1. 环境及软件

CentOS 7
CobaltStrike v2.5
Metasploit v5.0+

2. 程序安装

旧版安装程序下载地址
https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version

1. 使用安装脚本安装MSF

wget https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb

以上下载文件为安装bash脚本，实际为检测配置安装环境，下载安装程序

# 执行安装脚本
> mv msfupdate.erb install-msf.sh
> chmod +x install-msf.sh
> ./install-msf.sh

2. 测试安装完成的MSF

安装完成的MSF目录为/opt/metasploit-framework/
执行msfconsole查看MSF是否正常

> msfconsole

出现没有数据库支持警告，首先创建数据库连接配置文件

# 内容设置为postgresql数据库信息，如不明白可不修改
> cd /opt/metasploit-framework/embedded/framework/config/
> mv database.yml.example database.yml

再次进行启动测试

> msfconsole
[-] ***rting the Metasploit Framework console...\
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
could not connect to server: No route to host
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?

[-] ***
这种情况一般是数据库服务没有启动或没有初始化

3. 初始化数据库

首先初始化数据库
> cd /opt/metasploit-framework/bin/
> ./msfdb
# 不能使用root来初始化数据库
Please run msfdb as a non-root user

# 创建账号用于初始化数据库
> useradd msf
> su msf
> ./msfdb
......
Commands:
init initialize the component
reinit delete and reinitialize the component
delete delete and stop the component
status check component status
start start the component
stop stop the component
restart restart the component
# 初始化数据库
> ./msfdb init
Creating database at /home/msf/.msf4/db
Starting database at /home/msf/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/msf/.msf4/db/pg_hba.conf
Stopping database at /home/msf/.msf4/db
Starting database at /home/msf/.msf4/db...success
Creating initial database schema
......
# 创建完成后在msf用户目录会生成一个.msf目录里面会有一个database.yml文件
# 退出msf 账号 回到 root 账号下

> cp /home/msf/.msf4/database.yml /opt/metasploit-framework/embedded/framework/config/
cp：是否覆盖"/opt/metasploit-framework/embedded/framework/config/database.yml"？ y

以上过程完成后，msf再次启动测试正常，数据库连接正常

4. 启动CobaltStrike

上传CobaltStrike V2.5.zip到/root/目录，并解压
# 在root账号下启动CobaltStrike
> sudo -E ./teamserver server-IP server-pass [C2-Config-File]
> sudo -E ./teamserver 192.168.1.100 test123 c2.profile
[*] Generating X509 certificate and keystore (for SSL)
Enter source keystore password: #这里输入证书密码无密码将不显示
Entry for alias cobaltstrike successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

Warning:
The original keystore "./cobaltstrike.store" is backed up as "./cobaltstrike.store.old"...
[*] Starting RPC daemon
[*] MSGRPC starting on 127.0.0.1:55554 (NO SSL):Msg...
[*] MSGRPC backgrounding at 2019-06-26 20:37:22 +0800...
[*] MSGRPC background PID 31738
[*] sleeping for 20s (to let msfrpcd initialize)
[*] Starting Cobalt Strike Team Server

[*] 连接到 [ msf , 1J647h4MPTiz3sR3F5yOS9DOtzdVEz2ZaBNGy1FwWl4= ] 127.0.0.1:5433/msf
[*] 使用下面的信息来连接到团队服务器：
主机: 192.168.1.100
端口: 55553
用户: msf
密码: test123

[*] 指纹信息(当您连接到团队服务的时候请检查这串字符):
66fdaeb7c0fe088a14562c5be28ff1f042946bd2
[+] 已准备好接受你或其它客户端的连接。
[+] Beacon 进行 [192541 bytes] x86/shikata_ga_nai 编码耗时 1868ms
[+] 创建 Beacon 为 /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/beacon48744733787608987.dll.enc

启动 cobaltstrike.jar 连接服务端

连接效果如下