Starting a Cobalt Strike Client

Follow the steps below to connect the Cobalt Strike client to the team server.

Steps

  1. To start the Cobalt Strike client, use the launcher included with your platform’s package.
    1. For Linux:

      1. Navigate to the cobaltstrike/client folder.

      2. Enter the following command:

        ./cobaltstrike

    2. For macOS:
      1. Navigate to the cobaltstrike/client folder.
      2. Double-click Cobalt Strike.command.
    3. For Windows:
      1. Navigate to the cobaltstrike/client folder.

      2. Double-click cobaltstrike.exe.

    The Connect Dialog screen displays.

    figure 4 - Cobalt Strike Connect Dialog

  2. Cobalt Strike keeps track of the team servers you connect to and remembers your information. Select one of these team server profiles from the left-hand-side of the connect dialog to populate the connect dialog with its information. Use the Alias Names and Host Names buttons to toggle how the list of hosts are displayed. Active connections will be displayed in blue text. You may control how the host list is initially displayed, active connection text color, and prune the list through Cobalt Strike -> Preferences -> Team Servers.

    Parameters:

    Alias - Enter an alias for the host or use the default. The alias name can not be empty, start with an '*', or use the same alias name of an active connection.

    Host - Specify your team server’s address in the Host field. The host name can not be empty.

    Port - Displays the default Port for the team server (50050). This is rarely change. The port can not be empty and must be a numeric number.

    User - The User field is your nickname on the team server. Change this to your call sign, handle, or made-up hacker fantasy name. The user name can not be empty.

    Password - Enter the shared password for the team server.

  3. Press Connect to connect to the Cobalt Strike team server.

    If this is your first connection to this team server, Cobalt Strike will ask if you recognize the SHA256 hash of this team server.

    figure 5 - Verifying the server’s SSL certificate

  4. If you do, press Yes, and the Cobalt Strike client will connect to the server and open the client user interface.

    NOTE:

    Cobalt Strike will also remember this SHA256 hash for future connections. You may manage these hashes through Cobalt Strike -> Preferences -> Fingerprints.

 

Related Topics