Today I had a great half-day training on Metasploit and Armitage organized by our local OWASP Austin chapter and hosted by Microsoft. What I learned today was so interesting that I can't resist to share it here.
Raphael Mudge - Designer of Armitage
Metasploit is an open source penetration testing framework. It contains a database of exploits, payloads and post modules. The goal of the training was to find an exploit on a remote machine, run a payload through this exploit and execute a post module (which is what you can do after taking control over the victim's machine). Of course, you can find more detail about it on wikipedia.
Metasploit is a command line tool. To make it easier (and funnier), Raphael Mudge designed Armitage, which is a user interface for Metasploit. Here is how it looks like:
Armitage - GUI for Metasploit
When a machine on the network is comprised, Armitage illustrates it as a monitor wrapped into thunder lights. Perfect for a hacker movie:D
Here are the materials we had for this training:
- The training slides are available here
- The exercises sheet is available at here
- Metasploit - http://www.metasploit.com/download/
- Metasploitable - http://blog.metasploit.com/2010/05/introducing-metasploitable.html
- VM Ware player - http://www.vmware.com/
When I first started Armitage, it could not connect to the database. I had to kill all ruby processes and reconnect again.Once Armitage started, you may be asked to enter your IP address. If you dont you can always set it later by running the following command in the console; it will set a global variable.
setg LHOST 10.10.10.10
Here are some interesting resources for further reading:
- offensive-security.com - online courses on Metasploit
- pentest.cryptocity.net - online courses for Penetration Testing and Vulnerability Analysis currently taught at the Polytechnic Institute of New York University
9 comments:
Hi perfect video, i'm new with this tool, but there is something i could not understand yet, example:
i'm runing Backtrack and Armitage in:192.162.1.1
so, if i did a scan, i found one Os windows victim with:192.168.1.2, then i have to choice my victim and run find attack, so my question are: 1.-With (find attack) armitage gonna find vulnerable holes?
2.-So when i gonna know what is the perfect exploit to attack the victim machine?
and 3.- i saw in you video, that you open a Internet browser with an IP, what does it means the IP?
Thanks, greetings from Chiapas,Mexico.
@IcebergDelphi
1. Yes, "Find Attacks" will try to find the specified vulnerability on the target, but there is no guarantee of success, unless you are using Metasploitable. With "Hail Mary", Armitage will try all known vulnerabilities.
2. If you find several exploitable vulnerabilities, read about them to understand which one gives you the higher level of control on the target and which one is the easiest to exploit.
3. The IP I am opening in the web browser at the end of the video is the IP of the server hosting the malicious Java applet. In this case, it is actually hosted by Armitage/Metasploit.
Have fun and be safe!
Matthias
i know i need postgres to create a connection for armitage but i don't know how to do it on windows..Can you tell me the settings you used in postgres ?
@xkazolx,
The Armitage installer provides everything you need. You don't need to install Postgres separately. Also, I used all the default settings. If you share more details about the error you are getting, I might be able to help you.
Thanksbut i found the problem, i have installed metasploit mini.Wheni changed to Mteasploit full verything works
hey Matthias.
super cool tutorial!
A friend and i have been playing around with it now, and got stuff working.
But we are wondering why you puts the "J" in the path from the Java modul at the end?
And when we do that, it works, and without it i doesn't.
Also, when we are in, why can we use stuff like the "key logger" or any other moduls ?
Thanks.
Mathias.
@Mathias,
I put J in URIPATH just to put something. It could be anything. By default, the value is random.
Not all exploit give full control on the target, this is why you may not be able to use all the modules.
wow.. very interesting with virtual metasploit.. i will try it.. thanks bro. =) keep it up.
Thanks great bblog post
Post a Comment