Skip to content

Instantly share code, notes, and snippets.

@usualsuspect
Created July 11, 2023 18:37
Show Gist options
  • Save usualsuspect/194c248e30c43c25681c6f1e15cc778a to your computer and use it in GitHub Desktop.
Save usualsuspect/194c248e30c43c25681c6f1e15cc778a to your computer and use it in GitHub Desktop.
Pokemon Cobalt Strike Config
BeaconType - HTTPS
Port - 443
SleepTime - 10000
MaxGetSize - 1398322
Jitter - 20
MaxDNS - Not Found
PublicKey_MD5 - e516ca02d126b82ff30593ce45d9cba5
C2Server - 47.94.58.82,/api/v1/server/user/info
UserAgent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
HttpPostUri - /api/v1/server/log
Malleable_C2_Instructions - Remove 37 bytes from the end
Remove 181 bytes from the beginning
Base64 decode
HttpGet_Metadata - ConstHeaders
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Referer: https://www.baidu.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Metadata
base64
prepend "BIDUPSID=CB490622E06ED73544708FA6EC8D7149; BAIDUID="
append ":FG=1; BD_HOME=1; ZFY=mHnRy:AULlW2VAfYn8cPmgDRqCsBjVtIS4QVfeV3R1VA:C; delPer=0; BD_CK_SAM=1; PSINO=1;"
header "Cookie"
HttpPost_Metadata - ConstHeaders
X-Client-Version: 20210803
Accept: application/json, text/plain, */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://bbs.baidu.com/
Accept-Encoding: gzip, deflate
SessionId
mask
base64url
prepend "__bai_duid=FN=0:"
append ":FG=1;PSSID=1_bcd567e0967f83a2f4dfeb9abbd0fd1f1667269580786"
header "Cookie"
Output
base64
prepend "{"event_type":"load","page":01,"user_from":"web","event_name":"visited-home","log_info":""
append "","code":"116082388"}"
print
PipeName - Not Found
DNS_Idle - Not Found
DNS_Sleep - Not Found
SSH_Host - Not Found
SSH_Port - Not Found
SSH_Username - Not Found
SSH_Password_Plaintext - Not Found
SSH_Password_Pubkey - Not Found
SSH_Banner -
HttpGet_Verb - GET
HttpPost_Verb - POST
HttpPostChunk - 0
Spawnto_x86 - %windir%\syswow64\dllhost.exe
Spawnto_x64 - %windir%\sysnative\dllhost.exe
CryptoScheme - 0
Proxy_Config - Not Found
Proxy_User - Not Found
Proxy_Password - Not Found
Proxy_Behavior - Use IE settings
Watermark_Hash - BeudtKgqnlm0Ruvf+VYxuw==
Watermark - 100000
bStageCleanup - True
bCFGCaution - False
KillDate - 0
bProcInject_StartRWX - False
bProcInject_UseRWX - False
bProcInject_MinAllocSize - 17500
ProcInject_PrependAppend_x86 - b'\x90\x90'
Empty
ProcInject_PrependAppend_x64 - b'\x90\x90'
Empty
ProcInject_Execute - ntdll:RtlUserThreadStart
CreateThread
NtQueueApcThread-s
CreateRemoteThread
RtlCreateUserThread
ProcInject_AllocationMethod - NtMapViewOfSection
bUsesCookies - True
HostHeader -
headersToRemove - Not Found
DNS_Beaconing - Not Found
DNS_get_TypeA - Not Found
DNS_get_TypeAAAA - Not Found
DNS_get_TypeTXT - Not Found
DNS_put_metadata - Not Found
DNS_put_output - Not Found
DNS_resolver - Not Found
DNS_strategy - round-robin
DNS_strategy_rotate_seconds - -1
DNS_strategy_fail_x - -1
DNS_strategy_fail_seconds - -1
Retry_Max_Attempts - 0
Retry_Increase_Attempts - 0
Retry_Duration - 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment