释放双眼,带上耳机,听听看~!
1.环境及软件CentOS7CobaltStrikev2.5Metasploitv5.0+2.程序安装旧版安装程序下载地址https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version1.使用安装脚本安装M
1. 环境及软件
CentOS 7
CobaltStrike v2.5
Metasploit v5.0+
2. 程序安装
旧版安装程序下载地址
https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version
1. 使用安装脚本安装MSF
wget https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb
以上下载文件为安装bash脚本,实际为检测配置安装环境,下载安装程序
# 执行安装脚本 > mv msfupdate.erb install-msf.sh > chmod +x install-msf.sh > ./install-msf.sh
2. 测试安装完成的MSF
安装完成的MSF目录为/opt/metasploit-framework/
执行msfconsole查看MSF是否正常
> msfconsole
出现没有数据库支持警告,首先创建数据库连接配置文件
# 内容设置为postgresql数据库信息,如不明白可不修改 > cd /opt/metasploit-framework/embedded/framework/config/ > mv database.yml.example database.yml
再次进行启动测试
> msfconsole [-] ***rting the Metasploit Framework console...\ [-] * WARNING: No database support: could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? could not connect to server: No route to host Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? [-] ***
这种情况一般是数据库服务没有启动或没有初始化
3. 初始化数据库
首先初始化数据库
> cd /opt/metasploit-framework/bin/ > ./msfdb # 不能使用root来初始化数据库 Please run msfdb as a non-root user # 创建账号用于初始化数据库 > useradd msf > su msf > ./msfdb ...... Commands: init initialize the component reinit delete and reinitialize the component delete delete and stop the component status check component status start start the component stop stop the component restart restart the component # 初始化数据库 > ./msfdb init Creating database at /home/msf/.msf4/db Starting database at /home/msf/.msf4/db...success Creating database users Writing client authentication configuration file /home/msf/.msf4/db/pg_hba.conf Stopping database at /home/msf/.msf4/db Starting database at /home/msf/.msf4/db...success Creating initial database schema ...... # 创建完成后在msf用户目录会生成一个.msf目录里面会有一个database.yml文件 # 退出msf 账号 回到 root 账号下 > cp /home/msf/.msf4/database.yml /opt/metasploit-framework/embedded/framework/config/ cp:是否覆盖"/opt/metasploit-framework/embedded/framework/config/database.yml"? y
以上过程完成后,msf再次启动测试正常,数据库连接正常
4. 启动CobaltStrike
上传CobaltStrike V2.5.zip到/root/目录,并解压
# 在root账号下启动CobaltStrike > sudo -E ./teamserver server-IP server-pass [C2-Config-File] > sudo -E ./teamserver 192.168.1.100 test123 c2.profile [*] Generating X509 certificate and keystore (for SSL) Enter source keystore password: #这里输入证书密码无密码将不显示 Entry for alias cobaltstrike successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: The original keystore "./cobaltstrike.store" is backed up as "./cobaltstrike.store.old"... [*] Starting RPC daemon [*] MSGRPC starting on 127.0.0.1:55554 (NO SSL):Msg... [*] MSGRPC backgrounding at 2019-06-26 20:37:22 +0800... [*] MSGRPC background PID 31738 [*] sleeping for 20s (to let msfrpcd initialize) [*] Starting Cobalt Strike Team Server [*] 连接到 [ msf , 1J647h4MPTiz3sR3F5yOS9DOtzdVEz2ZaBNGy1FwWl4= ] 127.0.0.1:5433/msf [*] 使用下面的信息来连接到团队服务器: 主机: 192.168.1.100 端口: 55553 用户: msf 密码: test123 [*] 指纹信息(当您连接到团队服务的时候请检查这串字符): 66fdaeb7c0fe088a14562c5be28ff1f042946bd2 [+] 已准备好接受你或其它客户端的连接。 [+] Beacon 进行 [192541 bytes] x86/shikata_ga_nai 编码耗时 1868ms [+] 创建 Beacon 为 /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/beacon48744733787608987.dll.enc
启动 cobaltstrike.jar 连接服务端
连接效果如下
文章最后更新于 2021-07-14
