Armitage – The Ultimate Attack Platform for Metasploit

July 9, 2011, by | Start Discussion

Now! You have one more reasons to add Metasploit in your Pentest Toolkit. You just can?t ignore Metasploit anymore just because it does not give you user interface like commercial frameworks available out there like Core Impact and Immunity Canvas.

I know most people think, that using Armitage makes them feel like a script kiddy. It may be so, but you just can?t afford not to get your hands dirty on industry?s Most Recognized and Most Respected Exploitation Framework i.e Metasploit. I am sure, when you have Armitage in your hands, you will definitely find some good reasons to love it.

Armitage

To use Armitage, it is necessary to understand Metasploit. Metasploit is a command line tool. Anything you do in Armitage is translated into a command that Metasploit understands. To make it easier and funnier “Raphael Mudge” designed Armitage, which is a user interface for Metasploit.
 

Image Source: http://www.offensive-security.com/metasploit-unleashed/Armitage_Scanning
 
Armitage is a graphical management tool for Metasploit. It helps you to indulge your senses by visualizing your targets, recommends exploits and exposes the advance capabilities of the framework. Armitage takes Metasploit?s capabilities to a new level of ease with new features like:
  1. Discovery
  2. Access
  3. Post Exploitation
  4. Maneuver

Image Source: http://www.fastandfreehacking.com
 

Step 1: Discovery:
  • Armitage provide several Host Management features available in Metasploit.
  • You can import hosts and launch scans to buildup a database of possible targets and visualize them on the screen, working with visualizations is more interactive when you right click on them and configures the options and settings according to your network environment.
Step 2: Assist:
 
  • Armitage assists by providing features like automatically recommending exploits and even runs active checks so you know which exploits will work and which will not.
  • If these options fail, you can use the Hail Mary approach and unleash the power of db_autopwn against your possible targets.
Step 3: Post Exploitation:
 
  • Armitage provides several post-exploitation tools built on the capabilities of the Meterpreter agent, so in a way it extends the capability of traditional Meterpreter.
  • With the click of a menu you can escalate your privileges, dump password hashes to a local credentials database, browse the file system like local user, and launch command shells.
 
Step 4: Maneuver:
 
  • Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attacking other hosts and further investigating the target network which you may find only on commercial available exploit frameworks.
  • Armitage also exposes Metasploit's SOCKS proxy module which allows external tools to take advantage of these pivots.
  • With these tools, you can further explore and maneuver through the network.
Armitage Prerequisites:
 
Armitage has the following prerequisites:
  • Java 1.6.0+
  • Metasploit 3.5+
  • Armitage requires you to know the Username, Password, Hostname, and Database before connecting.
If you're on Windows, you're in luck, the Metasploit team sets up PostgreSQL for you. If you launch Metasploit on Windows, you do not need to provide database information when launching Armitage. Note: Backtrack 5 includes Metasploit and Armitage by default and it is fully configured for immediate use.
 
Invoking Armitage:
 
  • To invoke armitage you have to start the Metasploit RPC daemon first: cd /pentest/exploits/framework3
  • And type   ./msfrpcd -f -U msf -P test -t Basic
  • This will start msfrpcd with the user msf, password test, SSL listener, on the default port 55553.
  • Once you have a database, navigate to the folder containing the Armitage files and type: ./armitage.sh
 

Exploring Armitage User Interface:

 
The Armitage user interface has three main panels:
1. Modules
2. Targets
3. Tabs
 

Image Source: http://www.fastandfreehacking.com

 

Targets:

 
  • The targets panel shows all hosts in the current workspace.
  • Armitage represents each target as a computer with its IP address and other information about it below the computer.
  • The computer screen shows the operating system the computer is running.
Image Source: http://www.fastandfreehacking.com

 
Modules:
 
  • The modules panel lets you launch a Metasploit auxiliary module, throw an exploit, or generate a payload.
  • Click through the tree to find the desired module. Double click the module to bring up a dialog with options.
 
Consoles:
 
A console panel lets you interact with a command line interface through Armitage. The Metasploit console, Meterpreter console, and shell session interfaces all use a console panel.
The console panel features a command history. Use the up arrow to cycle through previously typed commands. The down arrow moves back to the last command you typed.
 

Demonstration! (Operating System: Fedora 13)

 
Step 1: Go to terminal and change your directory where you have extracted Armitage and invoke Armitage using the following command:
./armitage:
 
Step 2: click on the ? Command button in front of connection string and enter your database credentials, as shown in the snapshot below:
 
Step 3: After entering your correct database credentials, click on save and click connect, in order to connect the database. Press ok! And continue with Armitage GUI.
Step 4: Now, first task we need to perform is to discover the alive hosts on the network and for that go to HOSTS ? MsfScan and enter the network range, as showin in the snapshot below:
 
Discovery module launched successfully! And here you go; you can visually see the available machines on the network, as shown in the snapshot below:
 
Target Systems –
 
Step 5: Go to Attacks ? Find Attacks?”by port”, as shown in the snapshot below:
 
Attack Analysis Completed as shown in the snapshot below:
 
Now, attack vectors will also be available in right click menu, as shown in the snapshot below:
 
Select your exploit and specify the settings for it and launch the exploit, as shown in the snapshot below:
 
Wooooaahhh!!! And here we go…..
Mission Accomplished!!
 

Keyboard shortcuts

Several keyboard shortcuts are available in the targets panel. You may edit these in the Armitage ? Preferences menu.
  • Ctrl Plus – zoom in
  • Ctrl Minus – zoom out
  • Ctrl 0 – reset the zoom level
  • Ctrl A – select all hosts
  • Escape – clear selection
  • Ctrl C – arrange hosts into a circle
  • Ctrl S – arrange hosts into a stack
  • Ctrl H – arrange hosts into a hierarchy. This only works when a pivot is set up.
  • Ctrl R – refresh hosts from the database
  • Ctrl P – export hosts into an image
Note: If you have a lot of hosts, the graph view becomes difficult to work with. For this situation Armitage has a table view. Go to View ? Targets ? Table View to switch to this mode. Armitage will remember your preference.
Image Source: http://www.fastandfreehacking.com

 

References for this article:

  1. http://www.fastandeasyhacking.com/manual#2
  2. http://www.offensive-security.com/metasploit-unleashed/Armitage_Setup


Ishan Girdhar working as a Information Security consultant. Ishan loves exploring different linux distributions. He is currently working with AKS IT Services Pvt. Ltd Noida.

Leave a Reply