User:Invapid/Cobalt strike

From ArchWiki

This article or section needs language, wiki syntax or style improvements. See Help:Style for reference.

Cobalt Strike is penetration testing software that executes targeted attacks and replicates advanced threats.

Requirements

  • metasploit
  • postgresql
  • database.yml # can set via MSF_DATABASE_CONFIG env

Dependencies

Install postgresql and metasploit.

Setting up postgres

passwd postgress # set password
su - postgres -c "initdb -D '/var/lib/postgres/data'" # create db, some people recommended the appending the "--locale en_US.UTF-8 " flag

Enable required services

sudo systemctl start postgresql
./msfconsole # should be enough to start metasploit service listening on 127.0.0.1:55553

# copy sample yml database file for MSF_DATABASE_CONFIG env
cp /usr/share/metasploit/config/database.yml.example  /usr/share/metasploit/config/database.yml 

#
# you should change the default creds in the database.yml
# ~/.msf4/ ... database.yml is not there.
#

msfrpcd -a 127.0.0.1 -U [user] -P [pass] -S -f # instead of msfcli?

# run cobaltstrike
sudo MSF_DATABASE_CONFIG=/usr/share/metasploit/config/database.yml ./cobaltstrike

#
# use same user/pass combo to connect to cobalt strike server as you did for msfrpcd 
#


Troubleshooting

  • if stuck at "progress" popup that says "login failed, your creds may not be correct (make sure they're the same as the msfrpcd creds)
  • is /usr/share/metasploit/config/database.yml derived from metasploit? or is it unique?
Retrieved from "https://wiki.archlinux.org/index.php?title=User:Invapid/Cobalt_strike&oldid=486032"