{"id":164,"date":"2026-05-28T13:24:01","date_gmt":"2026-05-28T05:24:01","guid":{"rendered":"https:\/\/duoduosec.fun\/?p=164"},"modified":"2026-05-30T16:56:46","modified_gmt":"2026-05-30T08:56:46","slug":"%e3%80%90c2%e8%bf%9b%e9%98%b6%e3%80%91cobalt-strike-%e6%b7%b1%e5%ba%a6%e6%8b%86%e8%a7%a3%e4%b8%8e%e4%bd%bf%e7%94%a8%e6%8c%87%e5%8d%97","status":"publish","type":"post","link":"https:\/\/duoduosec.fun\/index.php\/2026\/05\/28\/%e3%80%90c2%e8%bf%9b%e9%98%b6%e3%80%91cobalt-strike-%e6%b7%b1%e5%ba%a6%e6%8b%86%e8%a7%a3%e4%b8%8e%e4%bd%bf%e7%94%a8%e6%8c%87%e5%8d%97\/","title":{"rendered":"\u3010\u7ea2\u961f\u6b66\u5668\u5e93\u3011Cobalt Strike \u5b8c\u5168\u89e3\u6790\uff1a\u4ece\u5165\u95e8\u5230\u5b9e\u6218"},"content":{"rendered":"\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>\ud83d\udee0\ufe0f \u4f7f\u7528\u7684\u5de5\u5177<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/github.com\/D13Xian\/CobaltStrike-KunKun\" data-type=\"link\" data-id=\"https:\/\/github.com\/D13Xian\/CobaltStrike-KunKun\">Cobalt Strike<\/a><\/strong>\u00a0\u2014 \u6e17\u900f\u6d4b\u8bd5\u7684 C2 \u6846\u67b6<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u4e00\u3001Beacon\uff08\u4fe1\u6807\u3001\u6728\u9a6c\uff09<\/h2>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>\u5728CobaltStrike\u4e2d\uff1a<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Beacon\u662f\u5176\u6838\u5fc3payload\uff08\u653b\u51fb\u8f7d\u8377\uff09\uff0c\u53ef\u4ee5\u7406\u89e3\u4e3a\u4e00\u4e2a\u529f\u80fd\u6781\u5176\u5f3a\u5927\u3001\u9ad8\u5ea6\u6a21\u5757\u5316\u7684\u201c\u540e\u95e8\u7a0b\u5e8f\u201d<\/strong>\uff0c\u5b83\u8fd0\u884c\u5728\u5df2\u6e17\u900f\u7684\u76ee\u6807\u4e3b\u673a\u4e0a\uff0c\u8d1f\u8d23\u4e0e\u63a7\u5236\u7aef\uff08C2\u670d\u52a1\u5668\uff09\u5efa\u7acb\u79d8\u5bc6\u901a\u4fe1\u5e76\u6267\u884c\u5404\u79cd\u6076\u610f\u547d\u4ee4\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddec Beacon\u7684\u6838\u5fc3\u5de5\u4f5c\u673a\u5236<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Beacon\u7684\u6838\u5fc3\u5de5\u4f5c\u673a\u5236\u53ef\u4ee5\u6982\u62ec\u4e3a\u201c<strong>\u5fc3\u810f\u8df3\u52a8\u5f0f\u901a\u4fe1<\/strong>\u201d\uff0c\u8fd9\u662f\u4e00\u79cd\u975e\u5b9e\u65f6\u7684\u3001\u5f02\u6b65\u7684\u5de5\u4f5c\u6a21\u5f0f\uff0c\u4e5f\u662f\u5b83\u540d\u5b57\u201cBeacon\u201d\uff08\u4fe1\u6807\uff09\u7684\u7531\u6765<a href=\"https:\/\/cloud.tencent.cn\/developer\/article\/1595094?from=15425\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/mdr.skyeye.qianxin.com\/forum\/share\/2430\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>\u201c\u5fc3\u8df3\u201d\u8fde\u63a5<\/strong>\uff1aBeacon\u8fd0\u884c\u540e\uff0c\u5e76\u4e0d\u4f1a\u4e00\u76f4\u4e0e\u63a7\u5236\u7aef\u4fdd\u6301\u8fde\u63a5\u3002\u5b83\u4f1a\u6309\u7167\u9884\u8bbe\u7684<strong>\u7761\u7720\u65f6\u95f4<\/strong>\uff0c\u6bd4\u5982\u6bcf60\u79d2\u4e00\u6b21\uff0c\u5b9a\u671f\u201c\u9192\u6765\u201d\uff0c\u5411\u63a7\u5236\u7aef\u7684<strong>\u76d1\u542c\u5668\uff08Listener\uff09<\/strong>&nbsp;\u53d1\u9001\u4e00\u4e2a\u7b80\u77ed\u4fe1\u53f7\u6765\u201c\u62a5\u5230\u201d\uff0c\u5e76\u8be2\u95ee\u662f\u5426\u6709\u65b0\u4efb\u52a1<a href=\"https:\/\/cloud.tencent.cn\/developer\/article\/1595094?from=15425\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/mdr.skyeye.qianxin.com\/forum\/share\/2430\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002<\/li>\n\n\n\n<li><strong>\u83b7\u53d6\u4efb\u52a1<\/strong>\uff1a\u5982\u679c\u63a7\u5236\u7aef\u6709\u5f85\u6267\u884c\u7684\u4efb\u52a1\uff0cBeacon\u4f1a\u5c06\u5176\u4e0b\u8f7d\u5230\u76ee\u6807\u4e3b\u673a\u4e0a\u3002<\/li>\n\n\n\n<li><strong>\u6267\u884c\u4e0e\u4f11\u7720<\/strong>\uff1a\u5728\u672c\u5730\u6267\u884c\u5b8c\u4efb\u52a1\u540e\uff0cBeacon\u4f1a\u518d\u6b21\u8fdb\u5165\u4f11\u7720\u72b6\u6001\uff0c\u7b49\u5f85\u4e0b\u4e00\u6b21\u201c\u5fc3\u8df3\u201d\u65f6\u518d\u56de\u4f20\u4efb\u52a1\u7ed3\u679c\u3002<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u79cd\u5de5\u4f5c\u6a21\u5f0f\u6700\u5927\u7684\u597d\u5904\u662f<strong>\u9690\u853d\u6027\u5f3a<\/strong>\u3002\u901a\u4fe1\u5e76\u975e\u5b9e\u65f6\u8fde\u7eed\uff0c\u800c\u662f\u4f4e\u9891\u6b21\u3001\u6709\u89c4\u5f8b\u7684\uff0c\u8fd9\u4f7f\u5f97\u5b83\u80fd\u591f\u5f88\u597d\u5730\u89c4\u907f\u8bb8\u591a\u57fa\u4e8e\u5b9e\u65f6\u6d41\u91cf\u5206\u6790\u7684\u5b89\u5168\u68c0\u6d4b\u7cfb\u7edf\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udce1 Beacon\u7684\u901a\u4fe1\u6a21\u5f0f<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>HTTP\/HTTPS Beacon\uff1a\u901a\u8fc7Web\u8bf7\u6c42\u4e0a\u7ebf\uff08\u6700\u5e38\u89c1\uff0c\u652f\u6301\u57df\u524d\u7f6e\uff09<\/li>\n\n\n\n<li>DNS Beacon\uff1a\u901a\u8fc7DNS\u4f20\u8f93\u6570\u636e\uff08\u9690\u533f\u6027\u6781\u5f3a\uff0c\u4f46\u6162\uff09<\/li>\n\n\n\n<li>SMB Beacon\uff1a\u7528\u4e8e\u5185\u7f51\u6a2a\u5411\u79fb\u52a8<\/li>\n\n\n\n<li>TCP Beacon\uff1a\u81ea\u5b9a\u4e49\u7aef\u53e3\u4f20\u8f93\uff0c\u9002\u5408\u975e\u6807\u51c6\u73af\u5883<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27 Beacon\u7684\u540e\u6e17\u900f\u529f\u80fd<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e00\u65e6Beacon\u6210\u529f\u4e0a\u7ebf\uff0c\u653b\u51fb\u8005\u5c31\u80fd\u901a\u8fc7\u5b83\u6267\u884c\u5404\u79cd\u540e\u6e17\u900f\u64cd\u4f5c\uff0c\u51e0\u4e4e\u6240\u6709\u653b\u51fb\u529f\u80fd\u90fd\u662f\u901a\u8fc7Beacon\u6765\u5b8c\u6210\u7684<a href=\"https:\/\/cert.gov.ng\/index.php\/advisories\/cobalt-strike-beacon-malware-affecting-netwrokssystems\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/csirt.ncc.gov.ng\/index.php\/resources\/security-advisories\/346-ngcert-s-e-c-u-r-i-t-y-a-d-v-i-s-o-r-y-cobalt-strike-beacon-malware-affecting-netwroks-systems\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002\u4e3b\u8981\u529f\u80fd\u5305\u62ec\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u4fe1\u606f\u6536\u96c6<\/strong>\uff1a\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u3001\u5217\u4e3e\u8fdb\u7a0b\u3001\u6293\u53d6\u5bc6\u7801\u54c8\u5e0c\uff08Hash\uff09\u3001\u622a\u5c4f\u3001\u952e\u76d8\u8bb0\u5f55\u7b49\u3002<\/li>\n\n\n\n<li><strong>\u6743\u9650\u63d0\u5347<\/strong>\uff1a\u5229\u7528\u7cfb\u7edf\u6f0f\u6d1e\u5c06\u5f53\u524d\u4f4e\u6743\u9650\u4f1a\u8bdd\u63d0\u5347\u81f3<code>SYSTEM<\/code>\u6216\u7ba1\u7406\u5458\u6743\u9650\u3002<\/li>\n\n\n\n<li><strong>\u5185\u7f51\u6f2b\u6e38<\/strong>\uff1a\u901a\u8fc7\u7aef\u53e3\u626b\u63cf\u3001\u7f51\u7edc\u63a2\u6d4b\u53d1\u73b0\u5185\u7f51\u5176\u4ed6\u4e3b\u673a\uff0c\u5e76\u5229\u7528PsExec\u3001WMI\u7b49\u5de5\u5177\u6a2a\u5411\u79fb\u52a8\u5230\u5176\u4ed6\u673a\u5668\u3002<\/li>\n\n\n\n<li><strong>\u6301\u4e45\u5316<\/strong>\uff1a\u5728\u7cfb\u7edf\u4e2d\u5b89\u88c5\u540e\u95e8\u6216\u670d\u52a1\uff0c\u786e\u4fdd\u91cd\u542f\u540e\u4f9d\u7136\u80fd\u88ab\u63a7\u5236\u3002<\/li>\n\n\n\n<li><strong>\u52a0\u8f7d\u63d2\u4ef6<\/strong>\uff1a\u80fd\u591f\u52a8\u6001\u52a0\u8f7d\u548c\u8fd0\u884c\u989d\u5916\u7684\u63d2\u4ef6\u6a21\u5757\uff08\u5982Beacon Object Files\uff0cBOF\uff09\uff0c\u6781\u5927\u5730\u6269\u5c55\u4e86\u5176\u653b\u51fb\u80fd\u529b<a href=\"https:\/\/cloud.tencent.cn\/developer\/information\/%e5%a6%82%e4%bd%95%e4%bd%bf%e7%94%a8Beacon%20SDK%e4%bb%a5%e5%8f%8a%e4%bd%bf%e7%94%a8%e5%93%aa%e4%b8%aaBeacon%20SDK%ef%bc%9f\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccb Beacon \u5e38\u7528\u547d\u4ee4\u5927\u5168<\/h3>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u4fe1\u606f\u6536\u96c6\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>ls<\/code>\uff1a\u5217\u51fa\u76ee\u5f55\u6587\u4ef6&nbsp;<\/li>\n\n\n\n<li><code>pwd<\/code>\uff1a\u663e\u793a\u5f53\u524d\u76ee\u5f55&nbsp;<\/li>\n\n\n\n<li><code>ps<\/code>\uff1a\u663e\u793a\u8fdb\u7a0b\u5217\u8868&nbsp;<\/li>\n\n\n\n<li><code>drives<\/code>\uff1a\u5217\u51fa\u6240\u6709\u78c1\u76d8\u76d8\u7b26&nbsp;<\/li>\n\n\n\n<li><code>net<\/code>\uff1a\u7f51\u7edc\u548c\u4e3b\u673a\u63a2\u6d4b\u5de5\u5177&nbsp;<\/li>\n\n\n\n<li><code>portscan<\/code>\uff1a\u7aef\u53e3\u626b\u63cf&nbsp;<\/li>\n\n\n\n<li><code>getuid<\/code>\uff1a\u83b7\u53d6\u5f53\u524d\u7528\u6237\u4fe1\u606f&nbsp;<\/li>\n\n\n\n<li><code>screenshot<\/code>\uff1a\u622a\u5c4f&nbsp;<\/li>\n\n\n\n<li><code>keylogger<\/code>\uff1a\u5f00\u542f\u952e\u76d8\u8bb0\u5f55<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u6743\u9650\u63d0\u5347\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>getsystem<\/code>\uff1a\u5c1d\u8bd5\u83b7\u53d6 SYSTEM \u6743\u9650&nbsp;<\/li>\n\n\n\n<li><code>elevate<\/code>\uff1a\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u9ad8\u6743\u9650 Beacon&nbsp;<\/li>\n\n\n\n<li><code>runasadmin<\/code>\uff1a\u4ee5\u9ad8\u6743\u9650\u6267\u884c\u7a0b\u5e8f&nbsp;<\/li>\n\n\n\n<li><code>getprivs<\/code>\uff1a\u542f\u7528\u5f53\u524d\u4ee4\u724c\u7684 system \u7279\u6743<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u6a2a\u5411\u79fb\u52a8\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>jump<\/code>\uff1a\u5728\u8fdc\u7a0b\u673a\u5668\u4e0a\u690d\u5165 Beacon\uff08\u6a2a\u5411\u79fb\u52a8\uff09<\/li>\n\n\n\n<li><code>remote-exec<\/code>\uff1a\u5728\u8fdc\u7a0b\u673a\u5668\u4e0a\u6267\u884c\u547d\u4ee4&nbsp;<\/li>\n\n\n\n<li><code>link<\/code>\uff1a\u901a\u8fc7\u547d\u540d\u7ba1\u9053\u8fde\u63a5\u8fdc\u7a0b SMB Beacon&nbsp;<\/li>\n\n\n\n<li><code>connect<\/code>\uff1a\u901a\u8fc7 TCP \u6b63\u5411\u8fde\u63a5\u8fdc\u7a0b Beacon&nbsp;<\/li>\n\n\n\n<li><code>unlink<\/code>\uff1a\u65ad\u5f00\u4e0e Beacon \u7684\u8fde\u63a5&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u51ed\u8bc1\u64cd\u4f5c\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>hashdump<\/code>\uff1a\u83b7\u53d6\u672c\u5730\u7528\u6237\u5bc6\u7801\u54c8\u5e0c&nbsp;<\/li>\n\n\n\n<li><code>mimikatz<\/code>\uff1a\u8fd0\u884c mimikatz \u83b7\u53d6\u5bc6\u7801&nbsp;<\/li>\n\n\n\n<li><code>logonpasswords<\/code>\uff1a\u4f7f\u7528 mimikatz \u83b7\u53d6\u5bc6\u7801\u548c\u54c8\u5e0c&nbsp;<\/li>\n\n\n\n<li><code>pth<\/code>\uff1a\u6267\u884c Pass-the-Hash \u653b\u51fb&nbsp;<\/li>\n\n\n\n<li><code>dcsync<\/code>\uff1a\u4ece\u57df\u63a7\u63d0\u53d6\u5bc6\u7801\u54c8\u5e0c&nbsp;<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u6587\u4ef6\u64cd\u4f5c\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>download<\/code>\uff1a\u4e0b\u8f7d\u6587\u4ef6&nbsp;<\/li>\n\n\n\n<li><code>upload<\/code>\uff1a\u4e0a\u4f20\u6587\u4ef6&nbsp;<\/li>\n\n\n\n<li><code>cp<\/code>\uff1a\u590d\u5236\u6587\u4ef6&nbsp;<\/li>\n\n\n\n<li><code>mv<\/code>\uff1a\u79fb\u52a8\u6587\u4ef6&nbsp;<\/li>\n\n\n\n<li><code>rm<\/code>\uff1a\u5220\u9664\u6587\u4ef6\u6216\u6587\u4ef6\u5939&nbsp;<\/li>\n\n\n\n<li><code>mkdir<\/code>:\u521b\u5efa\u76ee\u5f55&nbsp;<\/li>\n\n\n\n<li><code>cd<\/code>:\u5207\u6362\u76ee\u5f55<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u6267\u884c\u63a7\u5236\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>shell<\/code>\uff1a\u901a\u8fc7 cmd.exe \u6267\u884c\u547d\u4ee4&nbsp;<\/li>\n\n\n\n<li><code>run<\/code>\uff1a\u6267\u884c\u7a0b\u5e8f\uff08\u6709\u56de\u663e\uff09<\/li>\n\n\n\n<li><code>execute<\/code>\uff1a\u6267\u884c\u7a0b\u5e8f\uff08\u65e0\u56de\u663e\uff09<\/li>\n\n\n\n<li><code>powershell<\/code>\uff1a\u901a\u8fc7 powershell.exe \u6267\u884c\u547d\u4ee4&nbsp;<\/li>\n\n\n\n<li><code>powerpick<\/code>\uff1a\u5185\u5b58\u6267\u884c PowerShell\uff08\u4e0d\u8c03\u7528 powershell.exe\uff09<\/li>\n\n\n\n<li><code>execute-assembly<\/code>\uff1a\u5185\u5b58\u52a0\u8f7d\u6267\u884c .NET \u7a0b\u5e8f&nbsp;<\/li>\n\n\n\n<li><code>sleep<\/code>\uff1a\u8bbe\u7f6e\u5fc3\u8df3\u95f4\u9694\u65f6\u95f4&nbsp;<\/li>\n\n\n\n<li><code>exit<\/code>\uff1a\u7ed3\u675f\u5f53\u524d Beacon \u4f1a\u8bdd<\/li>\n<\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\">\ud83d\udd39 <strong>\u4ee3\u7406\u4e0e\u96a7\u9053\u7c7b<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><code>socks<\/code>\uff1a\u542f\u52a8 SOCKS4a \u4ee3\u7406&nbsp;<\/li>\n\n\n\n<li><code>rportfwd<\/code>\uff1a\u53cd\u5411\u7aef\u53e3\u8f6c\u53d1&nbsp;<\/li>\n\n\n\n<li><code>covertvpn<\/code>\uff1a\u90e8\u7f72 Covert VPN \u5ba2\u6237\u7aef<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccc Beacon \u4e00\u53e5\u8bdd\u603b\u7ed3<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CS\u91cc\u9762\u7684Beacon\u5c31\u662f&#8221;\u5b9a\u65f6\u547c\u53eb\u6bcd\u8230\u7684\u8fdc\u7a0b\u63a7\u5236\u6728\u9a6c&#8221;\uff0c\u5728\u5b9e\u6218\u4e2d\u5b83\u662f\u4f60\u7684&#8221;\u524d\u7ebf\u5c0f\u5175&#8221;\uff0c\u771f\u6b63\u8d1f\u8d23\u4fe1\u606f\u6536\u96c6\u3001\u6267\u884c\u547d\u4ee4\u3001\u4e0a\u4f20\u6570\u636e\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u4e8c\u3001Cobalt Strike \u57fa\u672c\u4f7f\u7528<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cobalt Strike \u662f\u4e00\u6b3e\u57fa\u4e8e Java \u5f00\u53d1\u7684 C\/S \u67b6\u6784\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\uff0c\u670d\u52a1\u7aef\u9700\u90e8\u7f72\u5728 Linux \u670d\u52a1\u5668\u4e0a\uff0c\u5ba2\u6237\u7aef\u8de8\u5e73\u53f0\u8fd0\u884c<a href=\"https:\/\/www.freebuf.com\/articles\/463226.html\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002\u4ee5\u4e0b\u662f\u5b8c\u6574\u7684\u4f7f\u7528\u6d41\u7a0b\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udce6 \u73af\u5883\u642d\u5efa<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u670d\u52a1\u7aef\u914d\u7f6e\uff08Linux\uff09<\/strong><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code><strong># \u5b89\u88c5 Java \u73af\u5883\uff08JDK 11\uff09\nsudo apt install openjdk-11-jdk<\/strong><\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_174502_514-1024x552.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"552\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_174502_514-1024x552.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-216\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>#\u68c0\u6d4b Java \u73af\u5883\u662f\u5426\u5b89\u88c5\u6210\u529f\njava -version<\/strong><\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_174837_337-1024x552.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"552\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_174837_337-1024x552.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-221\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code><strong># \u7ed9\u670d\u52a1\u7aef\u811a\u672c\u6267\u884c\u6743\u9650\nchmod +x teamserver TeamServerImage\n# \u542f\u52a8\u670d\u52a1\u7aef\uff08IP\u586b\u670d\u52a1\u5668\u516c\u7f51\/\u5185\u7f51IP\uff0c\u5bc6\u7801\u81ea\u5b9a\u4e49\uff09\n.\/teamserver &lt;\u670d\u52a1\u5668IP&gt; &lt;\u5bc6\u7801&gt;<\/strong><\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_175219_698-1024x552.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"552\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/ScreenShot_2026-05-28_175219_698-1024x552.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-224\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u5ba2\u6237\u7aef\u8fde\u63a5\uff08Windows\uff09<\/strong><\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code><strong># Windows \u5ba2\u6237\u7aef\n.\\Cobalt_Strike_CN.bat<\/strong><\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-1024x604.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"604\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-1024x604.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-229\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-1-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-1-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-231\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfa7 \u521b\u5efa\u76d1\u542c\u5668\uff08Listener\uff09<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u64cd\u4f5c\u6b65\u9aa4<\/strong><\/li>\n<\/ul>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u70b9\u51fb\u83dc\u5355&nbsp;<code>Cobalt Strike<\/code>&nbsp;\u2192&nbsp;<code>Listeners<\/code>&nbsp;\u2192&nbsp;<code>Add<\/code><\/li>\n\n\n\n<li>\u914d\u7f6e\u5173\u952e\u53c2\u6570<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-table aligncenter is-style-regular\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">\u53c2\u6570<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u8bf4\u660e<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u793a\u4f8b<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Name<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">\u76d1\u542c\u5668\u540d\u79f0\uff08\u81ea\u5b9a\u4e49\uff09<\/td><td class=\"has-text-align-center\" data-align=\"center\"><code>http_80<\/code><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Payload<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">\u901a\u4fe1\u534f\u8bae\u7c7b\u578b<\/td><td class=\"has-text-align-center\" data-align=\"center\"><code>windows\/beacon_http\/reverse_http<\/code><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>HTTP Hosts<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">TeamServer \u7684 IP \u6216\u57df\u540d\uff08\u4f1a\u5199\u5165\u6728\u9a6c\uff09<\/td><td class=\"has-text-align-center\" data-align=\"center\"><code>192.168.1.100<\/code>&nbsp;\u6216&nbsp;<code>c2.example.com<\/code><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>HTTP Port (C2)<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">\u76d1\u542c\u7aef\u53e3<\/td><td class=\"has-text-align-center\" data-align=\"center\"><code>80<\/code>&nbsp;\/&nbsp;<code>443<\/code>&nbsp;\/&nbsp;<code>8080<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-3-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-3-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-244\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udca3 \u751f\u6210\u653b\u51fb\u8f7d\u8377\uff08Payload\uff09<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u64cd\u4f5c\u6b65\u9aa4<\/strong><\/li>\n<\/ul>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u70b9\u51fb&nbsp;<code>Attacks<\/code>&nbsp;\u2192&nbsp;<code>Packages<\/code>&nbsp;\u2192&nbsp;<code>Windows Executable<\/code><\/li>\n\n\n\n<li>\u914d\u7f6e\u53c2\u6570\uff1a<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-table aligncenter\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-center\" data-align=\"center\">\u53c2\u6570<\/th><th class=\"has-text-align-center\" data-align=\"center\">\u8bf4\u660e<\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Listener<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">\u9009\u62e9\u5df2\u521b\u5efa\u7684\u76d1\u542c\u5668<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Output<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><code>Windows EXE<\/code>\uff08\u666e\u901a\u6728\u9a6c\uff09\u6216&nbsp;<code>Windows Service EXE<\/code>\uff08\u670d\u52a1\u6301\u4e45\u5316\uff09<a href=\"https:\/\/rivers.chaitin.cn\/blog\/cq951eh0lnechd244hm0\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>x64<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">\u52fe\u9009\u751f\u6210 64 \u4f4d\u7248\u672c<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-4-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-4-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-260\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcbb \u4e0a\u7ebf\u4e0e\u57fa\u7840\u63a7\u5236<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u6267\u884c\u6728\u9a6c<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u5c06\u6728\u9a6c\u4f20\u8f93\u81f3\u76ee\u6807\u4e3b\u673a\u5e76\u8fd0\u884c\uff0cCobalt Strike \u754c\u9762\u4f1a\u51fa\u73b0\u65b0\u7684 Beacon \u6761\u76ee<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-5-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-5-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-267\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u8c03\u6574\u5fc3\u8df3\u95f4\u9694\uff08\u91cd\u8981\uff01\uff09<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Beacon \u9ed8\u8ba4&nbsp;<strong>60\u79d2<\/strong>&nbsp;\u56de\u8fde\u4e00\u6b21\uff0c\u6267\u884c\u547d\u4ee4\u540e\u9700\u8981\u7b49\u5f85\u4e00\u4e2a\u5468\u671f\u624d\u6709\u56de\u663e<a href=\"https:\/\/www.freebuf.com\/articles\/463226.html\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/rivers.chaitin.cn\/blog\/cq951eh0lnechd244hm0\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a>\u3002\u53f3\u952e Beacon \u2192&nbsp;<code>Sleep<\/code>\uff0c\u8bbe\u7f6e\u4e3a&nbsp;<code>0<\/code>&nbsp;\u5373\u53ef\u6539\u4e3a\u5b9e\u65f6\u901a\u4fe1<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-6-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-6-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-269\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u91cc\u8bbe\u7f6e\u62105\u79d2\u56de\u8fde\u4e00\u6b21<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-7-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-7-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-271\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-medium-font-size\"><strong>\u4ea4\u4e92\u65b9\u5f0f<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u53f3\u952e Beacon \u2192 \u9009\u62e9\u529f\u80fd\u83dc\u5355\uff08Explore\u3001Access\u3001Pivoting\u7b49\uff09<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-8-1024x544.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" data-original=\"https:\/\/duoduosec.fun\/wp-content\/uploads\/2026\/05\/image-8-1024x544.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-274\"  sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udee0\ufe0f \u4f7f\u7528\u7684\u5de5\u5177 \u4e00\u3001Beacon\uff08\u4fe1\u6807\u3001\u6728\u9a6c\uff09 \u5728CobaltStrike\u4e2d\uff1a Beacon\u662f\u5176\u6838\u5fc3payl [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":189,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[13,14,16],"class_list":["post-164","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tools","tag-cobaltstrike","tag-14","tag-redteam"],"_links":{"self":[{"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/posts\/164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/comments?post=164"}],"version-history":[{"count":84,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/posts\/164\/revisions"}],"predecessor-version":[{"id":308,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/posts\/164\/revisions\/308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/media\/189"}],"wp:attachment":[{"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/media?parent=164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/categories?post=164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/duoduosec.fun\/index.php\/wp-json\/wp\/v2\/tags?post=164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}