首页
社区
课程
招聘
[原创]CS 4.4 二开笔记:基础篇
发表于: 2023-9-4 18:32 13683

[原创]CS 4.4 二开笔记:基础篇

2023-9-4 18:32
13683

本篇为 CS 4.4 二开基础篇,主要对整个破解流程、漏洞修复、主题修改、新增功能进行讲解,针对CS的扫描方法及Bypass方法后续进行补充。

新建两个文件夹,cs_bin里面放原版cs,cs_src放之后反编译过后的cs,再将java-decompiler.jar放到根目录。目录结构如下:

切换 java 版本到 java 11:

在根目录输入以下命令将 cs_bin/cobaltstrike.jar 进行反编译,反编译后的文件放到cs_src文件夹中:

正常反编译如图所示:
图片描述
新建 idea java 项目,工程命名为cs,在工程下面新建两个文件夹:

修改/src/common/Authorization.java文件:
先在src目录下新建common目录:
图片描述
图片描述
接着修改Authorization()函数,直接用下面的代码对该函数进行覆盖:

虽然我们已经有了许可,但因为暗桩的存在我们无法正常运行。

存在暗桩的地方:

common目录下的 Helper、Starter、Starter2 清除暗桩后可以进入客户端:
图片描述
直接搜每个代码的exit,将其注释掉:
图片描述
最后再重新build artifacts,再运行就可以了:
图片描述
beacon/CommandBuilder中的暗桩会让client和temserver连续连接4小时后无法执行命令,将这部分注释掉:
图片描述
至此除去暗桩部分就完成了。

修改 cloudstrike/WebServer.java,新增对uri的判断,如果请求的uri开头不是/就相应404,新增代码如下:

图片描述

该漏洞是通过XSS造成的RCE,需要修改common/BeaconEntry.java将xss漏洞点进行修复:
下载commons-lang3-3.13.0.jarcommons-text-1.10.0.jar,导入到lib文件夹中:
图片描述
接着设置Project Structure中的ModulesArtifacts
图片描述
图片描述
接着在代码中使用StringEscapeUtils.escapeHtml4对漏洞点进行转义就完成了漏洞的修复。

aggressor/dialogs/ConnectDialog文件:
图片描述
修改后:
图片描述
启动服务端测试:
teamserver文件:

图片描述
启动客户端测试:
client文件:

图片描述

原版:
图片描述

关于图标的引用在aggressor/dialogs/AboutDialog中,可以对引入的logo大小进行修改,我将大小改为了192×192px,并设置图片与许可之间相隔10px:

与原文件对比:
图片描述
修改后:
图片描述

CS使用的是Swing UI,这里下载flatlaf主题:
https://mvnrepository.com/artifact/com.formdev/flatlaf/3.2
图片描述
将下载后的jar文件导入到lib文件夹中:
图片描述
打开Project Structure,打开Modules->Dependencies,添加这个jar到依赖中,勾选然后应用:
图片描述
图片描述
接着打开artifacts,引用flatlaf.jar,再点击应用:
图片描述
添加后:
图片描述
接着在主函数调用这里直接调用主题,文件为aggressor/Aggressor.java

图片描述
要把主题的代码放在super.initializeStarter(this.getClass());前面,这行代码是进行初始化的。
因为已经导入了包,所以在输入Flat后就会提示可选主题,我使用的是明亮主题,运行后:
图片描述
图片描述

图片描述
修复:
aggressor/browsers/Sessions中添加:
导入包:

新增修复代码并居中:

修改后的完整代码:

通过修改aggressor/browsers/Targets.java 的getContent函数的表格属性即可修复:
未修复前:
图片描述
修复后:
图片描述
新增代码:

修复后完整代码:

修改aggressor/Aggressor.java

文件为aggressor/windows/ListenerManager.java
新增:

修改后可正常显示:
图片描述
修改后的完整代码为:

图片描述
查询IP使用的库为:https://github.com/jarod/qqwry-java
在src目录下新建qqwry目录,将源码拷贝进去:
图片描述
aggressor/browsers/Sessions.java新增:
图片描述
cs 4.5猫猫版将所有自定义函数封装到了util.Utils中,然后再调用。
qqwry.dat放到resources中,引用路径则为resources/qqwry.dat

这样直接调用会很卡顿,因此使用static解决程序开销问题:

然后在toMap()中再调用这个函数:

修改后的完整代码如下:

到此,CS 4.4 二开基础篇就结束了,文中若存在问题欢迎留言。

Cobalt Strike破解过程
GitHub - LztCode/cobaltstrike4.5_cdf: cobaltstrike4.5版本破/解、去除checksum8特征、bypass BeaconEye、修复错误路径泄漏stage、增加totp双因子验证、修复CVE-2022-39197等
对cobaltstrike4.4的简单魔改
cobalt strike beacon dll 改造实现免杀 - zpchcbd - 博客园
geacon_pro 备份
GitHub - 10cks/geacon_pro: 重构了Cobaltstrike Beacon,行为对国内主流杀软免杀,支持4.1以上的版本。 A cobaltstrike Beacon bypass anti-virus, supports 4.1+ version.
https://archive.org/details/github.com-H4de5-7-geacon_pro_-_2022-11-01_12-02-43
CVE-2022-39197 CS RCE复现分析

cobaltstrike
├─cs_bin
│   └─ cobaltstrike.jar
└─cs_src
└─java-decompiler.jar
cobaltstrike
├─cs_bin
│   └─ cobaltstrike.jar
└─cs_src
└─java-decompiler.jar
sudo update-alternatives --config java
sudo update-alternatives --config java
java -cp java-decompiler.jar org.jetbrains.java.decompiler.main.decompiler.ConsoleDecompiler -dgs=true cs_bin/cobaltstrike.jar cs_src/
java -cp java-decompiler.jar org.jetbrains.java.decompiler.main.decompiler.ConsoleDecompiler -dgs=true cs_bin/cobaltstrike.jar cs_src/
public Authorization() {
   try {
      this.watermark=999999;
      this.validto="forever";
      this.valid = true;
      final byte[] bytes = {94, -104, 25, 74, 1, -58, -76, -113, -91, -126, -90, -87, -4, -69, -110, -42};
      MudgeSanity.systemDetail("valid to", "perpetual");
      MudgeSanity.systemDetail("id", this.watermark + "");
      SleevedResource.Setup(bytes);
   }
   catch (Exception ex2) {
      MudgeSanity.logException("auth file parsing", ex2, false);
   }
}
public Authorization() {
   try {
      this.watermark=999999;
      this.validto="forever";
      this.valid = true;
      final byte[] bytes = {94, -104, 25, 74, 1, -58, -76, -113, -91, -126, -90, -87, -4, -69, -110, -42};
      MudgeSanity.systemDetail("valid to", "perpetual");
      MudgeSanity.systemDetail("id", this.watermark + "");
      SleevedResource.Setup(bytes);
   }
   catch (Exception ex2) {
      MudgeSanity.logException("auth file parsing", ex2, false);
   }
}
else if (!uri.startsWith("/")) {
    return this.processResponse(uri, method, header, param, false, null, new Response("404 Not Found.","text/html",""));
}
else if (!uri.startsWith("/")) {
    return this.processResponse(uri, method, header, param, false, null, new Response("404 Not Found.","text/html",""));
}
import org.apache.commons.text.StringEscapeUtils;
 
HashMap var1 = new HashMap();
  var1.put("external", StringEscapeUtils.escapeHtml4(this.ext));
  var1.put("internal", StringEscapeUtils.escapeHtml4(this.intz));
  var1.put("host", StringEscapeUtils.escapeHtml4(this.intz));
  var1.put("user", StringEscapeUtils.escapeHtml4(this.user));
  var1.put("computer", StringEscapeUtils.escapeHtml4(this.comp));
  var1.put("last", StringEscapeUtils.escapeHtml4(this.diff + ""));
  var1.put("lastf", StringEscapeUtils.escapeHtml4(this.getLastCheckin()));
  var1.put("id", StringEscapeUtils.escapeHtml4(this.id));
  var1.put("pid", StringEscapeUtils.escapeHtml4(this.getPid()));
  var1.put("is64", StringEscapeUtils.escapeHtml4(this.is64));
  var1.put("pbid", StringEscapeUtils.escapeHtml4(this.pbid));
  var1.put("note", StringEscapeUtils.escapeHtml4(this.note));
  var1.put("barch", StringEscapeUtils.escapeHtml4(this.barch));
  var1.put("arch", StringEscapeUtils.escapeHtml4(this.barch));
  var1.put("port", StringEscapeUtils.escapeHtml4(this.getPort()));
  var1.put("charset", StringEscapeUtils.escapeHtml4(this.getCharset()));
  var1.put("phint", StringEscapeUtils.escapeHtml4(this.hint + ""));
  var1.put("process", StringEscapeUtils.escapeHtml4(this.proc));
  var1.put("_accent", StringEscapeUtils.escapeHtml4(this.accent));
  var1.put("listener", StringEscapeUtils.escapeHtml4(this.lname));
  var1.put("build", (this.build));
  var1.put("address", this.getIpAddress(this.ext)); // add address
import org.apache.commons.text.StringEscapeUtils;
 
HashMap var1 = new HashMap();
  var1.put("external", StringEscapeUtils.escapeHtml4(this.ext));
  var1.put("internal", StringEscapeUtils.escapeHtml4(this.intz));
  var1.put("host", StringEscapeUtils.escapeHtml4(this.intz));
  var1.put("user", StringEscapeUtils.escapeHtml4(this.user));
  var1.put("computer", StringEscapeUtils.escapeHtml4(this.comp));
  var1.put("last", StringEscapeUtils.escapeHtml4(this.diff + ""));
  var1.put("lastf", StringEscapeUtils.escapeHtml4(this.getLastCheckin()));
  var1.put("id", StringEscapeUtils.escapeHtml4(this.id));
  var1.put("pid", StringEscapeUtils.escapeHtml4(this.getPid()));
  var1.put("is64", StringEscapeUtils.escapeHtml4(this.is64));
  var1.put("pbid", StringEscapeUtils.escapeHtml4(this.pbid));
  var1.put("note", StringEscapeUtils.escapeHtml4(this.note));
  var1.put("barch", StringEscapeUtils.escapeHtml4(this.barch));
  var1.put("arch", StringEscapeUtils.escapeHtml4(this.barch));
  var1.put("port", StringEscapeUtils.escapeHtml4(this.getPort()));
  var1.put("charset", StringEscapeUtils.escapeHtml4(this.getCharset()));
  var1.put("phint", StringEscapeUtils.escapeHtml4(this.hint + ""));
  var1.put("process", StringEscapeUtils.escapeHtml4(this.proc));
  var1.put("_accent", StringEscapeUtils.escapeHtml4(this.accent));
  var1.put("listener", StringEscapeUtils.escapeHtml4(this.lname));
  var1.put("build", (this.build));
  var1.put("address", this.getIpAddress(this.ext)); // add address
if [ -e ./cobaltstrike.store ]; then
        echo "Will use existing X509 certificate and keystore (for SSL)"
else
        echo "Generating X509 certificate and keystore (for SSL)"
        keytool -keystore ./cobaltstrike.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias cobaltstrike -dname "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org"
fi
 
# start the team server.
java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=22222 -Djavax.net.ssl.keyStore=./cobaltstrike.store -Djavax.net.ssl.keyStorePassword=231422 -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./csproject.jar server.TeamServer $*
if [ -e ./cobaltstrike.store ]; then
        echo "Will use existing X509 certificate and keystore (for SSL)"
else
        echo "Generating X509 certificate and keystore (for SSL)"
        keytool -keystore ./cobaltstrike.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias cobaltstrike -dname "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org"
fi
 
# start the team server.
java -XX:ParallelGCThreads=4 -Dcobaltstrike.server_port=22222 -Djavax.net.ssl.keyStore=./cobaltstrike.store -Djavax.net.ssl.keyStorePassword=231422 -server -XX:+AggressiveHeap -XX:+UseParallelGC -classpath ./csproject.jar server.TeamServer $*
teamserver <host> <password> [/path/to/c2.profile] [YYYY-MM-DD]
 
    <host> is the (default) IP address of this Cobalt Strike team server
    <password> is the shared password to connect to this server
    [/path/to/c2.profile] is your Malleable C2 profile
    [YYYY-MM-DD] is a kill date for Beacon payloads run from this server
teamserver <host> <password> [/path/to/c2.profile] [YYYY-MM-DD]
 
    <host> is the (default) IP address of this Cobalt Strike team server
    <password> is the shared password to connect to this server
    [/path/to/c2.profile] is your Malleable C2 profile
    [YYYY-MM-DD] is a kill date for Beacon payloads run from this server
java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xmx1024M -jar csproject.jar $*
java -XX:ParallelGCThreads=4 -XX:+AggressiveHeap -XX:+UseParallelGC -Xmx1024M -jar csproject.jar $*
package aggressor.dialogs;
 
import aggressor.Aggressor;
import common.AObject;
import common.CommonUtils;
import dialog.DialogUtils;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Dimension;
import java.awt.Image;
import java.awt.Rectangle;
import javax.swing.BorderFactory;
import javax.swing.Icon;
import javax.swing.ImageIcon;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JScrollPane;
import javax.swing.JTextArea;
import javax.swing.text.DefaultCaret;
 
public class AboutDialog extends AObject {
   public void show() {
      JFrame var1 = DialogUtils.dialog("About", 320, 200);
      var1.setLayout(new BorderLayout());
 
      Icon originalIcon = DialogUtils.getIcon("resources/armitage-logo.gif");
      ImageIcon icon = (ImageIcon) originalIcon;
      Image image = icon.getImage();
      Image scaledImage = image.getScaledInstance(192, 192, Image.SCALE_SMOOTH);
      icon = new ImageIcon(scaledImage);
 
      JLabel var2 = new JLabel(icon);
      var2.setBackground(Color.black);
      var2.setForeground(Color.gray);
      var2.setOpaque(true);
      var2.setIconTextGap(5);  // Set the gap between the icon and text to 5px
 
      JTextArea var3 = new JTextArea();
      var3.setBackground(Color.black);
      var3.setForeground(Color.gray);
      var3.setEditable(false);
      var3.setFocusable(false);
      var3.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
      var3.setOpaque(false);
      var3.setLineWrap(true);
      var3.setWrapStyleWord(true);
 
      String var4 = CommonUtils.bString(CommonUtils.readResource("resources/about.html"));
      var2.setText(var4);
      var3.scrollRectToVisible(new Rectangle(0, 0, 1, 1));
      ((DefaultCaret)var3.getCaret()).setUpdatePolicy(1);
 
      JScrollPane var5 = new JScrollPane(var3, 22, 31);
      var5.setPreferredSize(new Dimension(var5.getWidth(), 100));
 
      String var6 = CommonUtils.bString(CommonUtils.readResource("resources/credits.txt"));
      var3.setText(var6);
 
      var5.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0));
      var1.add(var2, "Center");
      var1.add(var5, "South");
      var1.pack();
      var1.setLocationRelativeTo(Aggressor.getFrame());
      var1.setVisible(true);
   }
}
package aggressor.dialogs;
 
import aggressor.Aggressor;
import common.AObject;
import common.CommonUtils;
import dialog.DialogUtils;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Dimension;
import java.awt.Image;
import java.awt.Rectangle;
import javax.swing.BorderFactory;
import javax.swing.Icon;
import javax.swing.ImageIcon;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JScrollPane;
import javax.swing.JTextArea;
import javax.swing.text.DefaultCaret;
 
public class AboutDialog extends AObject {
   public void show() {
      JFrame var1 = DialogUtils.dialog("About", 320, 200);
      var1.setLayout(new BorderLayout());
 
      Icon originalIcon = DialogUtils.getIcon("resources/armitage-logo.gif");
      ImageIcon icon = (ImageIcon) originalIcon;
      Image image = icon.getImage();
      Image scaledImage = image.getScaledInstance(192, 192, Image.SCALE_SMOOTH);
      icon = new ImageIcon(scaledImage);
 
      JLabel var2 = new JLabel(icon);
      var2.setBackground(Color.black);
      var2.setForeground(Color.gray);
      var2.setOpaque(true);
      var2.setIconTextGap(5);  // Set the gap between the icon and text to 5px
 
      JTextArea var3 = new JTextArea();
      var3.setBackground(Color.black);
      var3.setForeground(Color.gray);
      var3.setEditable(false);
      var3.setFocusable(false);
      var3.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
      var3.setOpaque(false);
      var3.setLineWrap(true);
      var3.setWrapStyleWord(true);
 
      String var4 = CommonUtils.bString(CommonUtils.readResource("resources/about.html"));
      var2.setText(var4);
      var3.scrollRectToVisible(new Rectangle(0, 0, 1, 1));
      ((DefaultCaret)var3.getCaret()).setUpdatePolicy(1);
 
      JScrollPane var5 = new JScrollPane(var3, 22, 31);
      var5.setPreferredSize(new Dimension(var5.getWidth(), 100));
 
      String var6 = CommonUtils.bString(CommonUtils.readResource("resources/credits.txt"));
      var3.setText(var6);
 
      var5.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0));
      var1.add(var2, "Center");
      var1.add(var5, "South");
      var1.pack();
      var1.setLocationRelativeTo(Aggressor.getFrame());
      var1.setVisible(true);
   }
}
FlatLightLaf.setup();
FlatLightLaf.setup();
import java.awt.Component;
import java.util.function.Consumer;
import javax.swing.Icon;
import javax.swing.JLabel;
import javax.swing.JTable;
import javax.swing.table.TableCellRenderer;
import javax.swing.table.TableColumn;
import java.awt.Component;
import java.util.function.Consumer;
import javax.swing.Icon;
import javax.swing.JLabel;
import javax.swing.JTable;
import javax.swing.table.TableCellRenderer;
import javax.swing.table.TableColumn;
// repair session show
this.table.getColumnModel().getColumns().asIterator().forEachRemaining(new Consumer<TableColumn>() {
    public void accept(TableColumn tableColumn) {
        tableColumn.setCellRenderer(new TableCellRenderer() {
            public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
                Component tableCellRendererComponent = table.getDefaultRenderer(String.class).getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
                ((JLabel) tableCellRendererComponent).setIcon(null);
                ((JLabel) tableCellRendererComponent).setHorizontalAlignment(JLabel.CENTER); // 设置水平居中对齐
                return tableCellRendererComponent;
            }
        });
    }
});
// repair session show
this.table.getColumnModel().getColumns().asIterator().forEachRemaining(new Consumer<TableColumn>() {
    public void accept(TableColumn tableColumn) {
        tableColumn.setCellRenderer(new TableCellRenderer() {
            public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
                Component tableCellRendererComponent = table.getDefaultRenderer(String.class).getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
                ((JLabel) tableCellRendererComponent).setIcon(null);
                ((JLabel) tableCellRendererComponent).setHorizontalAlignment(JLabel.CENTER); // 设置水平居中对齐
                return tableCellRendererComponent;
            }
        });
    }
});
package aggressor.browsers;
 
import aggressor.AggressorClient;
import aggressor.DataUtils;
import common.AObject;
import common.Callback;
import dialog.DialogUtils;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.awt.event.WindowListener;
import javax.swing.JComponent;
import ui.ATable;
import ui.GenericTableModel;
import ui.TablePopup;
 
import java.awt.Component;
import java.util.function.Consumer;
import javax.swing.Icon;
import javax.swing.JLabel;
import javax.swing.JTable;
import javax.swing.table.TableCellRenderer;
import javax.swing.table.TableColumn;
 
public class Sessions extends AObject implements Callback, TablePopup {
   protected AggressorClient client = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{" ", "external", "internal", "listener", "user", "computer", "note", "process", "pid", "arch", "last"};
   protected boolean multipleSelect;
 
   public ATable getTable() {
      return this.table;
   }
 
   public void setColumns(String[] var1) {
      this.cols = var1;
   }
 
   public Sessions(AggressorClient var1, boolean var2) {
      this.client = var1;
      this.multipleSelect = var2;
   }
 
   public ActionListener cleanup() {
      return this.client.getData().unsubOnClose("beacons", this);
   }
 
   public WindowListener onclose() {
      return this.client.getData().unsubOnClose("beacons", this);
   }
 
   public boolean hasSelectedRows() {
      return this.model.hasSelectedRows(this.table);
   }
 
   public Object[] getSelectedValues() {
      return this.model.getSelectedValues(this.table);
   }
 
   public Object getSelectedValue() {
      return this.model.getSelectedValue(this.table) + "";
   }
 
   public void showPopup(MouseEvent var1) {
      DialogUtils.showSessionPopup(this.client, var1, this.model.getSelectedValues(this.table));
   }
 
   public JComponent getContent() {
      if (this.cols.length == 11) {
         this.model = DialogUtils.setupModel("id", this.cols, DataUtils.getBeaconModel(this.client.getData()));
      } else {
         this.model = DialogUtils.setupModel("id", this.cols, DataUtils.getBeaconModel(this.client.getData()));
      }
 
 
 
      this.table = DialogUtils.setupTable(this.model, this.cols, this.multipleSelect);
      if (this.cols.length == 11) {
         DialogUtils.sortby(this.table, 2, 8);
         this.table.getColumn("arch").setPreferredWidth(96);
         this.table.getColumn("arch").setMaxWidth(96);
      } else {
         DialogUtils.sortby(this.table, 1);
      }
 
      // repair session show
      this.table.getColumnModel().getColumns().asIterator().forEachRemaining(new Consumer<TableColumn>() {
         public void accept(TableColumn tableColumn) {
            tableColumn.setCellRenderer(new TableCellRenderer() {
               public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
                  Component tableCellRendererComponent = table.getDefaultRenderer(String.class).getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
                  ((JLabel) tableCellRendererComponent).setIcon(null);
                  ((JLabel) tableCellRendererComponent).setHorizontalAlignment(JLabel.CENTER); // 设置水平居中对齐
                  return tableCellRendererComponent;
               }
            });
         }
      });
 
      this.table.getColumn(" ").setPreferredWidth(32);
      this.table.getColumn(" ").setMaxWidth(32);
      this.table.getColumn("pid").setPreferredWidth(96);
      this.table.getColumn("pid").setMaxWidth(96);
      this.table.getColumn("last").setPreferredWidth(96);
      this.table.getColumn("last").setMaxWidth(96);
      DialogUtils.setupImageRenderer(this.table, this.model, " ", "image");
      DialogUtils.setupTimeRenderer(this.table, "last");
      this.table.setPopupMenu(this);
      this.client.getData().subscribe("beacons", this);
      return DialogUtils.FilterAndScroll(this.table);
   }
 
   public void result(String var1, Object var2) {
      if (this.table.isShowing()) {
         DialogUtils.setTable(this.table, this.model, DataUtils.getBeaconModelFromResult(var2));
      }
 
   }
}
package aggressor.browsers;
 
import aggressor.AggressorClient;
import aggressor.DataUtils;
import common.AObject;
import common.Callback;
import dialog.DialogUtils;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.awt.event.WindowListener;
import javax.swing.JComponent;
import ui.ATable;
import ui.GenericTableModel;
import ui.TablePopup;
 
import java.awt.Component;
import java.util.function.Consumer;
import javax.swing.Icon;
import javax.swing.JLabel;
import javax.swing.JTable;
import javax.swing.table.TableCellRenderer;
import javax.swing.table.TableColumn;
 
public class Sessions extends AObject implements Callback, TablePopup {
   protected AggressorClient client = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{" ", "external", "internal", "listener", "user", "computer", "note", "process", "pid", "arch", "last"};
   protected boolean multipleSelect;
 
   public ATable getTable() {
      return this.table;
   }
 
   public void setColumns(String[] var1) {
      this.cols = var1;
   }
 
   public Sessions(AggressorClient var1, boolean var2) {
      this.client = var1;
      this.multipleSelect = var2;
   }
 
   public ActionListener cleanup() {
      return this.client.getData().unsubOnClose("beacons", this);
   }
 
   public WindowListener onclose() {
      return this.client.getData().unsubOnClose("beacons", this);
   }
 
   public boolean hasSelectedRows() {
      return this.model.hasSelectedRows(this.table);
   }
 
   public Object[] getSelectedValues() {
      return this.model.getSelectedValues(this.table);
   }
 
   public Object getSelectedValue() {
      return this.model.getSelectedValue(this.table) + "";
   }
 
   public void showPopup(MouseEvent var1) {
      DialogUtils.showSessionPopup(this.client, var1, this.model.getSelectedValues(this.table));
   }
 
   public JComponent getContent() {
      if (this.cols.length == 11) {
         this.model = DialogUtils.setupModel("id", this.cols, DataUtils.getBeaconModel(this.client.getData()));
      } else {
         this.model = DialogUtils.setupModel("id", this.cols, DataUtils.getBeaconModel(this.client.getData()));
      }
 
 
 
      this.table = DialogUtils.setupTable(this.model, this.cols, this.multipleSelect);
      if (this.cols.length == 11) {
         DialogUtils.sortby(this.table, 2, 8);
         this.table.getColumn("arch").setPreferredWidth(96);
         this.table.getColumn("arch").setMaxWidth(96);
      } else {
         DialogUtils.sortby(this.table, 1);
      }
 
      // repair session show
      this.table.getColumnModel().getColumns().asIterator().forEachRemaining(new Consumer<TableColumn>() {
         public void accept(TableColumn tableColumn) {
            tableColumn.setCellRenderer(new TableCellRenderer() {
               public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
                  Component tableCellRendererComponent = table.getDefaultRenderer(String.class).getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
                  ((JLabel) tableCellRendererComponent).setIcon(null);
                  ((JLabel) tableCellRendererComponent).setHorizontalAlignment(JLabel.CENTER); // 设置水平居中对齐
                  return tableCellRendererComponent;
               }
            });
         }
      });
 
      this.table.getColumn(" ").setPreferredWidth(32);
      this.table.getColumn(" ").setMaxWidth(32);
      this.table.getColumn("pid").setPreferredWidth(96);
      this.table.getColumn("pid").setMaxWidth(96);
      this.table.getColumn("last").setPreferredWidth(96);
      this.table.getColumn("last").setMaxWidth(96);
      DialogUtils.setupImageRenderer(this.table, this.model, " ", "image");
      DialogUtils.setupTimeRenderer(this.table, "last");
      this.table.setPopupMenu(this);
      this.client.getData().subscribe("beacons", this);
      return DialogUtils.FilterAndScroll(this.table);
   }
 
   public void result(String var1, Object var2) {
      if (this.table.isShowing()) {
         DialogUtils.setTable(this.table, this.model, DataUtils.getBeaconModelFromResult(var2));
      }
 
   }
}
DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
centerRenderer.setHorizontalAlignment(JLabel.CENTER);
this.table.getColumn("address").setCellRenderer(centerRenderer);
this.table.getColumn("name").setCellRenderer(centerRenderer);
this.table.getColumn("note").setCellRenderer(centerRenderer);
DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
centerRenderer.setHorizontalAlignment(JLabel.CENTER);
this.table.getColumn("address").setCellRenderer(centerRenderer);
this.table.getColumn("name").setCellRenderer(centerRenderer);
this.table.getColumn("note").setCellRenderer(centerRenderer);
package aggressor.browsers;
 
import aggressor.AggressorClient;
import common.AObject;
import common.AdjustData;
import common.BeaconEntry;
import common.CommonUtils;
import dialog.ActivityPanel;
import dialog.DialogUtils;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import javax.swing.*;
import javax.swing.table.DefaultTableCellRenderer;
 
import ui.ATable;
import ui.GenericTableModel;
import ui.QueryRows;
import ui.TablePopup;
 
public class Targets extends AObject implements AdjustData, TablePopup, QueryRows {
   protected AggressorClient client = null;
   protected ActivityPanel dialog = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{" ", "address", "name", "note"};
   protected LinkedList targets = new LinkedList();
   protected Set compromised = new HashSet();
 
   public Targets(AggressorClient var1) {
      this.client = var1;
   }
 
   public ATable getTable() {
      return this.table;
   }
 
   public ActionListener cleanup() {
      return this.client.getData().unsubOnClose("targets, beacons", this);
   }
 
   public Map format(String var1, Object var2) {
      HashMap var3 = new HashMap((Map)var2);
      boolean var4 = this.compromised.contains((String)var3.get("address"));
      ImageIcon var5 = DialogUtils.TargetVisualizationSmall(var3.get("os") + "", CommonUtils.toDoubleNumber(var3.get("version") + "", 0.0D), var4, false);
      var3.put("image", var5);
      var3.put("owned", var4 ? Boolean.TRUE : Boolean.FALSE);
      return var3;
   }
 
   public JComponent getContent() {
      this.client.getData().subscribe("beacons", this);
      this.targets = this.client.getData().populateListAndSubscribe("targets", this);
      this.model = DialogUtils.setupModel("address", this.cols, this.targets);
      this.table = DialogUtils.setupTable(this.model, this.cols, true);
      this.table.setPopupMenu(this);
      DialogUtils.sortby(this.table, 1);
      Map var1 = DialogUtils.toMap("address: 125, name: 125, note: 625");
      DialogUtils.setTableColumnWidths(this.table, var1);
      this.table.getColumn(" ").setPreferredWidth(32);
      this.table.getColumn(" ").setMaxWidth(32);
      DialogUtils.setupImageRenderer(this.table, this.model, " ", "image");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "address", "owned");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "name", "owned");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "note", "owned");
 
      DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
      centerRenderer.setHorizontalAlignment(JLabel.CENTER);
      this.table.getColumn("address").setCellRenderer(centerRenderer);
      this.table.getColumn("name").setCellRenderer(centerRenderer);
      this.table.getColumn("note").setCellRenderer(centerRenderer);
       
      return DialogUtils.FilterAndScroll(this.table);
   }
 
   public Map[] getSelectedRows() {
      return this.model.getSelectedRows(this.table);
   }
 
   public void showPopup(MouseEvent var1) {
      Stack var2 = new Stack();
      var2.push(CommonUtils.toSleepArray(this.model.getSelectedValues(this.table)));
      this.client.getScriptEngine().getMenuBuilder().installMenu(var1, "targets", var2);
   }
 
   public void refresh() {
      this.targets = CommonUtils.apply("targets", this.targets, this);
      DialogUtils.setTable(this.table, this.model, this.targets);
   }
 
   public void result(String var1, Object var2) {
      if ("targets".equals(var1)) {
         this.targets = new LinkedList((LinkedList)var2);
         this.refresh();
         if (this.dialog != null) {
            this.dialog.touch();
         }
      } else if ("beacons".equals(var1)) {
         HashSet var3 = new HashSet();
         Iterator var4 = ((Map)var2).values().iterator();
 
         while(var4.hasNext()) {
            BeaconEntry var5 = (BeaconEntry)var4.next();
            if (var5.isActive()) {
               var3.add(var5.getInternal());
            }
         }
 
         if (!var3.equals(this.compromised)) {
            this.compromised = var3;
            this.refresh();
         }
      }
 
   }
 
   public boolean hasSelectedRows() {
      return this.model.hasSelectedRows(this.table);
   }
 
   public void notifyOnResult(ActivityPanel var1) {
      this.dialog = var1;
   }
}
package aggressor.browsers;
 
import aggressor.AggressorClient;
import common.AObject;
import common.AdjustData;
import common.BeaconEntry;
import common.CommonUtils;
import dialog.ActivityPanel;
import dialog.DialogUtils;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import javax.swing.*;
import javax.swing.table.DefaultTableCellRenderer;
 
import ui.ATable;
import ui.GenericTableModel;
import ui.QueryRows;
import ui.TablePopup;
 
public class Targets extends AObject implements AdjustData, TablePopup, QueryRows {
   protected AggressorClient client = null;
   protected ActivityPanel dialog = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{" ", "address", "name", "note"};
   protected LinkedList targets = new LinkedList();
   protected Set compromised = new HashSet();
 
   public Targets(AggressorClient var1) {
      this.client = var1;
   }
 
   public ATable getTable() {
      return this.table;
   }
 
   public ActionListener cleanup() {
      return this.client.getData().unsubOnClose("targets, beacons", this);
   }
 
   public Map format(String var1, Object var2) {
      HashMap var3 = new HashMap((Map)var2);
      boolean var4 = this.compromised.contains((String)var3.get("address"));
      ImageIcon var5 = DialogUtils.TargetVisualizationSmall(var3.get("os") + "", CommonUtils.toDoubleNumber(var3.get("version") + "", 0.0D), var4, false);
      var3.put("image", var5);
      var3.put("owned", var4 ? Boolean.TRUE : Boolean.FALSE);
      return var3;
   }
 
   public JComponent getContent() {
      this.client.getData().subscribe("beacons", this);
      this.targets = this.client.getData().populateListAndSubscribe("targets", this);
      this.model = DialogUtils.setupModel("address", this.cols, this.targets);
      this.table = DialogUtils.setupTable(this.model, this.cols, true);
      this.table.setPopupMenu(this);
      DialogUtils.sortby(this.table, 1);
      Map var1 = DialogUtils.toMap("address: 125, name: 125, note: 625");
      DialogUtils.setTableColumnWidths(this.table, var1);
      this.table.getColumn(" ").setPreferredWidth(32);
      this.table.getColumn(" ").setMaxWidth(32);
      DialogUtils.setupImageRenderer(this.table, this.model, " ", "image");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "address", "owned");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "name", "owned");
      DialogUtils.setupBoldOnKeyRenderer(this.table, this.model, "note", "owned");
 
      DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
      centerRenderer.setHorizontalAlignment(JLabel.CENTER);
      this.table.getColumn("address").setCellRenderer(centerRenderer);
      this.table.getColumn("name").setCellRenderer(centerRenderer);
      this.table.getColumn("note").setCellRenderer(centerRenderer);
       
      return DialogUtils.FilterAndScroll(this.table);
   }
 
   public Map[] getSelectedRows() {
      return this.model.getSelectedRows(this.table);
   }
 
   public void showPopup(MouseEvent var1) {
      Stack var2 = new Stack();
      var2.push(CommonUtils.toSleepArray(this.model.getSelectedValues(this.table)));
      this.client.getScriptEngine().getMenuBuilder().installMenu(var1, "targets", var2);
   }
 
   public void refresh() {
      this.targets = CommonUtils.apply("targets", this.targets, this);
      DialogUtils.setTable(this.table, this.model, this.targets);
   }
 
   public void result(String var1, Object var2) {
      if ("targets".equals(var1)) {
         this.targets = new LinkedList((LinkedList)var2);
         this.refresh();
         if (this.dialog != null) {
            this.dialog.touch();
         }
      } else if ("beacons".equals(var1)) {
         HashSet var3 = new HashSet();
         Iterator var4 = ((Map)var2).values().iterator();
 
         while(var4.hasNext()) {
            BeaconEntry var5 = (BeaconEntry)var4.next();
            if (var5.isActive()) {
               var3.add(var5.getInternal());
            }
         }
 
         if (!var3.equals(this.compromised)) {
            this.compromised = var3;
            this.refresh();
         }
      }
 
   }
 
   public boolean hasSelectedRows() {
      return this.model.hasSelectedRows(this.table);
   }
 
   public void notifyOnResult(ActivityPanel var1) {
      this.dialog = var1;
   }
}
package aggressor;
 
import aggressor.dialogs.ConnectDialog;
import aggressor.ui.UseSynthetica;
import com.formdev.flatlaf.FlatDarkLaf;
import com.formdev.flatlaf.FlatIntelliJLaf;
import com.formdev.flatlaf.FlatLightLaf;
import common.Authorization;
import common.License;
import common.Requirements;
import common.Starter;
import javax.swing.UIManager;
import sleep.parser.ParserConfig;
 
public class Aggressor extends Starter {
   public static final String VERSION = "4.4 (20210801) " + (License.isTrial() ? "Trial" : "Licensed");
   public static final String VERSION_SHORT = "4.4";
   private static MultiFrame B = null;
 
   public static MultiFrame getFrame() {
      return B;
   }
 
   public static void main(String[] var0) {
      Aggressor var1 = new Aggressor();
      var1.A(var0);
   }
 
   private final void A(String[] var1) {
      ParserConfig.installEscapeConstant('c', "\u0003");
      ParserConfig.installEscapeConstant('U', "\u001f");
      ParserConfig.installEscapeConstant('o', "\u000f");
      (new UseSynthetica()).setup();
 
      // repair file explorer
      Object DirIcon = UIManager.get("FileView.directoryIcon");
      Object DirIcon2 = UIManager.get("FileView.fileIcon");
      Object DirIcon3 = UIManager.get("FileView.computerIcon");
      Object DirIcon4 = UIManager.get("FileView.hardDriveIcon");
      Object DirIcon5 = UIManager.get("FileView.floppyDriveIcon");
 
      Requirements.checkGUI();
 
      try {
         FlatIntelliJLaf.setup();
         UIManager.put("FileView.directoryIcon",DirIcon);
         UIManager.put("FileView.fileIcon",DirIcon2);
         UIManager.put("FileView.computerIcon",DirIcon3);
         UIManager.put("FileView.hardDriveIcon",DirIcon4);
         UIManager.put("FileView.floppyDriveIcon",DirIcon5);
      } catch( Exception ex ) {
         System.err.println( "Failed to initialize LaF" );
      }
 
      License.checkLicenseGUI(new Authorization());
      B = new MultiFrame();
      super.initializeStarter(this.getClass());
      (new ConnectDialog(B)).show();
   }
}
package aggressor;
 
import aggressor.dialogs.ConnectDialog;
import aggressor.ui.UseSynthetica;
import com.formdev.flatlaf.FlatDarkLaf;
import com.formdev.flatlaf.FlatIntelliJLaf;
import com.formdev.flatlaf.FlatLightLaf;
import common.Authorization;
import common.License;
import common.Requirements;
import common.Starter;
import javax.swing.UIManager;
import sleep.parser.ParserConfig;
 
public class Aggressor extends Starter {
   public static final String VERSION = "4.4 (20210801) " + (License.isTrial() ? "Trial" : "Licensed");
   public static final String VERSION_SHORT = "4.4";
   private static MultiFrame B = null;
 
   public static MultiFrame getFrame() {
      return B;
   }
 
   public static void main(String[] var0) {
      Aggressor var1 = new Aggressor();
      var1.A(var0);
   }
 
   private final void A(String[] var1) {
      ParserConfig.installEscapeConstant('c', "\u0003");
      ParserConfig.installEscapeConstant('U', "\u001f");
      ParserConfig.installEscapeConstant('o', "\u000f");
      (new UseSynthetica()).setup();
 
      // repair file explorer
      Object DirIcon = UIManager.get("FileView.directoryIcon");
      Object DirIcon2 = UIManager.get("FileView.fileIcon");
      Object DirIcon3 = UIManager.get("FileView.computerIcon");
      Object DirIcon4 = UIManager.get("FileView.hardDriveIcon");
      Object DirIcon5 = UIManager.get("FileView.floppyDriveIcon");
 
      Requirements.checkGUI();
 
      try {
         FlatIntelliJLaf.setup();
         UIManager.put("FileView.directoryIcon",DirIcon);
         UIManager.put("FileView.fileIcon",DirIcon2);
         UIManager.put("FileView.computerIcon",DirIcon3);
         UIManager.put("FileView.hardDriveIcon",DirIcon4);
         UIManager.put("FileView.floppyDriveIcon",DirIcon5);
      } catch( Exception ex ) {
         System.err.println( "Failed to initialize LaF" );
      }
 
      License.checkLicenseGUI(new Authorization());
      B = new MultiFrame();
      super.initializeStarter(this.getClass());
      (new ConnectDialog(B)).show();
   }
}
// Add the cell renderer
DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
centerRenderer.setHorizontalAlignment(JLabel.CENTER);
for (int i = 0; i < this.table.getColumnCount(); i++) {
    this.table.getColumnModel().getColumn(i).setCellRenderer(centerRenderer);
}
// Add the cell renderer
DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
centerRenderer.setHorizontalAlignment(JLabel.CENTER);
for (int i = 0; i < this.table.getColumnCount(); i++) {
    this.table.getColumnModel().getColumn(i).setCellRenderer(centerRenderer);
}
package aggressor.windows;
 
import aggressor.AggressorClient;
import aggressor.ColorManager;
import aggressor.DataManager;
import aggressor.DataUtils;
import aggressor.dialogs.ScListenerDialog;
import common.AObject;
import common.AdjustData;
import common.BeaconEntry;
import common.Callback;
import common.CommonUtils;
import common.ListenerTasks;
import common.TeamQueue;
import cortana.Cortana;
import dialog.DialogUtils;
import java.awt.BorderLayout;
import java.awt.Component;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.util.LinkedList;
import java.util.Map;
import java.util.Stack;
import javax.swing.*;
import javax.swing.table.DefaultTableCellRenderer;
 
import ui.ATable;
import ui.GenericTableModel;
import ui.QueryableTable;
import ui.TablePopup;
 
public class ListenerManager extends AObject implements AdjustData, Callback, ActionListener, TablePopup {
   protected TeamQueue conn = null;
   protected Cortana engine = null;
   protected DataManager data = null;
   protected AggressorClient client = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{"name", "payload", "host", "port", "bindto", "beacons", "profile"};
 
   public ListenerManager(AggressorClient var1) {
      this.engine = var1.getScriptEngine();
      this.conn = var1.getConnection();
      this.data = var1.getData();
      this.client = var1;
      this.model = DialogUtils.setupModel("name", this.cols, CommonUtils.apply("listeners", DataUtils.getListenerModel(this.data), this));
      this.data.subscribe("listeners", this);
   }
 
   public ActionListener cleanup() {
      return this.data.unsubOnClose("listeners", this);
   }
 
   public void actionPerformed(ActionEvent var1) {
      if ("Add".equals(var1.getActionCommand())) {
         (new ScListenerDialog(this.client)).show();
      } else if ("Edit".equals(var1.getActionCommand())) {
         if (!this.model.hasSelectedRows(this.table)) {
            DialogUtils.showError(DialogUtils.MessageID.A_ROW_MUST_BE_SELECTED);
            return;
         }
 
         String var2 = this.model.getSelectedValue(this.table) + "";
         (new ListenerTasks(this.client, var2)).edit();
      } else {
         int var3;
         Object[] var4;
         if ("Remove".equals(var1.getActionCommand())) {
            var4 = this.model.getSelectedValues(this.table);
            if (var4.length == 0) {
               DialogUtils.showError(DialogUtils.MessageID.ROWS_MUST_BE_SELECTED);
               return;
            }
 
            for(var3 = 0; var3 < var4.length; ++var3) {
               (new ListenerTasks(this.client, (String)var4[var3])).remove();
            }
         } else if ("Restart".equals(var1.getActionCommand())) {
            var4 = this.model.getSelectedValues(this.table);
            if (var4.length == 0) {
               DialogUtils.showError(DialogUtils.MessageID.ROWS_MUST_BE_SELECTED);
               return;
            }
 
            for(var3 = 0; var3 < var4.length; ++var3) {
               this.conn.call("listeners.restart", CommonUtils.args(var4[var3]), new Callback() {
                  public void result(String var1, Object var2) {
                     if (var2 != null) {
                        DialogUtils.showInfo("Updated and restarted listener: " + var2);
                     }
 
                  }
               });
            }
         }
      }
 
   }
 
   public void showPopup(MouseEvent var1) {
      JPopupMenu var2 = new JPopupMenu();
      JMenu var3 = new JMenu("Color");
      var3.add((new ColorManager(this.client, new QueryableTable(this.table, this.model), "listeners")).getColorPanel());
      var2.add(var3);
      Object[] var4 = this.model.getSelectedValues(this.table);
      Stack var5 = new Stack();
      var5.push(CommonUtils.toSleepArray(var4));
      this.client.getScriptEngine().getMenuBuilder().setupMenu(var2, "listeners", var5);
      var2.show((Component)var1.getSource(), var1.getX(), var1.getY());
   }
 
   public JComponent getContent() {
      JPanel var1 = new JPanel();
      var1.setLayout(new BorderLayout());
      this.table = DialogUtils.setupTable(this.model, this.cols, true);
 
      // Add the cell renderer
      DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
      centerRenderer.setHorizontalAlignment(JLabel.CENTER);
      for (int i = 0; i < this.table.getColumnCount(); i++) {
         this.table.getColumnModel().getColumn(i).setCellRenderer(centerRenderer);
      }
 
      this.table.setPopupMenu(this);
      DialogUtils.setupListenerStatusRenderer(this.table, this.model, "name");
      DialogUtils.setTableColumnWidths(this.table, DialogUtils.toMap("name: 125, payload: 250, host: 125, port: 60, bindto: 60, beacons: 250, profile: 125"));
      DialogUtils.sortby(this.table, 0);
      JButton var2 = new JButton("Add");
      JButton var3 = new JButton("Edit");
      JButton var4 = new JButton("Remove");
      JButton var5 = new JButton("Restart");
      JButton var6 = new JButton("Help");
      var2.addActionListener(this);
      var3.addActionListener(this);
      var4.addActionListener(this);
      var5.addActionListener(this);
      var6.addActionListener(DialogUtils.gotoURL("https://www.cobaltstrike.com/help-listener-management"));
      var1.add(DialogUtils.FilterAndScroll(this.table), "Center");
      var1.add(DialogUtils.center(var2, var3, var4, var5, var6), "South");
      return var1;
   }
 
   public Map format(String var1, Object var2) {
      Map var3 = (Map)var2;
      String var4 = DialogUtils.string(var3, "bid");
      String var5 = DialogUtils.string(var3, "payload");
      if (!"".equals(var4) && "windows/beacon_reverse_tcp".equals(var5)) {
         BeaconEntry var6 = DataUtils.getBeacon(this.data, var4);
         if (var6 == null) {
            var3.put("status", "pivot session does not exist");
         } else if (!var6.isAlive()) {
            var3.put("status", "pivot session is not alive");
         }
 
         return var3;
      } else {
         return var3;
      }
   }
 
   public void result(String var1, Object var2) {
      LinkedList var3 = CommonUtils.apply(var1, ((Map)var2).values(), this);
      DialogUtils.setTable(this.table, this.model, var3);
   }
}
package aggressor.windows;
 
import aggressor.AggressorClient;
import aggressor.ColorManager;
import aggressor.DataManager;
import aggressor.DataUtils;
import aggressor.dialogs.ScListenerDialog;
import common.AObject;
import common.AdjustData;
import common.BeaconEntry;
import common.Callback;
import common.CommonUtils;
import common.ListenerTasks;
import common.TeamQueue;
import cortana.Cortana;
import dialog.DialogUtils;
import java.awt.BorderLayout;
import java.awt.Component;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.util.LinkedList;
import java.util.Map;
import java.util.Stack;
import javax.swing.*;
import javax.swing.table.DefaultTableCellRenderer;
 
import ui.ATable;
import ui.GenericTableModel;
import ui.QueryableTable;
import ui.TablePopup;
 
public class ListenerManager extends AObject implements AdjustData, Callback, ActionListener, TablePopup {
   protected TeamQueue conn = null;
   protected Cortana engine = null;
   protected DataManager data = null;
   protected AggressorClient client = null;
   protected GenericTableModel model = null;
   protected ATable table = null;
   protected String[] cols = new String[]{"name", "payload", "host", "port", "bindto", "beacons", "profile"};
 
   public ListenerManager(AggressorClient var1) {
      this.engine = var1.getScriptEngine();
      this.conn = var1.getConnection();
      this.data = var1.getData();
      this.client = var1;
      this.model = DialogUtils.setupModel("name", this.cols, CommonUtils.apply("listeners", DataUtils.getListenerModel(this.data), this));
      this.data.subscribe("listeners", this);
   }
 
   public ActionListener cleanup() {
      return this.data.unsubOnClose("listeners", this);
   }
 
   public void actionPerformed(ActionEvent var1) {
      if ("Add".equals(var1.getActionCommand())) {
         (new ScListenerDialog(this.client)).show();
      } else if ("Edit".equals(var1.getActionCommand())) {
         if (!this.model.hasSelectedRows(this.table)) {
            DialogUtils.showError(DialogUtils.MessageID.A_ROW_MUST_BE_SELECTED);
            return;
         }
 
         String var2 = this.model.getSelectedValue(this.table) + "";
         (new ListenerTasks(this.client, var2)).edit();
      } else {
         int var3;
         Object[] var4;
         if ("Remove".equals(var1.getActionCommand())) {
            var4 = this.model.getSelectedValues(this.table);
            if (var4.length == 0) {
               DialogUtils.showError(DialogUtils.MessageID.ROWS_MUST_BE_SELECTED);
               return;
            }
 
            for(var3 = 0; var3 < var4.length; ++var3) {
               (new ListenerTasks(this.client, (String)var4[var3])).remove();
            }
         } else if ("Restart".equals(var1.getActionCommand())) {
            var4 = this.model.getSelectedValues(this.table);
            if (var4.length == 0) {
               DialogUtils.showError(DialogUtils.MessageID.ROWS_MUST_BE_SELECTED);
               return;
            }
 
            for(var3 = 0; var3 < var4.length; ++var3) {
               this.conn.call("listeners.restart", CommonUtils.args(var4[var3]), new Callback() {
                  public void result(String var1, Object var2) {
                     if (var2 != null) {
                        DialogUtils.showInfo("Updated and restarted listener: " + var2);
                     }
 
                  }
               });
            }
         }
      }
 
   }
 
   public void showPopup(MouseEvent var1) {
      JPopupMenu var2 = new JPopupMenu();
      JMenu var3 = new JMenu("Color");
      var3.add((new ColorManager(this.client, new QueryableTable(this.table, this.model), "listeners")).getColorPanel());
      var2.add(var3);
      Object[] var4 = this.model.getSelectedValues(this.table);
      Stack var5 = new Stack();
      var5.push(CommonUtils.toSleepArray(var4));
      this.client.getScriptEngine().getMenuBuilder().setupMenu(var2, "listeners", var5);
      var2.show((Component)var1.getSource(), var1.getX(), var1.getY());
   }
 
   public JComponent getContent() {
      JPanel var1 = new JPanel();
      var1.setLayout(new BorderLayout());
      this.table = DialogUtils.setupTable(this.model, this.cols, true);
 
      // Add the cell renderer
      DefaultTableCellRenderer centerRenderer = new DefaultTableCellRenderer();
      centerRenderer.setHorizontalAlignment(JLabel.CENTER);
      for (int i = 0; i < this.table.getColumnCount(); i++) {
         this.table.getColumnModel().getColumn(i).setCellRenderer(centerRenderer);
      }
 
      this.table.setPopupMenu(this);
      DialogUtils.setupListenerStatusRenderer(this.table, this.model, "name");
      DialogUtils.setTableColumnWidths(this.table, DialogUtils.toMap("name: 125, payload: 250, host: 125, port: 60, bindto: 60, beacons: 250, profile: 125"));
      DialogUtils.sortby(this.table, 0);
      JButton var2 = new JButton("Add");
      JButton var3 = new JButton("Edit");
      JButton var4 = new JButton("Remove");
      JButton var5 = new JButton("Restart");
      JButton var6 = new JButton("Help");
      var2.addActionListener(this);
      var3.addActionListener(this);
      var4.addActionListener(this);
      var5.addActionListener(this);
      var6.addActionListener(DialogUtils.gotoURL("https://www.cobaltstrike.com/help-listener-management"));
      var1.add(DialogUtils.FilterAndScroll(this.table), "Center");
      var1.add(DialogUtils.center(var2, var3, var4, var5, var6), "South");
      return var1;
   }
 
   public Map format(String var1, Object var2) {
      Map var3 = (Map)var2;
      String var4 = DialogUtils.string(var3, "bid");
      String var5 = DialogUtils.string(var3, "payload");
      if (!"".equals(var4) && "windows/beacon_reverse_tcp".equals(var5)) {
         BeaconEntry var6 = DataUtils.getBeacon(this.data, var4);
         if (var6 == null) {
            var3.put("status", "pivot session does not exist");
         } else if (!var6.isAlive()) {
            var3.put("status", "pivot session is not alive");
         }
 
         return var3;
      } else {
         return var3;
      }
   }
 
   public void result(String var1, Object var2) {
      LinkedList var3 = CommonUtils.apply(var1, ((Map)var2).values(), this);
      DialogUtils.setTable(this.table, this.model, var3);
   }
}
   public static String getIpAddress(String ipaddress) {
      if (ipaddress.length() > 15 || ipaddress.equals("unknown") || ipaddress.equals("")) {
         return "未知";
      }
      try {
//         QQWry qqwry = new QQWry(Paths.get("qqwry.dat", new String[0]));
 
         byte[] data = CommonUtils.readResource("resources/qqwry.dat"); // add
         QQWry qqwry = new QQWry(data);
 
         IPZone ipzone = qqwry.findIP(ipaddress);
         return ipzone.getMainInfo();
      } catch (Exception e) {
         return "Exception: " + e.getMessage();
      }
   }
   public static String getIpAddress(String ipaddress) {
      if (ipaddress.length() > 15 || ipaddress.equals("unknown") || ipaddress.equals("")) {
         return "未知";
      }
      try {
//         QQWry qqwry = new QQWry(Paths.get("qqwry.dat", new String[0]));
 
         byte[] data = CommonUtils.readResource("resources/qqwry.dat"); // add
         QQWry qqwry = new QQWry(data);

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

最后于 2023-10-2 17:20 被bwner编辑 ,原因:
收藏
免费 8
支持
分享
最新回复 (3)
雪    币: 2948
活跃值: (30846)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
感谢分享
2023-11-8 09:28
1
雪    币: 24
活跃值: (43)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
漏洞修复这个点,WebServer中反编译有这段代码 int len$ = arr$.length; int len$;错误
2024-4-28 19:41
0
雪    币: 2147
活跃值: (5228)
能力值: ( LV7,RANK:150 )
在线值:
发帖
回帖
粉丝
4
Coocit 漏洞修复这个点,WebServer中反编译有这段代码 int len$ = arr$.length; int len$;错误
出现报错让idea自动修复,一般就能行了
2024-4-28 20:17
0
游客
登录 | 注册 方可回帖
返回
//