Running the Client on Mac OS X

The Cobalt Strike client may not be able to show contents of the Documents, Desktop, and Downloads folders in the file browser initially. (e.g. loading scripts, uploading files, generating payloads, etc…)

By default, OSX limits what access applications have to the Documents, Desktop, and Download folders. These applications need to explicitly be granted access to these folders.

Since Cobalt Strike is a third party application, it isn't as straight forward as granting the app "Cobalt Strike" access. You may need to give the JRE running Cobalt Strike client access to the file system. You can give access to the specific Files and Folders or Full Disk Access.

You may be prompted for the access:

Graphical user interface, text, application Description automatically generated

figure 9 - MacOS X Access Prompt

Or, if the access has been previously denied, you may need to edit the access in the OSX System Preferences / Security & Privacy / Privacy dialog:

Graphical user interface, application Description automatically generated

figure 10 - OS X Privacy Dialog

Please be advised that other applications that use the JRE will also have this access.

NOTE:

The same steps may also need to be taken for '/bin/bash'.

 

 

Related Topics