Building a Collaborative Attack Platform with Amazon EC2 – Part 1b: CobaltStrike

 Part 1b – Prepare the CobalStrike Teamserver

Hello all,

today we’re going to install CobaltStrike Teamserver on our previously installed EC2 Kali machine, after this step, all our team members can connect to it and we can share all compromised machines, remember, as already mentioned in the previous article, in real world operation, normally we have several teamserver machines.

For the installation of CobaltStrike Team Server on EC2 linux machine we can start watching the good video of Raphael Mudge @armitagehacker

 At this point I can stop writing my article… 🙂

Raphael’s clip is still very good,but it’s based on an old version of CobaltStrike, so (I’m sorry for you) you’ll have to keep reading my article…

The first step is to get the link to download the tar file, for do this we can go at the URL :

Then click on Accept and after on Linux(.tgz), now if you right click on “Download COBALT STRIKE now!” and choose Copy link address (something like, At this point we are ready to download the installer on our EC2 machine without GUI.

Log on to your kali machine with your favorite ssh client,

Prior to download the file,I usually prefer to create a folder where I put all my installers,then let’s try to install CobaltStrike in a linux shell :

sudo /bin/bash
mkdir /CobaltStrike
mkdir /CobaltStrike/Install
cd /CobaltStrike/Install
wget (paste the URL here with shift+ins)
tar zxvf cobaltstrike-trial.tgz
mv cobaltstrike ../
cd ../cobaltstrike


Now you must verify if the java version is the correct one:

java -version 
javac -version

If so, you can start the teamserver now, otherwise you must upgrade java, depending on the type of virtual machine that you have installed (I talk about recent kali linux  machine, but your machine can be different) you can upgrade java in different ways, you can watch this interesting article :

these are the recommended commands for debian:

su -
echo "deb xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp:// --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer

if you want to set Oracle Java 8 as default:

 sudo apt-get install oracle-java8-set-default

another way to install java can be:

sudo update-java-alternatives -s java-8-oracle

Remember : It’s not recommended to use OpenJDK in combination with Cobalt Strike on Kali Linux Rolling.

Now we just have to start the teamserver:

./teamserver XX.XX.XX.XX somepassword
where XX.XX.XX.XX is the IP address of your EC2 instance (external IP, do not use ifconfig)
and somepassword is the password that the team will use to join the teamserver

Now we can connect to this teamserver with the cobaltstrike client.

If you don’t have, no problem, now I will tell you how to do:

For client installation, you simply need to extract the same file downloaded for the teamserver and run ./cobaltstrike

You can fill the field with your IP, port, your username and the password used for starting the teamserver

For demo purpose we can use a trial license, but this license is not enought per the real world, because, as Raphael says : The Cobalt Strike 3.0 trial is the full Cobalt Strike product with one [significant] difference. The Cobalt Strike 3.0 trial inserts several “tells” to get caught by standard security products. This change is made possible by Cobalt Strike’s flexibility to change its indicators and artifacts.

If you have a valid commercial license you can just run the ./update command in your teamserver and put your code onto the consolle.

It is not recommended to install a mixed client/server environment with a trial and commercial license,so, go ahead with only one.

Tips : if you want the session persists after closing the ssh terminal , you must use the “screen” command prior to start the teamserver.


For more info :

The full CobaltStrike manual is at

For now is all.

Happy hacking and stay tuned


If you missed the first part:…mazon-ec2-part-1/

The video