User:Invapid/Cobalt strike
Cobalt Strike is penetration testing software that executes targeted attacks and replicates advanced threats.
Requirements
- metasploit
- postgresql
- database.yml # can set via MSF_DATABASE_CONFIG env
Dependencies
Install postgresql and metasploit.
Setting up postgres
passwd postgress # set password su - postgres -c "initdb -D '/var/lib/postgres/data'" # create db, some people recommended the appending the "--locale en_US.UTF-8 " flag
Enable required services
sudo systemctl start postgresql ./msfconsole # should be enough to start metasploit service listening on 127.0.0.1:55553
# copy sample yml database file for MSF_DATABASE_CONFIG env cp /usr/share/metasploit/config/database.yml.example /usr/share/metasploit/config/database.yml
# # you should change the default creds in the database.yml # ~/.msf4/ ... database.yml is not there. #
msfrpcd -a 127.0.0.1 -U [user] -P [pass] -S -f # instead of msfcli?
# run cobaltstrike sudo MSF_DATABASE_CONFIG=/usr/share/metasploit/config/database.yml ./cobaltstrike
# # use same user/pass combo to connect to cobalt strike server as you did for msfrpcd #
Troubleshooting
- if stuck at "progress" popup that says "login failed, your creds may not be correct (make sure they're the same as the msfrpcd creds)
- is /usr/share/metasploit/config/database.yml derived from metasploit? or is it unique?