How to Use Armitage on Backtrack 5 R2 to Hack Windows
Type : Tutorial
Level : Medium
Target O.S : Windows XP SP0
Attacker O.S : Backtrack 5 R2
Long time I didn't wrote a tutorials about how to use Armitage…actually yesterday I have already wrote about How to Set Up Armitage on Backtrack 5 R2 and now I'm try to wrote a simple tutorial about step by step how to use Armitage to perform an attack.
In this tutorial I will scan the whole network of my lab PC(my own PC's) and mapping it using Armitage, and then set up a VNC viewer as my payload to view victim computer screen.
Once again I told you that this tutorial maybe didn't work if you have some antivirus in your victim PC, but the point I want to deliver here was the logic how to perform the attack by using this Armitage automatic exploitation tools.
Requirements :
1. Armitage 052112 I'm use this version (If you use Backtrack 5 R2 this package already there)
if you have problem to start using your Armitage, you can view the set up tutorial in this page(setup armitage in backtrack 5 R2).
Step by Step :
1. For the first step, of course you need to start your Armitage. You can view the tutorial here about setup armitage on backtrack 5 r2
2. Choose Host → MSF Scans (You also can use Nmap scans)
and then enter your scan range address. You can use single IP address, or CIDR notation, or IP address range(e.g 192.168.1.100 – 192.168.1.110)
If there's other PC's on your network you also can view in this window as the result.
3. Armitage has automatic exploitation feature called Hail Mary. According to Armitage website :
If manual exploitation fails, you have the hail mary option. Attacks -> Hail Mary launches this feature. Armitage's Hail Mary feature is a smart db_autopwn. It finds exploits relevant to your targets, filters the exploits using known information, and then sorts them into an optimal order.
In this case I will use Hail Mary feature, even though you also can use manual exploitation for more specific targets.
4. After Hail Mary finish scans the hosts and found a vulnerable host on your network, it will show a red color PC image, but if you found nothing, then maybe you can try using a manual exploitation to exploit the target.
6. Because the program already do everything for us(for major vulnerability and known vulnerability) we just need to connect to meterpreter that ready to interact, you can choose Command Shell, Meterpreter Shell, or VNC. In this case, because the victim PC was also my personal PC, I will use VNC as my payload.
7. After choosing VNC desktop as a payload, there's a pop up window told us to run our VNC viewer to connect on our local address with specific port(written there).
8. Now open up a new terminal and type vncviewer command to open new vnc dialog window. I wrote down the information on vnc viewer window text box : 127.0.0.1:5930 and press enter while you finish (btw, I'm capture this event two times with two times trying, and I just realized that the port number was changed 
)
9. There's your VNC window remoting a victim computer
Hope it's useful 
Incoming search terms:
- how to use backtrack 5 r2
- how to setup ip address on backtrack 5 r2?
- hack windows 7 using armitage
- armitage windows 8
- armitage vnc
- how to hack windows 7 with armitage
- hail mary backtrack
- hail mary armitage
- Vnc backtrack
- backtrack 5 r2 manual
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
8 Responsesto “How to Use Armitage on Backtrack 5 R2 to Hack Windows”
Leave a Reply
Links
Get Updates via Networkedblogs
bro it can only be used in lan ?or how to use in wan or internet cloud?
Thanks!!
it would be better if u explain to use commands by terminal without softwares…
go through this …..
http://exploitthetechnology.blogspot.in/2012/06/target-windows-7-metasploit.html
good blog dude………keep rocking
If you need to see what your kid is doing on a windows 7 computer and you know their password to login:
right click their computer in armitage and login>psexec
then just login with the username and pass and you will a have a meterpreter session going,
then continue this tut at the vncviewer part
#Justin
thanks for adding.
point 4. After Hail Mary finish scans the hosts and found a vulnerable host on your network, it will show a red color PC image but it isnt.
i see:
Exploit running as background job.
[*] Started reverse handler on 192.168.1.3:12022
[*] Automatically detecting the target…
[*] Fingerprint: Windows 7 Enterprise – (Build 7600) – lang:Unknown
[*] We could not detect the language pack, defaulting to English
[-] Exploit failed [no-target]: No matching target
Where is the problem? sorry for my english
#Peter
since armitage is a tool created by human, sometimes they can do false alarm. It’s good if you not just use armitage, but try to use other tools to scan the host destination to match the armitage report with your own scan, so the validity become 85%-90%.