Armitage in BackTrack 4 r2

Armitage in BackTrack 4 r2

BackTrack Linux

A brief time ago, an exciting GUI front-end for Metasploit named Armitage was released. For being an initial release, Armitage is very polished and so we knew we had to add it to the BackTrack respositories.

To install it, we first need to update the repositories.

root@bt:~# apt-get update
...snip...
Reading package lists... Done

Next, we simply need to install the armitage package.

root@bt:~# apt-get install armitage
...snip...
Setting up armitage (0.1-bt0) ...
root@bt:~#

Prior to launching Armitage, we need to start the MYSQL server in BackTrack.

root@bt:~# /etc/init.d/mysql start
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
root@bt:~#

Once the MYSQL server is started, we then need to start the Metasploit RPC daemon. You can assign whatever credentials you would like, of course.

root@bt:~# msfrpcd -f -U msf -P test -t Basic
[*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic...

Armitage is installed under /pentest/exploits/armitage/ so we navigate to the folder and run the shell script to begin.

root@bt:~# cd /pentest/exploits/armitage/
root@bt:/pentest/exploits/armitage# ./armitage.sh

When Armitage first launches, we are prompted to connect to the msfrpcd instance and our MYSQL database as shown below. We verify our settings, select Use SSL, and click Connect.

Running a quick smb_version scan against our local subnet reveals a number of Windows machines. The icon assigned to these targets indicates that they are either WinXP or Server 2003 machines.

We use the highly reliable exploit for MS08-067 to exploit one of our targets and the target graphic is changed to indicate that we have successfully compromised it.

With this initial target compromised, we can then dump the hashes from the system and leverage it with a psexec attack against the remaining hosts in our subnet to deliver 4 additional shells to us.

With very minimal setup and a few clicks, we have managed to get 5 Meterpreter shells on our target systems. Static images simply cannot do justice to this tool so you are encouraged to update BackTrack and test it out for yourself. The author of Armitage also has some excellent video demonstrations of the tool in action:

http://www.fastandeasyhacking.com/media

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE