Skip to content

WKL-Sec/Winsocky

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Client
Client
 
 
Server
Server
 
 
README.md
README.md
 
 

Repository files navigation

Winsocky

Winsocket implementation for Cobalt Strike. Used to communicate with the victim using winsockets instead of the traditional ways.

Blog Post

Developing Winsock Communication in Malware

Usage

client.c

Is the client which receives the command from the server, executes the command in a child process, parse its output and send it back to the server.
Open the solution (.sln) file to compile the code with Visual Studio.

server.c

The BOF script which is loaded to Cobalt Strike. It connects to the client's Winsocket's server, thus sending the command and receiving back the response.

To compile it, use make:

cd Server && make

Then load socket.cna to Cobalt Strike. To use it, run the following command:

socky <command>

Note: Commands with whiteline spaces (e.x.: whoami /all) must be wrapped in "".

Demo

Screencast.from.7.6.23.07.32.56.PD.CEST.mp4

Author

Kleiton Kurti (@kleiton0x00)

About

Winsocket for Cobalt Strike.

Resources

Readme
Activity

Stars

98 stars

Watchers

4 watching

Forks

18 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages