Part 1b – Prepare the CobalStrike Teamserver
Hello all,
today we’re going to install CobaltStrike Teamserver on our previously installed EC2 Kali machine, after this step, all our team members can connect to it and we can share all compromised machines, remember, as already mentioned in the previous article, in real world operation, normally we have several teamserver machines.
For the installation of CobaltStrike Team Server on EC2 linux machine we can start watching the good video of Raphael Mudge @armitagehacker
At this point I can stop writing my article… 🙂
Raphael’s clip is still very good,but it’s based on an old version of CobaltStrike, so (I’m sorry for you) you’ll have to keep reading my article…
The first step is to get the link to download the tar file, for do this we can go at the URL : https://www.cobaltstrike.com/download
Then click on Accept and after on Linux(.tgz), now if you right click on “Download COBALT STRIKE now!” and choose Copy link address (something like https://www.cobaltstrike.com/downloads/81212b015cd9ae028a769c76a38110e3/cobaltstrike-trial.tgz), At this point we are ready to download the installer on our EC2 machine without GUI.
Log on to your kali machine with your favorite ssh client,
Prior to download the file,I usually prefer to create a folder where I put all my installers,then let’s try to install CobaltStrike in a linux shell :
sudo /bin/bash
mkdir /CobaltStrike
mkdir /CobaltStrike/Install
cd /CobaltStrike/Install
wget (paste the URL here with shift+ins) https://www.cobaltstrike.com/downloads/81212b015cd9ae028a769c76a38110e3/cobaltstrike-trial.tgz
tar zxvf cobaltstrike-trial.tgz
mv cobaltstrike ../
cd ../cobaltstrike
Now you must verify if the java version is the correct one:
java -version
javac -version
If so, you can start the teamserver now, otherwise you must upgrade java, depending on the type of virtual machine that you have installed (I talk about recent kali linux machine, but your machine can be different) you can upgrade java in different ways, you can watch this interesting article : http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
these are the recommended commands for debian:
su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer
exit
if you want to set Oracle Java 8 as default:
sudo apt-get install oracle-java8-set-defaultanother way to install java can be:
sudo update-java-alternatives -s java-8-oracle
Remember : It’s not recommended to use OpenJDK in combination with Cobalt Strike on Kali Linux Rolling.
Now we just have to start the teamserver:
./teamserver XX.XX.XX.XX somepassword
where XX.XX.XX.XX is the IP address of your EC2 instance (external IP, do not use ifconfig)
and somepassword is the password that the team will use to join the teamserver
Now we can connect to this teamserver with the cobaltstrike client.
If you don’t have, no problem, now I will tell you how to do:
For client installation, you simply need to extract the same file downloaded for the teamserver and run ./cobaltstrike
You can fill the field with your IP, port, your username and the password used for starting the teamserver
For demo purpose we can use a trial license, but this license is not enought per the real world, because, as Raphael says : The Cobalt Strike 3.0 trial is the full Cobalt Strike product with one [significant] difference. The Cobalt Strike 3.0 trial inserts several “tells” to get caught by standard security products. This change is made possible by Cobalt Strike’s flexibility to change its indicators and artifacts.
If you have a valid commercial license you can just run the ./update command in your teamserver and put your code onto the consolle.
It is not recommended to install a mixed client/server environment with a trial and commercial license,so, go ahead with only one.
Tips : if you want the session persists after closing the ssh terminal , you must use the “screen” command prior to start the teamserver.
For more info : https://www.cobaltstrike.com/help-install
The full CobaltStrike manual is at https://www.cobaltstrike.com/downloads/csmanual36.pdf
For now is all.
Happy hacking and stay tuned
If you missed the first part: http://s0ftwargs.com/blog/2017/01/19/building-a-colla…mazon-ec2-part-1/
You must be logged in to post a comment.