0xagent

CobaltStrike 4.0 - 4.5 Patch

Changed from CSAgent. review by dust-life.

The key for 4.5 is not available here, Just a loader.

features

Check the file hash from CS official Website
Patch javaagemt detection
Patch Authorization
Patch Checksum8
Patch profile saving feature, so that your configuration information will not be saved in .aggressor.prop, preventing information leakage by countermeasures.

Just that's all.

Tips

Using jdk8 will make the startup time as long as 10-15s
Versions after using jdk8 will start immediately
If you want to use the checksum8 feature, name the profile c3.profile.

Usage

e.g: 4.4 key

Client

java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xms512M -Xmx1024M -javaagent:0xagent.jar=5e98194a01c6b48fa582a6a9fcbb92d6 -jar cobaltstrike.jar

Teamserver

java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=59850 -Djavax.net.ssl.keyStore=./xxxx.store -Djavax.net.ssl.keyStorePassword=xxxxxx -server -XX:+AggressiveHeap -XX:+UseParallelGC -javaagent:0xagent.jar=5e98194a01c6b48fa582a6a9fcbb92d6 -classpath ./cobaltstrike.jar server.TeamServer $*

Comments

java.security.NoSuchAlgorithmException: Error constructing implementation

Default CS4.5 jar file with the command line args in the readme. Running from kali default install. On Windows I get a different error.

Linux error: [-] Trapped java.net.SocketException during team server startup [main]: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/javax.net.ssl.DefaultSSLServerSocketFactory.throwException(SSLServerSocketFactory.java:177) at java.base/javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(SSLServerSocketFactory.java:205) at ssl.SecureServerSocket.(Unknown Source) at server.TeamServer.B(Unknown Source) at server.TeamServer.main(Unknown Source) Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) at java.base/java.security.Provider$Service.newInstance(Provider.java:1868) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:185) at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:110) at java.base/javax.net.ssl.SSLServerSocketFactory.getDefault(SSLServerSocketFactory.java:74) at ssl.SecureServerSocket.A(Unknown Source) ... 3 more Caused by: java.security.KeyManagementException at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.(SSLContextImpl.java:942) at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.(SSLContextImpl.java:1111) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) at java.base/java.security.Provider$Service.newInstanceOf(Provider.java:1879) at java.base/java.security.Provider$Service.newInstanceUtil(Provider.java:1886) at java.base/java.security.Provider$Service.newInstance(Provider.java:1861) ... 9 more

Windows error: java.lang.RuntimeException: Header e_magic Magic Failed: 0 expected (23117) at pe.PEParser.error(Unknown Source) at pe.PEParser.header(Unknown Source) at pe.PEParser.parse(Unknown Source) at pe.PEParser.(Unknown Source) at pe.PEParser.load(Unknown Source) at pe.PEEditor.getInfo(Unknown Source) at pe.PEEditor.checkAssertions(Unknown Source) at pe.MalleablePE.pre_process(Unknown Source) at c2profile.Preview.getPE(Unknown Source) at c2profile.Preview.summarize(Unknown Source) at server.ManageUser.process(Unknown Source) at server.ManageUser.run(Unknown Source) at java.base/java.lang.Thread.run(Thread.java:832) ←[01;31m[-]←[0m Trapped java.lang.IllegalArgumentException during manage user [Manage: codex]: No location for 'Characteristics' java.lang.IllegalArgumentException: No location for 'Characteristics' at pe.PEParser.getLocation(Unknown Source) at pe.PEEditor.setCharacteristic(Unknown Source) at pe.PEEditor.stompPE(Unknown Source) at pe.MalleablePE.pre_process(Unknown Source) at c2profile.Preview.getPE(Unknown Source) at c2profile.Preview.summarize(Unknown Source) at server.ManageUser.process(Unknown Source) at server.ManageUser.run(Unknown Source) at java.base/java.lang.Thread.run(Thread.java:832)

opened by CodeXTF2 12
Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 31

[+] Patch exit Exception in thread "main" java.lang.StringIndexOutOfBoundsException: String index out of range: 31 at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:47) at java.base/java.lang.String.charAt(String.java:693) at common.Authorization.hex2bytes(Unknown Source) at common.Authorization.(Unknown Source) at server.TeamServer.main(Unknown Source)

opened by badboycxcc 1