User:Invapid/Cobalt strike

From ArchWiki
Jump to navigation Jump to search

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements. See Help:Style for reference.Tango-edit-clear.png

Cobalt Strike is penetration testing software that executes targeted attacks and replicates advanced threats.


  • metasploit
  • postgresql
  • database.yml # can set via MSF_DATABASE_CONFIG env


Install postgresql and metasploit.

Setting up postgres

passwd postgress # set password
su - postgres -c "initdb -D '/var/lib/postgres/data'" # create db, some people recommended the appending the "--locale en_US.UTF-8 " flag

Enable required services

sudo systemctl start postgresql
./msfconsole # should be enough to start metasploit service listening on
# copy sample yml database file for MSF_DATABASE_CONFIG env
cp /usr/share/metasploit/config/database.yml.example  /usr/share/metasploit/config/database.yml 
# you should change the default creds in the database.yml
# ~/.msf4/ ... database.yml is not there.
msfrpcd -a -U [user] -P [pass] -S -f # instead of msfcli?
# run cobaltstrike
sudo MSF_DATABASE_CONFIG=/usr/share/metasploit/config/database.yml ./cobaltstrike
# use same user/pass combo to connect to cobalt strike server as you did for msfrpcd 


  • if stuck at "progress" popup that says "login failed, your creds may not be correct (make sure they're the same as the msfrpcd creds)
  • is /usr/share/metasploit/config/database.yml derived from metasploit? or is it unique?