• 26,952
  • +1,026
  • 3,065
10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

Bookmark

Background "What is Armitage?" (10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test)

"Armitage exists to help security professionals better understand the hacking process and appreciate what's possible with the powerful Metasploit framework. Security professionals who understand hacking will make better decisions to protect you and your information." I copy that paragraph from Fast and Easy Hacking FAQ, but in a simple way to explain what is Armitage, in my opinion it's tools that make you learning about Netowork Security, Metasploit, and NMap more easier because this tools make all of that tools(Metasploit, NMap) in visual way not a command line. Just a few click and you will know the flow of an attack happen in the network.

FYI : Read here for latest Backtrack 5 Armitage tutorial.

Requirement :

1. Backtrack 4r2

2. Armitage (apt-get install armitage from your Backtrack Box)

3. Java 1.6.0+

4. Metasploit 3.5+

5. Database (PostgreSQL, MySQL) –> In this tutorial we use MySQL; PostgreSQL usually used when you use Backtrack 4r1

 

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test:

If you still unfamiliar with Backtrack, you can read my previous post about 5 useful things in Backtrack Linux.

1. I assume you have already installing Armitage by using apt-get install armitage. The next step is update your metasploit to the latest version by using msfupdate command. This is needed to update our exploit database to the latest version.

v4L@bt:~# /pentest/exploits/framework3/msfupdate

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

2. The next step is enabling RPC Daemon for metasploit, in this case we will use SSL to interact with metasploit.

v4L@bt:~# /pentest/exploits/framework3/msfrpcd -f -U msf -P test -t Basic

The above command will start the msfrpcd with the user msf, password test, SSL listener, on the default port 55553.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

3. After setting up the MSRPC Daemon, the next step is turn on our database service (I will use MySQL)

v4L@bt:~# /etc/init.d/mysql start

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

4. The step 1-3 is the needed step to make sure Armitage running correctly without error. If everything is okay, the next step is run the Armitage inside /pentest/exploits/armitage/, so we need to change the directory first.

v4L@bt:~# cd /pentest/exploits/armitage/
v4L@bt:/pentest/exploits/armitage# ./armitage.sh

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

5. After the ./armitage.sh command, there's should appear new window to connect to MySQL and mysql msfrpcd. Make sure everything is correct and also check the Use SSL checklist. If everything is OK, click CONNECT.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

6. Here's the main window of Armitage, at the top of application there's a menu, on the left side there's auxiliary, exploits, and payload from metasploit, and at the bottom of application there's MSFConsole.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

7. The next step we need to add host(s). We also can use NMap to scan whole network or specific IP Address. In this case I will use "Quick Scan(OS Detect)" using NMap to find alive hosts in my network.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

My network address is 192.168.1.0/24 class C.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

You need to wait until the tasks completed. Usually it depends on scanning type, if you use intense scan will take more time than quick scan. Below is the picture when it finish doing the task.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

If the tools found alive hosts it will be shown like the picture below(also the OS).

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

8. From the previous image it shows that we need to find some attacks available for the listed hosts.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

You can use automated attack finder from armitage who will find the most suitable attacks for the hosts listed. you can choose both "by Port" or "by Vulnerability". If attack analysis has finished the application will inform you like the picture below.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

9. In this example I will try the MS08_067 vulnerability in Windows.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

The next step is the same when you use metasploit framework. If you confused in this steps, you can use automated exploitation (leave all the options default), then click LAUNCH and wait :-).

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

10. If the targeted hosts is vulnerable with the attack, the color will be changed into red, that's mean that we can breach into the computer.

10 Steps to Set Up Armitage in Backtrack 4 for Penetration Test

The next step is right click the hosts and as you can see on the above picture, I choose the command shell to interact with the victim. I think you should know what happen next when I click that option….PWNED. ๐Ÿ™‚

I hope you found this tutorial useful, especially for you who want to tests your personal network from security breach by using metasploit. If there's any question or suggestion I welcome you to write on my comments below :-).

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Shanil

    hi,
    Thanks for the great tut..
    I was following all the steps accordingly..
    when i type this command in the 2nd step..
    root@bt:~# /pentest/exploits/framework3/msfrpcd -f -U msf -P test -t Basic
    [*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic…
    [*} XMLRPC initializing…

    After this nothing happens it just waits and do nothing..
    Can you plz help???
    Thank You,
    Shanil

  • v4L

    #Shanil

    Hi Shanil, you've doing right…in that step there's nothing happened because that command is only to make metasploit listen for connection at port 55553. Just continue your step…and leave the msrpcd window opened

  • CB

    I follow these instructions and when I connect waiting for the Armitage window, nothing happens except a box that says "java.io.IOException: authication error"…a progress bar moves across the screen, then the box disappears.  Armitage never opens.
     
    Any help would be appreciated.  Thanks in advance.
     
    CB

  • v4L

    #CB

    there's 2 possibility about this error :

    1. have you start your MySQL service? /etc/init.d/mysql start

    2. what version is your backtrack?if your BT box under 4r2, then you should use postgreSQL, if your BT box is == 4r2 then you use MySQL

  • CB

    I have BT4 running on Sun Virtual Box.
     
    I got another java exception error when I tried postgresql…."method.db.status missing or wrong number of parameters."
    ./postgresql-8.3 start
    ./armitage.sh
    Then I connected selecting Postgresql instead of mySql and got the error above when pushing connect.

  • CB

    Sorry I am kind of a newbie.  ๐Ÿ™‚  appreciate the help though.
    I have BT4.0.  I used apt-get update and apt-get dist-upgrade to try and get to version r2, I get low disk space errors after this is done and it errors out.  I have 100GB allocated for my Virtual Box, so I think it may be because I am not running a persistent version….any help is greatly appreciated as I am trying to just get up and running to use Armitage at this point.

  • CB

    I found the ISO for r2 and it works successfully now.  This article was very detailed and well written.

    • v4L

      #CB
      Nice to hear your armitage is working now… ๐Ÿ™‚

  • Commenting on the first question*
     
    Add an "&" to the end of your command, that will put it into the background.
     
    EX. root@bt:~# /pentest/exploits/framework3/msfrpcd -f -U msf -P test -t Basic &

  • teloris

    thanks for your tutorial. it’s help me so much.
    i try to install metasploit & armitage on ubuntu 10.10.
    the only trouble is my armitage can't connect to database (i use mysql)
    but this problem was solved by restart (turn off & turn on) mysql
    great job dude

  • rescue

    # CB,
     
    You need to select the SSL tick box when armitage initially starts, otherwise you will get the IO java error

  • Llem

    Dear,
     
    i'm a windows 7 user, could you give me the guide lines to do the same in windows please. i'm having trouble creating a db. the above provided commands not working for me.
     
    thanks

  • Hugo F.

    i can´t install armitage ๐Ÿ™
    apt-get install armitage

    Reading package lists. . . Done
    Building dependency tree
    Reading state information. . . Done
    E: Couldn´t find package armitage
     
    pls help

    • v4L

      Hi Hugo,
      maybe you can update the package first….

      apt-get update

      ๐Ÿ™‚

  • Pingback: How To Set Up Armitage in Backtrack 5 | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • I posted a video tutorial for Armitage on my blog here: http://codebazaar.blogspot.com/2011/06/introduction-to-metasploit-and-armitage.html
     
    I am running it on Windows 7 and hacking Metasploitable and a Linux Mint box.
    Enjoy:D

    • v4L

      #Matthias Buchner
      Nice tutorial mate ๐Ÿ™‚

  • Tosin

    Great Tutorial. It worked exactly as prescribed for BT 4R2.

    However, I was unable to perform the same action in BT5. Using Mysql: it says “invalid driver specified” then unable to connect to database. Before all these, mysql was running and the MSFRPCD was running too. I also noticed a port number added to the DB Host (127.0.0.1:7175). The result was d same both when removed and when added.
    Thanks for a great work!

  • Tosin

    One other thing pls…

    When I right-clicked the discovered hosts in the armitage scans, the menu only showed services and Hosts. Attack and Meterpreter are not shown at all. Why?

    • v4L

      #Tosin
      you’ve already resolve your first question isn’t it?
      when you right clicked and it didn’t show up attack and meterpreter, maybe it was not vulnerable or victim already patch or put firewall on their machine, maybe you can update your armitage database first to find up the new vulnerability.

    • v4L

      #Tosin
      Btw if you want to give a try exploiting using Armitage, try download Metasploitable Virtual Machine http://blog.metasploit.com/2010/05/introducing-metasploitable.html

  • Tosin

    Matthias,
    your video promises to be a great lesson tutorial. Only that you chose to leave out the audio in the most important places. You expect viewers to just follow ur mouse movements…well, it was visible but not comprehensible.

    Thanks for the effort, anyway.

  • i wanted to know dose any one know how to use Armitage in backtrack5

    • v4L

      the above tutorial was the step by step how to use armitage in backtrack 5 ๐Ÿ™‚

  • Maverick

    I got the following error.

    msfrpcd -f -U msf -P test -t Basic
    [*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic…
    [*] XMLRPC ready at 2011-09-14 18:56:47 +0530.
    /opt/framework/msf3/lib/rex/socket/comm/local.rb:198:in `rescue in create_by_type’: The address is already in use (0.0.0.0:55553). (Rex::AddressInUse)
    from /opt/framework/msf3/lib/rex/socket/comm/local.rb:191:in `create_by_type’
    from /opt/framework/msf3/lib/rex/socket/comm/local.rb:32:in `create’
    from /opt/framework/msf3/lib/rex/socket.rb:46:in `create_param’
    from /opt/framework/msf3/lib/rex/socket/tcp_server.rb:38:in `create_param’
    from /opt/framework/msf3/lib/rex/socket/tcp_server.rb:28:in `create’
    from /opt/framework/msf3/lib/msf/core/rpc/service.rb:46:in `initialize’
    from /opt/framework/msf3/plugins/xmlrpc.rb:65:in `new’
    from /opt/framework/msf3/plugins/xmlrpc.rb:65:in `initialize’
    from /opt/framework/msf3/lib/msf/core/plugin.rb:31:in `new’
    from /opt/framework/msf3/lib/msf/core/plugin.rb:31:in `create’
    from /opt/framework/msf3/lib/msf/core/plugin_manager.rb:71:in `load’
    from /opt/framework/msf3/lib/msf/base/simple/framework.rb:31:in `load’
    from /opt/framework/msf3/msfrpcd:110:in `’

    i am using bt5. my metasploit is also not working.
    When i start GUI version of metasploit it can’t connect to msfrpcd.

    Please help me out.
    Thanks..

  • Bob_O

    got a little problem…

    everything to set up was easy.. but i dont find any hosts in my lan… running bt4 r2 at Sun VB… how i need to configure my card correctly ? i have a wlan connection and its set to NAT in Vb. i can ping and surf in the internet. only traceroute isnt working.

    can u help me ?

  • Bob_O

    im sorry guys… that was a real noob problem i think.
    i just set my network in VB to bridged and everything is working !

    sorry ! nice TUT btw !! ๐Ÿ˜›

  • Bob_O

    how can i update/upgrade my armitage ?

    • v4L

      #Bob_O
      you can run msfupdate from your console(CTRL+ALT+T)

  • John

     I can't visually see the available machines in my target terminal. What can be wrong?

    • v4L

      #john
      Maybe the machine in your network put a firewall so you can’t detect it…

  • John

    My nmap detect everithing but i can't see it  visually
    Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-09-24 11:23 CEST
    [*] Nmap: Nmap scan report for sistem.net (192.168.20.5)
    [*] Nmap: Host is up (0.0018s latency).
    [*] Nmap: MAC Address: 00:80:48:67:53:94 (Compex Incorporated)

    • v4L

      #John
      hmm….sorry I can’t answer this, in my opinion maybe that’s because of your armitage…
      usually when nmap successfully detect some machine it will be drawn on armitage gui.

  • Senter

    heay,

    i wanne get the new armitage version into my bt4r2.

    apt-get update/upgrade/install isnt working anymore !?

    the pawnsauce servers didnt respond ! timeout….

    is there a alternaive update source where i can the latest pawnsauce repos ?

    code:
    apt-get update
    Err http://archive.offensive-security.com pwnsauce Release.gpg
    Could not connect to archive.offensive-security.com:80 (94.23.3.208). – connect (110 Connection timed out)
    Ign http://archive.offensive-security.com pwnsauce Release
    Ign http://archive.offensive-security.com pwnsauce/main Packages
    Ign http://archive.offensive-security.com pwnsauce/microverse Packages
    Ign http://archive.offensive-security.com pwnsauce/macroverse Packages
    Ign http://archive.offensive-security.com pwnsauce/restricted Packages
    Ign http://archive.offensive-security.com pwnsauce/universe Packages
    Ign http://archive.offensive-security.com pwnsauce/multiverse Packages
    Err http://archive.offensive-security.com pwnsauce/main Packages
    Could not connect to archive.offensive-security.com:80 (94.23.3.208). – connect (110 Connection timed out)

    apt-get install armitage
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    E: Couldn’t find package armitage

    • v4L

      #Senter
      hmm…it looks like you have an error at internet connection(time out) have you make sure you can access http://archive.offensive-security.com ?
      it’s better to download the latest BT5R1 ๐Ÿ™‚ (just suggestion)

  • Senter

    i didnt have access…
    but i have a running internet connection. ;P

    can u run apt-get update without an error ?
    (BT4R2)

    • v4L

      #Senter
      sorry for that, my BT4R2 already go to graveyard ;p so I can’t try it…but when I try to ping archive.offensive-security.com also RTO… ๐Ÿ™‚
      below is my sources.list BT5R1 (maybe you can try with this repo):
      deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
      deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing
      deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing

  • chard

    it works now 

  • chard

    How to free up space in backtrack?thanks

    • v4L

      #chard
      You should learn more about your linux distro(example:BT5) and then should go to aptitude and delete not useful package from there, but you should be careful of this step if you didn’t know which packet you want to delete.

  • chard

    Im very thankful to you you are very approachable and helpful person im glad you have a site like this your unselfish in your knowledge.
    But one thing vishnu, this is the situation I successfully updated/upgrade backtrack 5 also the msf update BUT when i reboot it alsl gone what's the command \i must use to saved all of my recent update done can you help me? like the msf its 4.0 something then after reboot its back to 3.7 version. hope for your response thanks

    • v4L

      #chard
      I’m never have experience like that…maybe your storage capacity isn’t enough? or maybe the others can help add the answer….

  • chard

    I think it is (storage capacity?) because when i install backtrack5 in virtual box i occupy the whole 8gb (suggested space of virtual box) and because i occupy it for the installation of bt5 thats 1.9… gb in size  something im having a problem in updating because no space is left and because the space is insuffecient maybe i can update but when i reboot it backs to its last update maybe thats the reason? what you think but if thats what happen why the update pursue when the space is not enough??? cant get it.

    • v4L

      #chard
      so it’s your storage problem…FYI the normal backtrack 5 R1 when run apt-get update and apt-get upgrade need space more than 8GB.

  • richard

    I tried 42gb storage capacity in virtual box but still when I update MSF framework it says "no space left?" but I didnt install ANY program after BT5 installation how come the space is already full? Do you have any idea how can I delete/free up space my drive, any commands?? i tried apt-get clean no reaction msf update failed. thank you.

    • v4L

      #richard
      afaik backtrack system have different environment with virtual box…when you expand it’s storage doesn’t mean all your problem has solved..Maybe you can search on backtrack linux forum related for your problem…

  • chard

    I tried to install backtrack 5 in harddrive  in a dual boot to be exact and when I update (msf framework3)  it it works and when I restart  still the the new versions stays. unlike in virtual box when i update msf framework3 it updates but when i restart it, its back to its older version. I dont know whats the reason for this?

  • Back-Bone

    Hello ,

    I am trying to do..a quick OS scan … with the range 192.168.1.0/24 , and I cant I just trying to do it in my home network.. I have a Router Cisco…

    some help? … when I do the step 7 It just appear the ip 192.168.1.1 (router ip)

    somebody can help me?

    Thanks!

    • v4L

      #Back-Bone
      Actually it depend on how did you configure your home network and every computer inside it. if every computer have an updated O.S version and also updated firewall enabled, it will not show up on armitage.

  • iam interesting with armitage espesially metasploit framework but i have a littlle knowledge about this attack,,, so please keep post about armitage

  • Nasko

    v4L Can you pleease give me some insight on how to install armitage on either bt5 or windows cuz i've triet EVERYTHING!(I have it in bt5 installed by default but not updated,and if i update metasploit then armitage wont open,i've tried many ways and it just wont…)
     

  • youri

    Hi,

    I have a problem.. When everything seems fine but when i open armitage I don’t get the choices of mysql/postgresql or any stuff..?

    I just get
    HOST:
    PORT:
    USER:
    PASS:

    and when i try to connect with that it gives an error: Metasploit Deamon has shut down.

    • v4L

      #youri
      hmm…maybe you can try to update your backtrack first?
      try run apt-get update and then apt-get upgrade.

  • hello for me machine that i see are written cisco    why

    • v4L

      #goorgorlou
      maybe it’s your router machine; and the others are firewalled

  • Pingback: How to Set up Armitage on Backtrack 5R2(BT5R2) | Vishnu Valentino Ethical Hacking Tutorial, Security Tips and Trick()

  • kakada

    when i try launching ms08_067_netapi it says
    [*] Exploit running as background job.
    [*] Started bind handler
    [*] Automatically detecting the target…
    [*] Fingerprint: Windows 7 Enterprise 7601 Service Pack – (Build 1) – lang:Unknown
    [*] We could not detect the language pack, defaulting to English
    [-] Exploit failed [no-target]: No matching target i think it is because the windows is 7 can you tell me different way to attack it or am i doing something wrong

    • v4L

      #kakada
      ms08_067_netapi only work for windows XP SP1

  • can someone please add me to there facebook
    shpaxxxx@yahoo.com

    i have just installed back track 5 using Vmware player 32 bit and i cant get any of the commands to work for the wireless wifii .,. also i have tried several other commands in the root : bash and none of them are working,, PLEAAAAAAAAAASE HELP
    PLEASE ADD ME TO FACEBOOK
    my email on facebook is
    shpaxxxx01@yahoo.com

    thank you
    God Bless

    • v4L

      #sean patton
      if you install backtrack in vmware, for wi-fi you need to use USB wi-fi, if you use the default wi-fi the vmware cannot use it, because the wi-fi must act as usb, with that way you can use wi-fi command.
      if you want to use your default wi-fi, then you need to install your backtrack into your HDD

  • nel

    sir can you help me pls everytime i input this /pentest/exploits/framework3/msfupdate nothing happens it says

    bash: /pentest/exploits/framework3/msfupdate: No such file or directory

    i also use apt-get upgrade and then armitage stop working now pls help

    • v4L

      #nel
      try update your metasploit framework first.

      Go to your metasploit folder(maybe different folder with command below)
      # cd /opt/framework-3.x.x/msf3/

      and then run this command:
      # svn update

      • nel

        sir i try svn uopdate it it says

        Attempting to update the Metasploit Framework…
        [*]

        [*] Deprecation Note: After 2013-02-28 (February 28, 2013), Metasploit
        [*] source checkouts will NO LONGER update over SVN, but will be using
        [*] GitHub exclusively. You should either download a new Metasploit
        [*] installer, or use a git clone of Metasploit Framework before
        [*] then. You will also need outbound access to github.com:9418/TCP

        pls help me what should i do

        • v4L

          #nel
          from the error, you can download the new metasploit installer from http://www.rapid7.com/products/metasploit/download.jsp and try to re-install it. because now Metasploit use GitHub.

  • nel

    it says rpc daemon shutdown everytime i open armitage

  • Hamza

    HELP ANYONE everytime i search for an OS nothing comes up the box comes up but no hosts please someone reply thanks.

  • marg0na

    Please help me, the new user
    If you can read more! Why do I get the menu just Attacks Find Attacks & Hail Mary?
    Browser Attacks, Email Attacks, Evil Files, Browser Autopwn, File Autopwn Armitage is not on the menu! (
    ps / use BackTrack v.5 r3
    I would be grateful for any help!

  • Dony

    Hi! thanks for the great tutorial.
    i wonder if this method can access to windows 7/8 os, if can’t, can you please tell what method can be used? thanks!

    • v4L

      #Dony

      I haven’t try. You can do trial & error on your lab ๐Ÿ™‚

      or start with this http://www./tips-and-trick/install-metasploitable-on-virtual-box/

  • alex

    how to attack windows 8 using armitage

  • Anshul

    when i try exploit, it says
    [*] Started Rverse handler on 192.***.**.***:4444

    [*] Automatically detecting the target…

    [*] Fingerprint: Windows 7 Home Premium – (Build 7600) – lang:Unknown

    [*] We could not detect the language pack, defaulting to English

    [-] Exploit failed [no-target]: No matching target

    how can i solve this problems..please help