Starting the Team Server

From the console of the Attacker Desktop, right-click on the Terminal icon in the taskbar and select Team Server. This will SSH you into the Attacker Linux VM.

From the command prompt, move into the cobaltstrike directory and run the teamserver executable.

attacker@ubuntu ~/cobaltstrike> sudo ./teamserver 10.10.5.50 Passw0rd! c2-profiles/normal/webbug.profile

Where:

10.10.5.50 is the IP address of the Attacker Linux VM.
Passw0rd! is the shared password used to connect from the Cobalt Strike client.
webbug.profile is an example Malleable C2 profile (covered in more detail later).

It's recommended to run the team server in a tmux session, as this will prevent the process from closing if the SSH connection is lost.

Launch the Cobalt Strike client from the taskbar and enter the connection details.

When connecting to a team server for the first time, the client will prompt you to confirm the server's fingerprint. This ensures that nobody is intercepting traffic between your client and the server.

PreviousCobalt Strike NextListener Management

Last updated 2 years ago