Scripted Web Delivery (S)

The Attacks -> Web Drive-by -> Scripted Web Delivery (S) feature generates a stageless Beacon payload artifact, hosts it on Cobalt Strike’s web server, and presents a one-liner to download and run the artifact. The options are: bitsadmin, exe, powershell, powershell IEX, and python.

The bitsadmin option hosts an executable and uses bitsadmin to download it. The bitsadmin method runs the executable via cmd.exe.

The exe option generates an executable and hosts it on Cobalt Strike's web server.

The powershell option hosts a PowerShell script and uses powershell.exe to download the script and evaluate it.

The powershell IEX option hosts a PowerShell script and uses powershell.exe to download the script and evaluate it. Similar to prior 'powershell' option, but it provides a shorter Invoke-Execution one-liner command that can be pasted into a PowerShell console.

The python option hosts a Python script and uses python.exe to download the script and run it. Each of these options is a different way to run a Cobalt Strike listener.

Check Enable SSL to serve this content over SSL. This option is available when you specify a valid SSL certificate in your Malleable C2 profile. Make sure the Host field matches the CN field of your SSL certificate. This will avoid a situation where this feature fails because of a mismatch between these fields.