For this example we will be using AWS EC2 instances. Our team mostly uses Ubuntu for our development and  production instances. We have found good success using Ubuntu and have moved the recent LTS 18.04.

This post will focus primarily on the manual installation of CobaltStrike, we will be following up this post with some additions to RAI (Rapid Attack Infrastructure). https://github.com/obscuritylabs/RAI

Installing OpenJDK

sudo apt update && sudo apt upgrade -y
sudo apt install openjdk-11-jdk
sudo update-java-alternatives -s java-1.11.0-openjdk-amd64

Installing CobaltStrike

Install CobaltStrike in an automated fashion isn't exactly perfect, but using some basic tools we can get the job done.

The  first step is to setup your CS license keys and export them as a variable for later use. Than create your self a license file which CS will require:

sudo su
export CSKEY=*INSERTKEYHERE*
cd /opt
echo $CSKEY > ~/.cobaltstrike.license

Once completed use the following curl magic to properly request a download link for the Linux TAR package. Finally we can wget our new CS package:

var=$(curl 'https://www.cobaltstrike.com/download' -XPOST -H 'Referer: https://www.cobaltstrike.com/download' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Origin: https://www.cobaltstrike.com' -H 'Host: www.cobaltstrike.com' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Connection: keep-alive' -H 'Accept-Language: en-us' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5' --data "dlkey=$CSKEY" | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep /downloads/ | cut -d '.' -f 1)
wget https://www.cobaltstrike.com$var.tgz

Once this is complete we update CS and we are off to the race.

cd cobaltstrike && ./update