Armitage hacking fast and easy

Exploits are great, but don't ignore the simple stuff. If you can get a target to run a program, then all you need is an executable. Armitage can help you generate an executable from any of Metasploit's payloads. Choose a payload in the modules panel, double click it, select the type of output, and set your options.

Once you click launch, a save dialog will ask you where to save the file to. When you generate a payload, you're responsible for setting up a listener to interact with it. Armitage makes it easy to manage the Windows Meterpreter agent once you successfully exploit a host. Hosts running the Meterpreter payload will have a Meterpreter N menu for each Meterpreter session. If you have shell access to a host, you will see a Shell N menu for each shell session. Right click the host to access this menu.

Once you exploit a host, duplicating your access should be a first priority. If you lose the original session, this will give you a fall back. Some exploits result in administrative access to the host. Other times, you need to escalate privileges yourself. Meterpreter gives you several options for exploring a host once you've exploited it. One of them is the file browser. This tool will let you upload, download, and delete files.

Right-click a file to download or delete it. If you want to delete a directory, make sure it's empty first. If you have system privileges, you may modify the file timestamps using the File Browser. Right-click a file or directory and go to the Timestomp menu. This features works like a clipboard. The Meterpreter shell is also available under the same parent menu. Navigating to the Meterpreter N menu for each action gets old fast. Right-click inside the Meterpreter shell window to see the Meterpreter N menu items right away.

Metasploit has several post-exploitation modules too. Navigate the post branch in the module browser. Double-click a module and Armitage will show a launch dialog. Each post-exploitation module will execute in its own tab and present its output to you there.

Metasploit can launch attacks from a compromised host and receive sessions on the same host. This ability is called pivoting. A dialog will ask you to choose which subnet you want to pivot through the session. Once you've set up pivoting, Armitage will draw a green line from the pivot host to all targets reachable by the pivot you created. The line will become bright green when the pivot is in use. Once you've owned a host, it's good to explore and see what else is on the same network.

If you've set up pivoting, Metasploit will tunnel TCP connections to eligible hosts through the pivot host. These connections must come from Metasploit though. When you login to a Windows host, your password is hashed and compared to a stored hash of your password.

If they match, you're in. When you attempt to access a resource on the same Windows domain, the stored hash is sent to the other host and used to authenticate you.

With access to these hashes, you can use this mechanism to take over other hosts on the same domain. This is called a pass-the-hash attack.

You need administrative privileges to do this. Armitage will store the collected hashes in a database for your use later. For your cracking pleasure, the Export button in this tab will export credentials in pwdump format. This will present a dialog where you can select which hash to login with. A popular technique for creating a quick backdoor is to use netcat to launch a command shell on connection. Netcat can either listen for a connection or connect back to you.

Armitage can take advantage of these sessions. Choose reverse to wait for netcat to connect back to you. This is one way to receive a shell from a friend who has already compromised a host. Metasploit can attempt to guess a username and password for a service for you.

This capability is easy to use through the modules panel. Type login in the modules panel to search for them. Metasploit does not make several parallel connections to a single host to speed up the process. This lesson can be taken one step further--use the right tool for each job. You can use Armitage to connect to an existing Metasploit instance on another host. Working with a remote Metasploit instance is similar to working with a local instance. Some Armitage features require read and write access to local files to work.

Armitage removes or degrades these features when managing a naked remote Metasploit instance. You do not need to specify database settings if the database is already configured in the running Metasploit instance. Do not connect multiple clients to Metasploit unless you use Armitage's network attack server feature.

Armitage connects to Metasploit's RPC server. It's also possible to connect Armitage to a running Metasploit console. Once the RPC server is loaded you can connect Armitage to it. Make sure Use SSL is not checked. When emulating a social engineering attack or using client-side exploits, it's helpful to set up Metasploit on a remote server to receive sessions. I configure my listeners through Metasploit's console and connect with Armitage to manage the post-exploitation process.

Use Armitage's network attack server mode to collaborate using Metasploit. First, you must start a Metasploit RPC instance. Then, on the same system, run Armitage's network attack server software:. Armitage's network attack server will connect to Metasploit on the specified port with the username and password you provide.

Use 1 for ssl? Leave this value empty otherwise. For the host value, specify the IP address remote Armitage users will use to connect to your Metasploit instance. Make sure you specify the remote IP address of the host and not Armitage's network attack server sets a Metasploit global variable to tell clients how to connect to it. This server adds extra features to Armitage clients connecting to Metasploit remotely.

Most of the features degraded during a remote connection are now present. Multiple users can now connect to one Metasploit instance and collaborate with each other. Host information, scan data, and sessions are shared using Metasploit's database.

Multiple users can now use any Meterpreter session at the same time. Each user can open one or more command shells, browse files, and take screenshots of the compromised host. Metasploit shell sessions are automatically locked and unlocked when in use.

If a user is interacting with a shell, Armitage will warn you that it's in use. The file browser download feature will still download to the remote server. Use a persistent sftp connection to files downloaded through Meterpreter. The file browser upload feature will upload your file to the Metasploit system first and then upload it to the target host.

Post a Comment. Home Video monitore your pc how-to-connect-your-laptoppccomputer-to-tv credit wizard, hacking cards hack pc speed 19 trick hacking google source autosniff schemafuzz Software armitage Security necessary security measures dcreasing sales Security Warnings Drawing Line.

Share to Twitter Share to Facebook. Here are a few things you absolutely must know before continuing: Metasploit is a console driven application. This is why the PDF is increasingly becoming one of the most popular electronic document formats in the world.

This site uses Akismet to reduce spam. Learn how your comment data is processed. Please login or Register to access downloadables Download.

Notify of. I agree to the Terms and Privacy Policy. The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment. Armitage is quite the ride.

I have not seen this type of response to my other projects. My answer is to keep Armitage focused on its core capability: sharing the Metasploit Framework. Cortana is a natural progression of this work. It allows you to share the Metasploit Framework with bots. In the CCDC red team environment, the lack of collaboration was a big pain.

Armitage was my crack at this problem.