For this example, we will be using AWS EC2 instances. Our team mostly uses Ubuntu for our development and production instances. We have found good success using Ubuntu and have moved the recent LTS 18.04.

This post will focus primarily on the manual installation of CobaltStrike, we will be following up this post with some additions to RAI (Rapid Attack Infrastructure). https://github.com/obscuritylabs/RAI

Installing OpenJDK

sudo apt update && sudo apt upgrade -y
sudo apt install openjdk-11-jdk
sudo update-java-alternatives -s java-1.11.0-openjdk-amd64

Installing CobaltStrike

Install CobaltStrike in an automated fashion isn’t exactly perfect, but using some basic tools we can get the job done.

The first step is to set up your CS license keys and export them as a variable for later use. Then create your self a license file which CS will require:

sudo su
export CSKEY=*INSERTKEYHERE*
cd /opt
echo $CSKEY > ~/.cobaltstrike.license

Once completed use the following curl magic to properly request a download link for the Linux TAR package. Finally, we can wget our new CS package:

var=$(curl 'https://www.cobaltstrike.com/download' -XPOST -H 'Referer: https://www.cobaltstrike.com/download' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Origin: https://www.cobaltstrike.com' -H 'Host: www.cobaltstrike.com' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Accept-Language: en-us' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5' --data "dlkey=$CSKEY" | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep /downloads/ | cut -d '.' -f 1)
wget https://www.cobaltstrike.com$var.tgz

Once this is complete we update CS and we are off to the race.

cd cobaltstrike && ./update

Leave a Reply

Your email address will not be published. Required fields are marked *