CSSG
CSSG is a powerful Cobalt Strike Shellcode generation tool. Essentially, CSSG is an offensive Python script that researchers can use to easily generate and format beacon shellcode.
The tool supports the generation of stageless beacon shellcode with features such as exposed exit methods, additional formatting, encryption, encoding, compression, and multi-line output.
Note: Shellcode conversions usually need to be performed in descending order of menu order.
Enforcement requirements
The optional AES encryption option is implemented using a python script in the /assets folder.
Depending on which pycryptodome package is to be installed to perform AES encryption.
When installing the pycryptodome package using the pip command, depending on your Python environment:
python -m pip install pycryptodome
python3 -m pip install pycryptodome
py -3 -m pip install pycryptodome
py -2 -m pip install pycryptodomeWe can check the installation status of the pycryptodome package after the pip installation is executed, using the following command:
python -m pip list | grep cryptoThe generator will use the system’s default “python” command to start the AES encryption script.
Tool download
Researchers can clone the source code of the project locally and use it using the following commands:
git clone https://github.com/RCStep/CSSG.gitShellcode generator option
Listener:
Use the “…” button to select a valid listener. The shellcode will be generated based on the selected listener.
Transmitter:
No stage (CSSG is a shellcode duster that does not support stage operation).
Exit Method:
Process: When the beacon is closed, exit the entire process;
Thread: When the beacon is closed, exit the thread that runs the beacon;
Local Shellcode Options:
This option is available if you want to execute Shellcode from an existing beacon.
Generate a beacon Shellcode Payload that can inherit key function pointers from the same schema parent beacon.
Existing Sessions:
Shellcode extracts session metadata into the parent Beacon session.
Shellcode will be executed in this beacon session.
x86 options:
Generate x86 Shellcode, x64 Shellcode is generated by default.
Using the Shellcode file:
Use the original externally generated Shellcode file instead of generating the beacon Shellcode.
This will allow us to use the output of a previously exported Shellcode file or other tools (Donut, msfvenom, etc.).
Format:
Metadata – Shellcode binary source code output, no formatting;
Hex – Shellcode hex format output;
0x90,0x90,0x90 – Shellcode C# style byte array output;
\x90\x90\x90 – Shellcode C\C++ style byte array output;
b64 – Base64 encoding option;
XOR encryption shellcode:
Check to xenopate or encrypt the Shellcode.
XOR key:
Encrypt with randomly generated or editable XOR key characters.
Multiple characters mean multiple XER or encryption.
AES encryption Shellcode:
Tick to enable AES encryption to Shellcode, encryption type optional.
Use a Python script to perform AES block cipher AES-CBC encryption.
Shellcode will populate the \0 value to meet the packet size requirements.
In addition, the tool will add a randomly generated vector to the encrypted shellcode data.
AES Key:
Randomly generated editable AES key for encryption.
Generate a 32-byte key with priority for 256-bit encryption strength.
Encryption keys are accepted in byte lengths of 16, 24, and 32 bits.
Encoding and compression:
No Encoding/Compression – Shellcode is not encoded and compressed.
b64 – Base64 encoding.
Gzip + b64 – gzip compression first, then Base64 encoding.
gzip – perform gzip compression.
b64 + gzip – Base64 encoded first, then gzip compressed.
Screenshot of the tool run
Add Shellcode generator to the top menu bar of Shellcode-Cobalt Strike:
CSSG:【
https://github.com/RCStep/CSSG】