Slide 1

2010 MAD Security, LLC All rights reserved ArmitageArmitage A Power Users Interface for Metasploit

Slide 2

Overview What is Armitage? User Interface Reconnaissance and Host Management Attack Post-Exploitation Maneuver Reporting

Slide 3

What is Armitage? User interface for Metasploit Red Team collaboration Advanced Post-exploitation Time Saving Automation Fast moving: 30+ Updates in 2011 Distributed with Metasploit BackTrack Linux Recommended

Slide 4

User Interface Visualize targets Find the right module Work on multiple things

Slide 5

User Interface

Slide 6

Reconnaissance Launch NMap db_nmap Hosts -> NMap Scans Not pivot friendly!

Slide 7

Reconnaissance MSF Scans Launches 20+ Metasploit Auxiliary Modules Works through a pivot

Slide 8

Import Hosts Acunetix Amap Appscan Burp Session Foundstone IP360 Microsoft Baseline Security Analyzer Nessus NetSparker NeXpose Nmap OpenVA Qualys Retina Reconnaissance

Slide 9

Host Management Table View Displays hundreds of hosts Same information as graph view

Slide 10

Host Management For large networks, use dynamic workspaces Group hosts by: Network Open services Operating system Session status Use Workspaces menu to switch

Slide 11

Attack: Remote Exploits Search for exploits Use module browser Exploit recommendations Attacks -> Find Attacks Hail Mary Smarter db_autopwn

Slide 12

Attack: Remote Exploits

Slide 13

Attack: Client-side Search for module Optional: configure payload Launch module

Slide 14

Attack: Client-side Search for module Optional: configure payload Launch module

Slide 15

Attack: Client-side Search for module Optional: configure payload Launch module

Slide 16

Attack: Client-side Search for module Optional: configure payload Launch module

Slide 17

Post Exploitation Spy on the user Screenshots, webcam, key logging Access the file system Upload, download, TIMESTOMP Escalate your privileges Token stealing, local exploits

Slide 18

Post Exploitation

Slide 19

Maneuver Host Discovery: ARP Scan Pivoting Setup Metasploit Scans

Slide 20

Maneuver Host Discovery: ARP Scan Pivoting Setup Metasploit Scans

Slide 21

Maneuver Host Discovery: ARP Scan Pivoting Setup Metasploit Scans

Slide 22

Maneuver: Pass the Hash Use password hashes to authenticate as a user Requires an Active Directory domain

Slide 23

Maneuver: Pass the Hash Use password hashes to authenticate as a user Requires an Active Directory domain

Slide 24

Reporting Activity Logs All console tabs logged Organized by host/date Export Data TSV and XML output of most data Quick Screenshot Grab a screenshot of any tab

Slide 25

Summary What is Armitage? User Interface Reconnaissance and Host Management Attack Post-Exploitation Maneuver Reporting

Slide 26

Where to next? Armitage Homepage http://www.fastandeasyhacking.com/http://www.fastandeasyhacking.com/ Twitter @armitagehacker