88 lines
3.0 KiB
TOML
88 lines
3.0 KiB
TOML
# Conquest default configuration file
|
|
# https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/malleable-c2_profile-language.htm#_Toc65482837
|
|
|
|
name = "cq-default-profile"
|
|
|
|
# Important file paths and locations
|
|
conquest_directory = "/mnt/c/Users/jakob/Documents/Projects/conquest"
|
|
private_key_file = "/mnt/c/Users/jakob/Documents/Projects/conquest/data/keys/conquest-server_x25519_private.key"
|
|
database_file = "/mnt/c/Users/jakob/Documents/Projects/conquest/data/conquest.db"
|
|
|
|
# General agent settings
|
|
[agent]
|
|
sleep = 5
|
|
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36"
|
|
|
|
# ----------------------------------------------------------
|
|
# HTTP GET
|
|
# ----------------------------------------------------------
|
|
# Defines URI endpoints for HTTP GET requests
|
|
[http-get]
|
|
endpoints = [
|
|
"/get",
|
|
"/api/v1.2/status.js"
|
|
]
|
|
|
|
# Defines where the heartbeat is placed within the HTTP GET request
|
|
# Allows for data transformation using encoding (base64, base64url, ...), appending and prepending of strings
|
|
# Metadata can be stored in a Header (e.g. JWT Token, Session Cookie), URI parameter, appended to the URI or request body
|
|
# Encoding is only applied to the payload and not the prepended or appended strings
|
|
[http-get.agent.heartbeat]
|
|
placement = { type = "header", name = "Authorization" }
|
|
encoding = { type = "base64", url-safe = true }
|
|
prefix = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
|
|
suffix = ".KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30"
|
|
|
|
# Example: PHP session cookie
|
|
# placement = { type = "header", name = "Cookie" }
|
|
# prefix = "PHPSESSID="
|
|
# suffix = ", path=/"
|
|
# encoding = { type = "base64", url-safe = true }
|
|
|
|
# Other examples
|
|
# placement = { type = "parameter", name = "id" }
|
|
# placement = { type = "uri" }
|
|
# placement = { type = "body" }
|
|
|
|
# Defines arbitrary URI parameters that are added to the request
|
|
[http-get.agent.parameters]
|
|
|
|
# Defines arbitrary headers that are added by the agent when performing a HTTP GET request
|
|
[http-get.agent.headers]
|
|
Cache-Control = "no-cache"
|
|
|
|
# Defines arbitrary headers that are added to the server's response
|
|
[http-get.server.headers]
|
|
Server = "nginx"
|
|
Content-Type = "application/octet-stream"
|
|
Connection = "Keep-Alive"
|
|
|
|
# Defines how the server's response to the task retrieval request is rendered
|
|
# Allows same data transformation options as the agent metadata, allowing it to be embedded in benign content
|
|
# e.g base64-encoded in a svg/img
|
|
[http-get.server.output]
|
|
placement = { type = "body" }
|
|
|
|
# ----------------------------------------------------------
|
|
# HTTP POST
|
|
# ----------------------------------------------------------
|
|
# Defines URI endpoints for HTTP POST requests
|
|
[http-post]
|
|
endpoints = [
|
|
"/post",
|
|
"/api/v2/get.js"
|
|
]
|
|
|
|
[http-post.agent.headers]
|
|
Content-Type = "application/octet-stream"
|
|
Connection = "Keep-Alive"
|
|
Cache-Control = "no-cache"
|
|
|
|
[http-post.agent.output]
|
|
placement = { type = "body" }
|
|
|
|
[http-post.server.headers]
|
|
Server = "nginx"
|
|
|
|
[http-post.server.output]
|
|
placement = { type = "body" } |