------------------------------------------------------------------- /listener_service.cna: -------------------------------------------------------------------------------- 1 | println(" 2 | ################################################################### 3 | CobaltStrike Aggressor Script 4 | Author: Joe Vest 5 | Description: Headless script to create listeners 6 | ###################################################################"); 7 | 8 | println('Loading listener_service.cna...'); 9 | 10 | on ready{ 11 | println('listener_service.cna: Creating HTTP Listener...'); 12 | listener_create_ext("HTTP", "windows/beacon_http/reverse_http", %(host => "iheartredteams.com", port => 80, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 80, strategy => "failover", max_retry => "none")); 13 | 14 | println('listener_service.cna: Creating HTTPS Listener...'); 15 | listener_create_ext("HTTPS", "windows/beacon_https/reverse_https", %(host => "iheartredteams.com", port => 443, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 443, strategy => "failover", max_retry => "none")); 16 | 17 | println('listener_service.cna: Creating SMB Listener...'); 18 | listener_create_ext("SMB", "windows/beacon_bind_pipe", %(port => "mojo.5887.8051.34782273429370473##")); 19 | sleep(10000); 20 | } 21 | 22 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # Running Cobalt Strike Teamserver as a Service 2 | 3 | These scripts can be used as a template to set up teamserver as a service and autostart listeners. 4 | 5 | These scripts have been tested on Ubuntu server, and will need to be adjusted based on your use case. 6 | 7 | ## Changelog 8 | 9 | - 23 Dec 2021 (CS 4.5 update) 10 | - Added Max Retry Strategy to script 11 | 12 | ## Steps 13 | 14 | - Update the service files to match your environment. 15 | - teamserver.service 16 | - listener.service 17 | - listener_service.cna 18 | - Copy the service files to your teamserver 19 | - /etc/systemd/system/teamserver.service 20 | - /etc/systemd/system/listener.service 21 | - /etc/cobaltstrike/listener_service.cna 22 | - Register the new services 23 | - `systemctl daemon-reload` 24 | - Start the services 25 | - `systemctl start teamserver.service` 26 | - `systemctl start listener.service` 27 | - Test 28 | 29 | ## Teamserver Service 30 | 31 | Update the settings to match your environment. 32 | 33 | - WorkingDirectory: set to the cobaltstrike directory 34 | - ExecStart: Set with your values 35 | 36 | ``` 37 | 38 | # teamserver.service 39 | [Unit] 40 | Description=Cobalt Strike Teamserver Service 41 | After=network.target 42 | Wants=network.target 43 | 44 | [Service] 45 | Type=Simple 46 | WorkingDirectory=/opt/cobaltstrike 47 | ExecStart=/opt/cobaltstrike/teamserver 48 | 49 | # Example 50 | # ExecStart=/opt/cobaltstrike/teamserver `hostname -I` thisismypassword /opt/cobaltstrike/c2.profile 51 | 52 | [Install] 53 | WantedBy=multi-user.target 54 | 55 | ``` 56 | 57 | ## Listener Service 58 | 59 | Update the settings to match your environment. 60 | 61 | - WorkingDirectory: set to the cobaltstrike directory 62 | - ExecStart: Set with your values 63 | 64 | ``` 65 | # listener.service 66 | [Unit] 67 | Description=Cobalt Strike aggressor service 68 | After=teamserver.service network.target 69 | Wants=teamserver.service 70 | StartLimitIntervalSec=33 71 | 72 | [Service] 73 | Restart=on-failure 74 | RestartSec=10 75 | WorkingDirectory=/opt/cobaltstrike 76 | ExecStartPre=/bin/sleep 60 77 | ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050 78 | 79 | # Example 80 | # ExecStart=/bin/bash /opt/cobaltstrike/agscript 127.0.0.1 50050 listener_service thisismypassword /opt/cobaltstrike/listener_service.cna 81 | 82 | 83 | [Install] 84 | WantedBy=multi-user.target 85 | ``` 86 | 87 | ## Headless aggressor script 88 | 89 | This must be updated to reflect your environment. 90 | 91 | This example aggressor script is used to start an HTTP, HTTPS, and SMB listener with all the needed parameters 92 | 93 | What to change? 94 | 95 | - HTTP Listener 96 | - Listnername 97 | - host 98 | - althost 99 | - HTTPS Listener 100 | - Listnername 101 | - host 102 | - althost 103 | - SMB Listener 104 | - 105 | 106 | 107 | ``` 108 | println(" 109 | ################################################################### 110 | CobaltStrike Aggressor Script 111 | Author: Joe Vest 112 | Description: Headless script to create listeners 113 | ###################################################################"); 114 | 115 | println('Loading listener_service.cna...'); 116 | 117 | on ready{ 118 | println('listener_service.cna: Creating HTTP Listener...'); 119 | listener_create_ext("HTTP", "windows/beacon_http/reverse_http", %(host => "iheartredteams.com", port => 80, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 80)); 120 | 121 | println('listener_service.cna: Creating HTTPS Listener...'); 122 | listener_create_ext("HTTPS", "windows/beacon_https/reverse_https", %(host => "iheartredteams.com", port => 443, beacons => "iheartredteams.com", althost => "iheartredteams.com", bindto => 443)); 123 | 124 | println('listener_service.cna: Creating SMB Listener...'); 125 | listener_create_ext("SMB", "windows/beacon_bind_pipe", %(port => "mojo.5887.8051.34782273429370473##")); 126 | sleep(10000); 127 | } 128 | ``` 129 | --------------------------------------------------------------------------------