Skip to main content

Metasploit (Armitage) start up

By RoCk StAr DeViL

Step 1: Download Armitage

The first step, of course, is to download Armtage. If you have BackTrack or the early versions of Kali, you probably don't have Armitage, but you can get it from Armitage's website.

Click on the download button and it will pull up the following webpage. Make certain that you download the Linux version.

Another download option includes using the command line tool aptitude. Just type the following to install it.

kali apt-get install armitage

In addition, you can also use the GUI-based tool in Kali, the "Add/Remove Software," and search for "Armitage."

Step 2: Start Metasploit

Once you have Armitage downloaded onto your system, the next step is to start Matsploit. Make certain the postgreSQL server is started by typing:

kali > service postgresql start

Now, start Metasploit by typing:

kali > msfconsole

Step 3: Start Armitage

Armitage uses a client/server architecture where Metasploit is the server and Armitage is the client. In essence, Armitage is a GUI client that I can interact and control the Metasploit server.

Start Armitage in Kali by typing:

kali > armitage

When you do so, you will see the following screen.

If you are running Metasploit from your "home" system, leave these default setting and click "Connect." If you want to run Armitage on a remote system, simply put the IP address of the system running Metasploit in the window asking you for the "Host."

Step 4: Start the RPC Server

Armitage connects to an RPC server in order to control Metasploit. You are likely to see the following screen after starting Armitage.

In some cases, it make take awhile to connect, such as in the screen below.

When Armitage finally connects to Metasploit's RPC server, you will greeted with the following screen.

Success! You are now running Metasploit from an easy to use GUI.

Step 5: Explore Armitage

Notice in the upper left-hand corner of the Armitage screen, you can see folders. These folders contain four types of Metasploit modules;

auxiliaryexploitpayloadpost

If you have read my earlier Metasploit tutorials, you know that this is how Metasploit organizes its modules. For the beginner, the exploit and payloadmodules are the most important.

We can expand the exploit modules directory by clicking on the arrow head to its right. When we do so, it expands and show us its contents.

It categorizes the exploits by the type of operating system (OS) they are designed for, such as Windows, BSD, Linux, Solaris, etc. Remember, exploits are specific to an operating system, an application, ports, services, and sometimes even the language. If we scroll to the Windows subdirectory and expand it, we see all the Windows exploits categorized by type.

Now, when we are looking for an exploit to use on a particular system with a particular vulnerability, we can simply point and click to find it.

Step 6: Hail Mary!

Nearly everything you can do with the Metasploit console, you can with Armitage. There is one thing though that you do with Armitage that you cannot do with msfconsole (at least without scripting). That one thing is to throw the Hail Mary! The Hail Mary is where Armitage will throw every exploit it has against a site to see whether any of them work.

Simply go to the "Attacks" menu at the top of Armitage and select "Hail Mary." When you click on it it warns you like in the screen below.

This wouldn't really be effective in a hacking environment as its far from stealthy. It will create so much "noise" on the target that you will likely be detected immediately, but in a lab or pentesting environment, it can be useful to try numerous attacks against a target a see which, if any, will work.

Armitage enables the aspiring hacker to quickly grasp the basics of Metasploit hacking and begin to use this excellent and powerful tool in very short order. We all owe Raphael Mudge a debt of gratitude for developing and giving away this excellent piece of software!

Comments

Post a Comment

plz add ur comment here

Popular posts from this blog

Upcoming Book- Kali Linux Revealed: Mastering the Penetration Testing Distribution

By RoCk StAr DeViL
More exciting news! In the past year, Kali Linux Official Team has been working internally on an Official Kali Linux book – Kali Linux Revealed: Mastering the Penetration Testing Distribution . This is the first official Kali book from Offsec Press , and is scheduled for release on June 5th, 2017 . Kali Linux Revealed will be available in both hard copy and online formats. Keeping the Kali Linux spirit, the online version of the book will be free of charge, allowing anyone who wishes to hone their skills and improve their knowledge of Kali to do so at no cost. This book, together with our official Kali documentation site will encompass the body of knowledge for the Kali Linux Certified Professional   (KLCP) .
1 comment
Read more

Wordpress hacking - How to install / run wpscan on windows xp / windows 7 / windows 10

By RoCk StAr DeViL
HOW TO RUN WPSCAN ON WINDOWS Byrockstardevil Requirements: rubyinstaller Development Kit for rubyinstaller curl DLL for windows : libcurl.dll 1 - install rubyinstaller you must have Ruby 2.2.3 version . download links here : http://rubyinstaller.org/downloads/ for more info : https://github.com/oneclick/rubyinstaller/wiki 2 - install Development Kit for rubyinstaller download link : http://rubyinstaller.org/downloads/ how to install : https://github.com/oneclick/rubyinstaller/wiki/Development-Kit if you face that problem  "unknown encoding name -  (ArgumentError)" just type "chcp 1252" in cmd and hit enter 3 - install libcurl.dll A - Download libcurl.dll from : http://www.confusedbycode.com/curl/ B - copy libcurl.dll copy  libcurl.dll into ruby bin folder or wpscan folder and make sure to add it to your PATH. I also added .DLL to PATHEXT ex : C:\Ruby21-x64\bin\ you can visit : http://www.computerhope.com/issues/ch000549.htm to know to set the p
2 comments
Read more

How To Generate Random IP Address Using JAVA ?

By
Today I'll Show You How To Generate Random IP Address... But First Why I Want This...Right...? Ans : If You Want Test Your Code That Whether It Is Recognizing The Machine By It’s IP Address Then You Had To Use This Code To Generate Random IP Address. So Here We Goooo.... private String generateIPAddress ( int p1 , int p2 , int p3 ) { StringBuilder sb = null ; Random r1 = new Random (); Random r2 = new Random (); Random r3 = new Random (); Random r4 = new Random (); String ip1 = Integer . toString ( b1 ); String ip2 = Integer . toString ( b2 ); String ip3 = Integer . toString ( b3 ); String ip4 = Integer . toString ( b4 ); String b1 = IpConverter . longToIp ( r1 . nextLong ()); String b2 = IpConverter . longToIp ( r2 . nextLong ()); String b3 = IpConverter . longToIp ( r3 . nextLong ()); String b4 = IpConverter . longToIp ( r4 . nextLong ()); //Now the I
3 comments
Read more