Starting the REST API Server

The Cobalt Strike REST API server must run on a supported Linux system. To start a Cobalt Strike REST API server, issue the following command to run the REST API server script included with the Cobalt Strike Linux package in the cobaltstrike/server/rest-server folder:

./csrestapi --pass <password> [--user <username>] [--host <host>] [--port <port>]

The REST API server script uses the following parameters:

Password - (mandatory) The shared password for the team server.

User - (optional) The username for the rest server (default: csrestapi).

Host - (optional) The team of the team server (default: 127.0.0.1).

Port - (optional) The port of the team server (default: 50050).

NOTE: The REST API server requires the team server to be started with the --experimental-db flag, and it has been tested on Ubuntu 22.04, 24.04, and newer versions of Kali.

When the REST API server starts, it exposes the REST API on port 50443 by default. You can configure various HTTP server properties by editing the cobaltstrike/server/rest-server/restapi/application.properties file. For more information, see Spring Boot Common Application Properties on the Spring website.

The following demo explains how to start the Cobalt Strike REST API server:

Disk Structure and File Uploads

The following table lists various default folders and files created by the REST API server. You can structure your files as desired in the cobaltstrike/server/rest-server/restapi/artifacts folder, except for the "generated" folder, which contains any payloads generated by Cobalt Strike, and the cna_scripts.config file, which configures the .cna scripts the REST API server loads by default.

NOTE: Server-side Aggressor Scripts run by the REST API server are restricted to Sleep/Aggressor scripts and cannot use any Java binding.
Path Description
/rest-server/csrestapi A mandatory/reserved folder that contains files for the REST API service itself, as well as other dependencies stored in the rest-server folder.
/rest-server/restapi/cna_scripts.config A mandatory/reserved text file that contains paths to individual .cna files that are loaded globally by the REST API service
/rest-server/restapi/artifacts/generated A mandantory/reserved folder, reserved for payloads generated by the Cobalt Strike REST API service.
/rest-server/restapi/artifacts/assemblies This folder stores files for .net assemblies.
/rest-server/restapi/artifacts/sleepmasks This folder stores any scripts and resources for sleepmasks.
/rest-server/restapi/artifacts/udrls This folder stores any scripts and resources for UDLRs.

Users must place artifacts via SSH or other file-copying methods; the REST API does not support file uploads.

 

Related Topics