Another Cobalt Strike update is available. This update makes Cobalt Strike compatible with version 4.4 of the Metasploit Framework.
Here are the new features in this update:
- Cobalt Strike now has a USB attack generator built in. This was fun to put together and I can imagine, even more fun to deploy. The default settings emulate the social engineering attack used by the Conficker worm to spread itself.
- For those of you hiding behind a NAT device, this release also adds a means to notify Cobalt Strike and the Metasploit Framework of your proper external IP address. Go to Cobalt Strike -> Listeners -> set LHOST to try it out. The old solution was to set up a Cobalt Strike team server and specify the right IP address during startup. Not everyone uses a team server during their engagements (why not?), so for you–I’ve added this ability.
And two notable bug fixes:
- Recent changes to the Metasploit Framework database schema caused some issues with Cobalt Strike’s vulnerability descriptions. This issue has been fixed. Your hosts and vulnerability reports should look lovely again.
- This release addresses a configuration issue preventing permanent reverse_http and reverse_https listeners from functioning. Previously, Cobalt Strike would bind to 0.0.0.0 to accept a connection on any interface. Unfortunately, this means the http/https payloads will try to communicate with 0.0.0.0 instead of your system after the initial handshake. If you were experiencing trouble with these payloads using Cobalt Strike before, this fix addresses the issue.
If you’d like to learn more, take a glance at the full release notes. Licensed users may run the update program included with Cobalt Strike to get the latest.