Type : Tutorial
Level : Medium
Target O.S : Windows XP SP0
Attacker O.S : Backtrack 5 R2
Long time I didn't wrote a tutorials about how to use Armitage…actually yesterday I have already wrote about How to Set Up Armitage on Backtrack 5 R2 and now I'm try to wrote a simple tutorial about step by step how to use Armitage to perform an attack.
In this tutorial I will scan the whole network of my lab PC(my own PC's) and mapping it using Armitage, and then set up a VNC viewer as my payload to view victim computer screen.
Once again I told you that this tutorial maybe didn't work if you have some antivirus in your victim PC, but the point I want to deliver here was the logic how to perform the attack by using this Armitage automatic exploitation tools.
1. Armitage 052112 I'm use this version (If you use Backtrack 5 R2 this package already there)
if you have problem to start using your Armitage, you can view the set up tutorial in this page(setup armitage in backtrack 5 R2).
1. For the first step, of course you need to start your Armitage. You can view the tutorial here about setup armitage on backtrack 5 r2
2. Choose Host → MSF Scans (You also can use Nmap scans)
and then enter your scan range address. You can use single IP address, or CIDR notation, or IP address range(e.g 192.168.1.100 – 192.168.1.110)
If there's other PC's on your network you also can view in this window as the result.
3. Armitage has automatic exploitation feature called Hail Mary. According to Armitage website :
If manual exploitation fails, you have the hail mary option. Attacks -> Hail Mary launches this feature. Armitage's Hail Mary feature is a smart db_autopwn. It finds exploits relevant to your targets, filters the exploits using known information, and then sorts them into an optimal order.
In this case I will use Hail Mary feature, even though you also can use manual exploitation for more specific targets.
4. After Hail Mary finish scans the hosts and found a vulnerable host on your network, it will show a red color PC image, but if you found nothing, then maybe you can try using a manual exploitation to exploit the target.
6. Because the program already do everything for us(for major vulnerability and known vulnerability) we just need to connect to meterpreter that ready to interact, you can choose Command Shell, Meterpreter Shell, or VNC. In this case, because the victim PC was also my personal PC, I will use VNC as my payload.
7. After choosing VNC desktop as a payload, there's a pop up window told us to run our VNC viewer to connect on our local address with specific port(written there).
8. Now open up a new terminal and type vncviewer command to open new vnc dialog window. I wrote down the information on vnc viewer window text box : 127.0.0.1:5930 and press enter while you finish (btw, I'm capture this event two times with two times trying, and I just realized that the port number was changed )
9. There's your VNC window remoting a victim computer
Hope it's useful