1. 環境及軟體
CentOS 7
CobaltStrike v2.5
Metasploit v5.0+
2. 程式安裝
舊版安裝程式下載地址
https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version
1. 使用安裝指令碼安裝MSF
wget https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb
以上下載檔案為安裝bash指令碼,實際為檢測配置安裝環境,下載安裝程式
執行安裝指令碼
> mv msfupdate.erb install-msf.sh
> chmod +x install-msf.sh
> ./install-msf.sh
2. 測試安裝完成的MSF
安裝完成的MSF目錄為/opt/metasploit-framework/
執行msfconsole檢視MSF是否正常
> msfconsole
出現沒有資料庫支援警告,首先建立資料庫連線配置檔案
內容設定為postgresql資料庫資訊,如不明白可不修改
> cd /opt/metasploit-framework/embedded/framework/config/
> mv database.yml.example database.yml
再次進行啟動測試
> msfconsole
[-] ***rting the Metasploit Framework console...\
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
could not connect to server: No route to host
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
[-] ***
這種情況一般是資料庫服務沒有啟動或沒有初始化
3. 初始化資料庫
首先初始化資料庫
> cd /opt/metasploit-framework/bin/
> ./msfdb
# 不能使用root來初始化資料庫
Please run msfdb as a non-root user
# 建立賬號用於初始化資料庫
> useradd msf
> su msf
> ./msfdb
......
Commands:
init initialize the component
reinit delete and reinitialize the component
delete delete and stop the component
status check component status
start start the component
stop stop the component
restart restart the component
# 初始化資料庫
> ./msfdb init
Creating database at /home/msf/.msf4/db
Starting database at /home/msf/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/msf/.msf4/db/pg_hba.conf
Stopping database at /home/msf/.msf4/db
Starting database at /home/msf/.msf4/db...success
Creating initial database schema
......
# 建立完成後在msf使用者目錄會生成一個.msf目錄裡面會有一個database.yml檔案
# 退出msf 賬號 回到 root 賬號下
> cp /home/msf/.msf4/database.yml /opt/metasploit-framework/embedded/framework/config/
cp:是否覆蓋"/opt/metasploit-framework/embedded/framework/config/database.yml"? y
以上過程完成後,msf再次啟動測試正常,資料庫連線正常
4. 啟動CobaltStrike
上傳CobaltStrike V2.5.zip到/root/目錄,並解壓
# 在root賬號下啟動CobaltStrike
> sudo -E ./teamserver server-IP server-pass [C2-Config-File]
> sudo -E ./teamserver 192.168.1.100 test123 c2.profile
[*] Generating X509 certificate and keystore (for SSL)
Enter source keystore password: #這裡輸入證照密碼無密碼將不顯示
Entry for alias cobaltstrike successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Warning:
The original keystore "./cobaltstrike.store" is backed up as "./cobaltstrike.store.old"...
[*] Starting RPC daemon
[*] MSGRPC starting on 127.0.0.1:55554 (NO SSL):Msg...
[*] MSGRPC backgrounding at 2019-06-26 20:37:22 +0800...
[*] MSGRPC background PID 31738
[*] sleeping for 20s (to let msfrpcd initialize)
[*] Starting Cobalt Strike Team Server
[*] 連線到 [ msf , 1J647h4MPTiz3sR3F5yOS9DOtzdVEz2ZaBNGy1FwWl4= ] 127.0.0.1:5433/msf
[*] 使用下面的資訊來連線到團隊伺服器:
主機: 192.168.1.100
埠: 55553
使用者: msf
密碼: test123
[*] 指紋資訊(當您連線到團隊服務的時候請檢查這串字元):
66fdaeb7c0fe088a14562c5be28ff1f042946bd2
[+] 已準備好接受你或其它客戶端的連線。
[+] Beacon 進行 [192541 bytes] x86/shikata_ga_nai 編碼耗時 1868ms
[+] 建立 Beacon 為 /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/beacon48744733787608987.dll.enc
啟動 cobaltstrike.jar 連線服務端
連線效果如下