"Armitage exists to help security professionals better understand the hacking process and appreciate what's possible with the powerful Metasploit framework. Security professionals who understand hacking will make better decisions to protect you and your information." I copy that paragraph from Fast and Easy Hacking FAQ, but in a simple way to explain what is Armitage, in my opinion it's tools that make you learning about Netowork Security, Metasploit, and NMap more easier because this tools make all of that tools(Metasploit, NMap) in visual way not a command line. Just a few click and you will know the flow of an attack happen in the network.
2. Armitage (apt-get install armitage from your Backtrack Box)
3. Java 1.6.0+
If you still unfamiliar with Backtrack, you can read my previous post about 5 useful things in Backtrack Linux.
1. I assume you have already installing Armitage by using apt-get install armitage. The next step is update your metasploit to the latest version by using msfupdate command. This is needed to update our exploit database to the latest version.
2. The next step is enabling RPC Daemon for metasploit, in this case we will use SSL to interact with metasploit.
d -f -U msf -P test -t Basic
The above command will start the msfrpcd with the user msf, password test, SSL listener, on the default port 55553.
3. After setting up the MSRPC Daemon, the next step is turn on our database service (I will use MySQL)
v4L@bt:~# /etc/init.d/mysql start
4. The step 1-3 is the needed step to make sure Armitage running correctly without error. If everything is okay, the next step is run the Armitage inside /pentest/exploits/armitage/, so we need to change the directory first.
v4L@bt:~# cd /pentest/exploits/armitage/ v4L@bt:/pentest/exploits/armitage# ./armitage.sh
5. After the ./armitage.sh command, there's should appear new window to connect to MySQL and mysql msfrpcd. Make sure everything is correct and also check the Use SSL checklist. If everything is OK, click CONNECT.
6. Here's the main window of Armitage, at the top of application there's a menu, on the left side there's auxiliary, exploits, and payload from metasploit, and at the bottom of application there's MSFConsole.
7. The next step we need to add host(s). We also can use NMap to scan whole network or specific IP Address. In this case I will use "Quick Scan(OS Detect)" using NMap to find alive hosts in my network.
My network address is 192.168.1.0/24 class C.
You need to wait until the tasks completed. Usually it depends on scanning type, if you use intense scan will take more time than quick scan. Below is the picture when it finish doing the task.
If the tools found alive hosts it will be shown like the picture below(also the OS).
8. From the previous image it shows that we need to find some attacks available for the listed hosts.
You can use automated attack finder from armitage who will find the most suitable attacks for the hosts listed. you can choose both "by Port" or "by Vulnerability". If attack analysis has finished the application will inform you like the picture below.
9. In this example I will try the MS08_067 vulnerability in Windows.
The next step is the same when you use metasploit framework. If you confused in this steps, you can use automated exploitation (leave all the options default), then click LAUNCH and wait :-).
10. If the targeted hosts is vulnerable with the attack, the color will be changed into red, that's mean that we can breach into the computer.
The next step is right click the hosts and as you can see on the above picture, I choose the command shell to interact with the victim. I think you should know what happen next when I click that option….PWNED. 🙂
I hope you found this tutorial useful, especially for you who want to tests your personal network from security breach by using metasploit. If there's any question or suggestion I welcome you to write on my comments below :-).