Cobalt Strike has a lot of features, but it's too heavy for only host machine or boxes. But it's inspired me a lot.
So I wanna create a lightweight hacking environment for myself and providing features like following:
-
different enviroment in different hacking project - content switching
such as, you play #hackthebox machine and #tryhackme machine at the same time, and you have to switch the different environment for them.
you will cost a lot time on switching the environment, and you will forget to switch the environment sometimes although you have a note for it.
-
enviroments collections. put things about projects together. - save and clean
such as, you have a #hackthebox machine and you put all the tools together in a arsenal
Now you need craft some payload and delivery it to the target machine
before: you need to switch the environment to the arsenal folder , compile payloads and start a server(maybe http server or jndi server) to delivery the payload
that compile will make the arsenal folder dirty, and you need to clean it up before you commit it to git
and what you compile is useless for other projects which also need this payload
if you want copy the payload back to the project folder, you need to find the project folder again and copy the path.
now: you can create $PROJECT_WEB_DELIVERY for the payload and delivery it to the target machine, and you can easliy move the payload to $PROJECT_WEB_DELIVERY and delivery it to the target machine. also you save the payload for this project and you can use it again and keep the arsenal folder clean.
-
customized metaspoit rcfile for different projects
such as, you have a #hackthebox machine and you want create a handler fastly. when your machine is resetting and recover the reverse shell again.
now: you can edit the rcfile for project and use it in vscode terminal with
metasploitmode. send trigger again and get the shell. -
taking notes, log/save credentials, download files from remote machine and keep them tidy
it works well with vscode. so you can use some vscode extensions and vscode features to do sth.
like ssh with vscode or port fortwarding with vscode
such as, you have a #hackthebox machine and you want to save the credentials you found in the machine.
now: you can create a file named
credand save the credentials in it.userfolder to save context with getting foothold and to user.rootfolder to save context with getting root.also I recommand using Foam in extensions.json to take notes and save the notes in the project folder. you can use the notes to write the report after you get the goal. you can use double linked like [[USE]] to go to the doucment use.md.
-
fast payload generation with metasploit
such as, you have a #hackthebox machine and you want to craft a payload for it.
now: you can use vscode tasks in vscode to generate the payload fastly.
-
more feature ...