ARMITAGE-THE CYBER ATTACK MANAGEMENT

Click here to load reader

  • date post

    15-Jan-2015
  • Category

    Education

  • view

    9.320
  • download

    6

Embed Size (px)

description

Armitage developed by Raphael mudge a gui format for metasploit framework for pentesr and security researcher,here u can manage as also prevent the cyber attack.this project means for educational purpose only.do not use as crime

Transcript of ARMITAGE-THE CYBER ATTACK MANAGEMENT

  • 1. 1|Page Armitage-the cyber attackmanagementArmitage is a graphical Cyber Attack Management tool for Metasploit(http://www.metasploit.com) that visualizes your targets, recommends exploits,and exposes the advanced capabilities of the framework.Advanced users will find Armitage valuable for managingremote Metasploit instances and collaboration. Armitagesred teamcollaboration features allow your team to use the same sessions, share data, andcommunicate through one Metasploit instance.Metasploit is a popular exploitation framework that has seen plenty ofcoverage towards a penetraster. Armitage, a new GUI for Metasploit builtaround the hacking process. Today, I will show you how to use Armitage toscan a Linux host, find the right exploit, exploit the host, and handle post-exploitation. By following this project, we will learn how to use Armitage andMetasploit in our own work. This wonderful feature of penetration testing hasbeen created by Raphael Mudge

2. 2|PageBASIC REQUIREMENTS:Windows xp,Windows 7BackTrack r3PostgresqlMy-SqlLinux(here I have used BlackBuntu)A fresh install of Metasploit (http://www.metasploit.com/) 4.4 or laterOracles Java 1.7 (http://www.java.com)MAC OSX 3. 3|PageArmitage: A HAckers PercePtiveAbout Armitage:Armitage is a graphical cyber-attack management tool for Metasploit(http://www.metasploit.com) that visualizes your targets, recommends exploits,and exposes the advanced capabilities of the framework. Advanced users willfind Armitage valuable for managing remote Metasploit instances andcollaboration. Armitagesred teamcollaboration features allow your team to usethe same sessions, share data, and communicate through one Metasploitinstance. Armitage is a scriptable red team collaboration tool for Metasploit thatvisualizes targets, recommends exploits, and exposes the advancedpost-exploitation features in the framework. Through one Metasploit instance, ourteam will: Use the same sessions Share hosts, captured data, and downloaded files Communicate through a shared event log. Run bots to automate red team tasksWhen metasploit and armitage meet to each other than they make a powerfulcyber management tool for doing pen testing on the network(s). Armitage allowyour team to use the same sessions, share data, and communicate through oneMetasploit instance. It is very helpful tool to learn about the cyber securitybecause it provides a graphical interface instead of command line. 4. 4|PageArmitage makes Metasploit usable for security practitioners who understandhacking but dont use Metasploit every day. Armitage can help us by providingfollowing modules on cyber attack management which are:1.commercial supportArmitage is open source software developed by Raphael Mudges companyStrategic Cyber LLC. Cobalt Strike is the commercially supported big brotherof Armitage. Cobalt Strike adds features to support professional penetrationtesters and red teams, including: Professional Reports Spear Phishing Web Drive-by Attacks Client-side Reconnaissance VPN Pivoting Covert Command and Control1.1Professional ReportsProfessional Reports depends on the following hosts and vulnerabilities whichis based on host reportHosts ReportMarch 1, 2012This report shows host information gathered during this penetration test.SummaryHosts: 12Services: 30Vulnerabilities: 7Compromises: 11 5. 5|Page10.10.10.1Operating System: Cisco IOSName:MAC Address: 08:00:27:26:cc:f910.10.10.3Operating System: Microsoft Windows 2008 R2 SP0Name: DCMAC Address: 08:00:27:1c:62:e1Servicesport proto name info139 tcp135 tcp389 tcp445 tcpsmb Windows Server 2008 R2 Enterprise (Build 7600)(language:Unknown) (name:DC) (domain:CORP)CredentialsUser passAdministrator e52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bCompromisesopeneddurationmethod03-01-12 09:23:54 PM 1 minute Microsoft Windows Authenticated User Code Execution03-01-12 09:21:28 PM 1 minute Microsoft Windows Authenticated User Code ExecutionVulnerabilities 6. 6|Page Microsoft Windows Authenticated User Code ExecutionThis module uses a valid administrator username and password (or passwordhash) to execute an arbitrary payload. This module is similar to the "psexec"utility provided by SysInternals. This module is now able to clean up after itself.The service created by this tool uses a randomly chosen name and description.10.10.10.4Operating System: Microsoft Windows .NET Server SP0Name: FILESERVERMAC Address: 08:00:27:5c:d4:adServicesport proto nameinfo139 tcp135 tcp445 tcpWindows 2003 No Service Pack (language:Unknown)(name:FILESERVER)(domain:CORP)Credentialsuser passAdministrator e52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bSUPPORT_388945a0 aad3b435b51404eeaad3b435b51404ee:5ace38267297985b281184a14fc8ddccGuest aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0Compromisesopenedduration method 7. 7|Page03-01-12 09:14:46 PM unknown Microsoft Server Service Relative Path StackCorruptionVulnerabilities Microsoft Server Service Relative Path Stack CorruptionThis module exploits a parsing flaw in the path canonicalization code ofNetAPI32.dll through the Server Service. This module is capable of bypassingNX on some operating systems and service packs. The correct target must beused to prevent the Server Service (along with a dozen others in the sameprocess) from crashing. Windows XP targets seem to handle multiple successfulexploitation events, but 2003 targets will often crash or hang on subsequentattempts. This is just the first version of this module, full support for NX bypasson 2003, along with other platforms, is still in development.10.10.10.5Operating System: Microsoft Windows .NET Server SP0Name: MAILMAC Address: 08:00:27:1f:1d:86Servicesport proto name info25 tcpsmtp 220 ACME Corporation Mail Server[hMailServer]139tcp143tcpimap * OK IMAPrev1110tcp pop3 +OK POP3135tcp445tcp Windows 2003 No Service Pack (language:Unknown) (name:MAIL) (domain:CORP)Credentialsuser passSUPPORT_388945a0aad3b435b51404eeaad3b435b51404ee:5ace38267297 8. 8|Page985b281184a14fc8ddccGuestaad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae9 31 b73c59d7e0c089c0Administratore52cac67419a9a22d419bc5eacf63c92:83414a69a47afe ec7e3a37d05a81dc3bCompromisesopened duration method03-01-12 09:14:46 PM unknown Microsoft Server Service Relative Path StackCorruptionVulnerabilities Microsoft Server Service Relative Path Stack CorruptionThis module exploits a parsing flaw in the path canonicalization code ofNetAPI32.dll through the Server Service. This module is capable of bypassingNX on some operating systems and service packs. The correct target must beused to prevent the Server Service (along with a dozen others in the sameprocess) from crashing. Windows XP targets seem to handle multiple successfulexploitation events, but 2003 targets will often crash or hang on subsequentattempts. This is just the first version of this module, full support for NX bypasson 2003, along with other platforms, is still in development10.10.10.18Operating System: Microsoft Windows XP SP2Name: JOSHDEVMAC Address: 08:00:27:5a:86:29Servicesport proto name info135 tcp139 tcp 9. 9|Page445 tcpWindows XP Service Pack 2 (languageEnglish) (name:JOSHDEV) (domain:CORP)Credentialsuser passjosh.sokol aad3b435b51404eeaad3b435b51404ee:34c63bad990d7b7c ffa64bf36f8ba19cUseraad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931 b73c59d7e0c089c0Administrator e52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bCompromisesopenedduration method03-01-12 09:14:49 PM unknown Microsoft Server Service Relative Path StackCorruptionVulnerabilities Microsoft Server Service Relative Path Stack CorruptionThis module exploits a parsing flaw in the path canonicalization code ofNetAPI32.dll through the Server Service. This module is capable of bypassingNX on some operating systems and service packs. The correct target must beused to prevent the Server Service (along with a dozen others in the sameprocess) from crashing. Windows XP targets seem to handle multiple successfulexploitation events, but 2003 targets will often crash or hang on subsequentAttempts. This is just the first version of this module, full support for NXbypass on 2003, along with other platforms, is still in development.10.10.10.21Operating System: Linux UbuntuName: 10.10.10.21MAC Address: 08:00:27:9d:3c:64 10. 10 | P a g eServicesport proto nameinfo80tcphttp Apache/2.2.14 (Ubuntu)22tcpssh SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu710.10.10.188Operating System: Microsoft Windows 7 SP0Name: WS2MAC Address: 08:00:27:08:3f:1dServicesport proto name info139 tcp135tcp445 tcpsmbWindows 7 Ultimate (Build 7600) (language:Unknown) (name:WS2)(domain:CORP)Credentialsuserpassadministrator e52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bCompromisesopenedduration method03-01-12 09:23:53 PM 1 minute Microsoft Windows Authenticated User CodeExecution03-01-12 09:11:42 PM unknown Generic Payload Handler03-01-12 09:21:26 PM 1 minute Microsoft Windows Authenticated User CodeExecutionVulnerabilities Microsoft Windows Authenticated User Code ExecutionThis module uses a valid administrator username and password (orpassword hash)to execute an arbitrary payload. This module is similarto the "psexec" utility providedby SysInternals. This module is now ableto clean up after itself. The service createdby this tool uses a randomlychosen name and description. 11. 11 | P a g e10.10.10.189Operating System: Microsoft Windows 7 SP0Name: CEOSBOXMAC Address: 08:00:27:78:78:fbServicesport proto name info135tcp139tcp445tcpsmb Windows 7 Ultimate (Build 7600) (language:Unknown) (name:CEOSBOX) (domain:CORP)Credentialsuserpassadministratore52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bCORP/administrator e52cac67419a9a22d419bc5eacf63c92:83414a69a47afeec7e3a37d05a81dc3bCompromisesopenedduration method03-01-12 09:23:53 PM 1 minute Microsoft Windows Authenticated User CodeExecution03-01-12 09:21:28 PM 1 minute Microsoft Windows Authenticat