"Armitage exists to help
security professionals better understand the hacking process and appreciate
what's possible with the powerful Metasploit framework. Security professionals
who understand hacking will make better decisions to protect you and your
information." I copy that paragraph from Fast and Easy Hacking FAQ, but in
a simple way to explain what is Armitage, in my opinion it's tools that make
you learning about Netowork Security, Metasploit, and NMap more easier because
this tools make all of that tools(Metasploit, NMap) in visual way not a command
line. Just a few click and you will know the flow of an attack happen in the
network.
Requirement:
- Backtrack 4r2
- Armitage (apt-get
install Armitage from your Backtrack Box)
- Java 1.6.0+
- Metasploit
3.5+
- Database (PostgreSQL, MySQL) –>
In this tutorial we use MySQL; PostgreSQL usually used when you use
Backtrack 4r1.
10 Steps to Set Up Armitage in Backtrack
4 for Penetration Test:
Step 1:
I assume you have already installing
Armitage by using apt-get install Armitage. The next step is update your
metasploit to the latest version by using msfupdate command. This is needed to
update our exploit database to the latest version.
Bt4@bt:~#
/pentest/exploits/framework3/msfupdate
Step 2:
The next step is enabling RPC Daemon
for metasploit, in this case we will use SSL to interact with metasploit.
Bt4@bt:~#
/pentest/exploits/framework3/msfrpcd -f -U msf -P test -t Basic
The above command will start the
msfrpcd with the user msf, password test, SSL listener, on the default port
55553.
Step 3:
After setting up the MSRPC Daemon,
the next step is turn on our database service (I will use MySQL)
Bt4@bt:~# /etc/init.d/mysql start
Step 4:
The step 1-3 is the needed step to
make sure Armitage running correctly without error. If everything is okay, the
next step is run the Armitage inside /pentest/exploits/armitage/, so we need to
change the directory first.
Bt4@bt:~#
cd /pentest/exploits/armitage/
Bt4@bt:/pentest/exploits/armitage# ./armitage.sh
Step 5:
After the ./armitage.sh command,
there's should appear new window to connect to MySQL and mysql msfrpcd. Make
sure everything is correct and also check the Use SSL checklist. If everything
is OK, click CONNECT.
Step 6:
Here's the main window of Armitage,
at the top of application there's a menu, on the left side there's auxiliary,
exploits, and payload from metasploit, and at the bottom of application there's
MSFConsole.
Step 7:
The next step we need to add
host(s). We also can use NMap to scan whole network or specific IP Address. In
this case I will use "Quick Scan (OS Detect)" using NMap to find
alive hosts in my network.
My network address is 192.168.1.0/24
class C.
You need to wait until the tasks
completed. Usually it depends on scanning type, if you use intense scan will
take more time than quick scan. Below is the picture when it finish doing the task.
If the tools found alive hosts it
will be shown like the picture below (also the OS.
Step 8:
From the previous step, it shows
that we need to find some attacks available for the listed hosts.
You can use automated attack finder
from Armitage who will find the most suitable attacks for the hosts listed. you
can choose both "by Port" or "by Vulnerability". If attack
analysis has finished the application will inform you.
Step 9:
We will try the MS08_067
vulnerabilities in Windows.
The next step is the same when you
use metasploit framework. If you confused in this steps, you can use automated
exploitation (leave all the options default), then click LAUNCH and wait :-).
Step 10:
If the
targeted hosts are vulnerable with the attack, the color will be changed into
red, it means that we can breach into the computer. The next step is right click the
hosts and choose the command shell to interact with the victim.
I hope you found this tutorial
useful, especially for you who want to tests your personal network from security
breach by using metasploit.
