Armitage Manual

download Armitage Manual

of 17

  • date post

    02-Jun-2018
  • Category

    Documents

  • view

    223
  • download

    0

Embed Size (px)

Transcript of Armitage Manual

  • 8/10/2019 Armitage Manual

    1/17

    I. Table of Contents

    1. About Armitage2. Getting Started3. User Interface Tour4. Host Management5. Exploitation

    6. Post-Exploitation7. Maneuvering8. Remote Metasploit

    1. About Armitage

    1.1 What is Armitage?

    Armitage is a graphical cyber attack management tool for Metasploit (http://www.metasploit.com) that visualizes your targets,recommends exploits, and exposes the advanced capabilities of the framework.

    Advanced users will find Armitage valuable for managing remote Metasploit instances and collaboration. Armitage's red teamcollaboration featuresallow your team to use the same sessions, share data, and communicate through one Metasploit instance.

    Armitage makes Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you wto learn Metasploit and grow into the advanced features, Armitage can help you.

    1.2 Cyber Attack Management

    Armitage organizes Metasploit's capabilities around the hacking process. There are features for discovery, access, post-exploitatioand manuver. This section describes these features at a high-level, the rest of this manual covers these capabilities in detail.

    For discovery, Armitage exposes several of Metasploit's host managementfeatures. You can import hosts and launch scans topopulate a database of targets. Armitage also visualizes the databaseof targets--you'll always know which hosts you're working wand where you have sessions.

    Armitage assists with remote exploitation--providing features to automatically recommend exploits and even run active checks so know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash Armitage's smarter

  • 8/10/2019 Armitage Manual

    2/17

    db_autopwn against your target database.

    For those of you who are hacking post-2003, Armitage exposes the client-side features of Metasploit. You can launch browserexploits, generate malicious files, and create Meterpreter executables.

    Once you're in, Armitage provides several post-exploitationtools built on the capabilities of the Meterpreter agent. With the click menu you will escalate your privileges, dump password hashes to a local credentials database, browse the file system like you're land launch command shells.

    Finally, Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attackingother hosts and further investigating the target network. Armitage also exposes Metasploit's SOCKS proxy module which allowsexternal tools to take advantage of these pivots. With these tools, you can further explore and maneuverthrough the network.

    The rest of this manual is organized around this process, providing what you need to know in the order you'll need it.

    1.3 Necessary Vocabulary

    To use Armitage, it helps to understand Metasploit. Here are a few things you absolutely must know before continuing:

    Metasploit (http://www.metasploit.com/) is a console driven application. Anything you do in Armitage is translated into a commandMetasploit understands. You can bypass Armitage and type commands yourself (covered later). If you're ever lost in a console, tyhelpand hit enter.

    Metasploit presents its capabilities as modules. Every scanner, exploit, and even payload is available as a module. If you're scanna host, you use an auxiliary module. Before launching a module, you must set one or more variables to configure the module. Theexploit process is similar. To launch an exploit, you must choose an exploit module, set one or more variables, and launch it.Armitage aims to make this process easier for you.

    If you successfully exploit a host, you will have a sessionon that host. Armitage knows how to interact with shell and Windowsmeterpreter sessions.

    Meterpreteris an advanced agent that makes a lot of post-exploitation functionality available to you. Armitage is built to takeadvantage of Meterpreter. Working with Meterpreter is covered later.

    The Metasploit Unleashed course (http://www.offensive-security.com/metasploit-

    unleashed/Metasploit_Unleashed_Information_Security_Training) maintained by the Offensive Security(http://www.offensive-security.com/) folks is excellent. I recommend reading it before going further.

    2. Getting Started

    2.1 Prerequisites

    Armitage is installed with the Metasploit 4.0.0 full install package. It has all of the prerequisites you'll need, including:

    Java 1.6.0+ (http://java.sun.com)Metasploit 4.0.0+ (http://www.metasploit.com)

    A database and the information to connect to it

    Make sure you use the official Sun Oracle Java. This project does not support other Java environments.

    You want the latest version of the Metasploit Framework. Armitage is tested against the latest Metasploit with no goal of supportinolder versions. Use subversion to check out the latest version of Metasploit and keep it up to date by running msfupdateregularly

    Finally, you must have a database for Metasploit to connect to. Armitage requires you to know the username, password, hostnameand database before connecting.

    I highly recommend that you use PostgreSQL instead of MySQL. There is an unresolved issue in Metasploit causingMySQL databases to break when Metasploit chooses to change a database schema. The Metasploit team also testswith Postgres. The full setup installers for Metasploit on Windows and Linux set up Postgres for you.

  • 8/10/2019 Armitage Manual

    3/17

    2.2 Getting Started: Linux

    To install Armitage on Linux:

    1. Make sure you're the root user2. Download and Install the Metasploit Framework from http://www.metasploit.com/ (http://www.metasploit.com/) .

    Get the full package with all of the Linux dependencies.3. After installation, type: /opt/framework/app/msfupdateto update Metasploit.

    4. Install a VNC viewer (e.g., apt-get install vncvieweron Ubuntu)

    To launch Armitage:

    sudo armitage

    Click Start MSFto launch Metasploit's RPC daemon and connect to it. The settings for Metasploit's installed database are alreadup for you. You do not need to change the DB connect string.

    2.3 Getting Started: BackTrack Linux

    BackTrack Linux 5 (http://www.backtrack-linux.org) includes Metasploit and Armitage--ready for your use.

    Open a terminal and type armitageto start Armitage.

    Click the Start MSFbutton to launch Metasploit and connect Armitage to it.

    If you want to use Armitage, BackTrack Linux is the easiest way to get started.

    2.4 Getting Started: Windows

    To install Armitage on Windows:

    1. Make sure you're the Administrator user (enable it if you have to (http://lifehacker.com/#!341521/enable-vistas-administrator-acco)

    2. Download and Install the Metasploit Framework from http://www.metasploit.com/ (http://www.metasploit.com/) .

    Get the package with all of the dependencies.3. Go to Start-> All Programs-> Metasploit Framework-> Metasploit Update

    To use Armitage:

    Navigate to Start-> All Programs-> Metasploit Framework-> ArmitageClick Start MSFand wait for a connection

    If something goes wrong, press Ctrl-Alt-Deland kill any ruby processes that you see.

    2.5 Getting Started: MacOS X

    Armitage works on MacOS X but it's not a supported platform for Armitage. Metasploit does not have an official package for OS

    There is a lot of manual setupinvolved getting the pre-requisites working. Cedric Baillet created a step-by-step guide(http://www.cedric-baillet.fr/IMG/pdf/armitage_configuration_on_macosx.pdf) to configuring Postgres and Ruby for use with Armitage MacOS X as well.

    I put a lot of energy into Armitage and supporting Windows takes a lot out of me as it is. I'm happy to fix MacOS Xspecific bugs in Armitage but I will not help you troubleshoot your Metasploit or database installation on MacOS X.I'm not withholding the secret from you--I do notuse Metasploit on MacOS X and I have no idea how to help you.

    Armitage on MacOS X works fine as a remote clientto Metasploit. Download the MacOS X package, extract it, and double-clickArmitage.app file to get started.

    3. User Interface Tour

  • 8/10/2019 Armitage Manual

    4/17

    3.1 Overview

    The Armitage user interface has three main panels: modules, targets, and tabs. You may click the area between these panels to resthem to your liking.

    3.2 Modules

    The module browser lets you launch a Metasploit auxiliary module, throw an exploit, generate a payload, and even run a post-exploitation script. Click through the tree to find the desired module. Double click the module to bring up a dialog with options.

    Armitage will place highlighted hosts from the targets panel into the RHOSTSvariable of any module launched from here.

    You can search for modules too. Click in the search box below the tree, type a wildcard expression (e.g., ssh_*), and hit enter. Thmodule tree will then show your search results, already expanded for quick viewing. Clear the search box and press enter to restorthe module browser to its original state.

    3.3 Targets - Graph View

    The targets panel shows all hosts in the current workspace. Armitage represents each target as a computer with its IP address andother information about it below the computer. The computer screen shows the operating system the computer is running.

  • 8/10/2019 Armitage Manual

    5/17

    A red computer with electrical jolts indicates a compromised host. Right click the computer to use any sessions related to the host.

    A directional green line indicates a pivot from one host to another. Pivoting allows Metasploit to route attacks and scans throughintermediate hosts. A bright green line in