Sync Downloads
This is meant as a fine-tuned control mechanism for syncing files from the Cobalt Strike Downloads entries in the data model
Why
- Searching
- You can retrieve everything, user-supplied needles from the context of your current
Beacon's known downloads or at a "global" downloads scale
- You can retrieve everything, user-supplied needles from the context of your current
- Context maintenance
- Whether from a
UNCpath or a "local" system filepath, your full directory path will be maintained
- Whether from a
Usage
| Beacon_Command | Description | Example Usage |
|---|---|---|
show_beacon_downloads |
Show current beacon downloads | show_beacon_downloads [optional_search] |
search_all_beacon_downloads |
Show all beacon downloads | search_all_beacon_downloads [optional_search] |
sync_all_beacon_downloads |
Sync all beacon downloads | sync_all_beacon_downloads [optional_search] [OVERWRITE] |
sync_beacon_downloads |
Sync current beacon downloads | sync_beacon_downloads [optional_search] [OVERWRITE] |
Footgun Prevention
By default, any encountering of previously downloaded files in a path will not be downloaded again.
To override this behavior, you must specify OVERWRITE as a third argument to sync.* commands.
Mulitiple Matching
As the supplied parameter for an optional search is present, you can think of this as a possible regex filter (because it is).
Examples
show_beacon_downloads "(.exe|.bin)" will search Downloads associated with the current Beacon matching exe or bin
show_beacon_downloads will search and list all Downloads associated with the current Beacon
search_all_beacon_downloads "(.exe|.bin)" will search Downloads associated with all Beacons matching exe or bin
search_all_beacon_downloads will search and list all Downloads associated with all Beacons
sync_beacon_downloads will search Downloads associated with the current Beacon and create a directory structure, ignoring if files are already present
sync_beacon_downloads "(.exe|.bin)" will search Downloads associated with the current Beacon matching exe or bin and create a directory structure, ignoring if files are already present
sync_beacon_downloads "(.exe|.bin)" will search Downloads associated with the current Beacon matching exe or bin and create a directory structure, overwriting files if they are already present
sync_all_beacon_downloads will search Downloads associated with all Beacons and create a directory structure, ignoring if files are already present
sync_all_beacon_downloads "(.exe|.bin)" will search Downloads associated with all Beacons matching exe or bin and create a directory structure, ignoring if files are already present
sync_all_beacon_downloads "(.exe|.bin)" will search Downloads associated with all Beacons matching exe or bin and create a directory structure, overwriting files if they are already present
Sample Outputs
