Armitage is a GUI interface for Metasploit. Armitage allows you to easily scan hosts for vulnerabilities and exploit these vulnerabilities. ties with only a few clicks. This video is going to be very special. In this video, we are going to scan vulnerabilities using Armitage.
Vulnerability Scanning Using Armitage
Our Goal: Scan the Metasploitable host for vulnerabilities and exploit one of these vulnerabilities to gain access to the machine.
Step
1: Start the Metasploitable server by clicking on
the virtual box icon and selecting. Select the Metapsloitable virtual machine and
press the play button.
Step 2: Click on the Armitage icon.
Actually, this is not now available on the latest Kali. So you have to install it. To install Armitage just type a command, apt-get install Armitage. To run type, Armitage.
Step 3: You should see the setup screen. Click connect.
Step 4: If you get a pop-up asking you to start the Metasploit RPC server. Click Yes. (Armitage communicates with Metasploit using the RPC server). If you get this pop-up “I can not find a database.yml file. I really need it”. Open the terminal and type, msfdb init. It may take a couple of seconds. Now we have to initialize the Metasploitable database by running, msfdb reinit. It may also take a couple of seconds.
Now we are going to run again. Before running Armitage, Run these two commands. The first one is:
If everything is working, well you should get the following screen.
So this is the Armitage GUI. Let’s take a tour. It is divided into three-part. The center part is used to visualize the target. Down here is the console. Every command will appear here. On the left side, here is a module that consists of an auxiliary module, exploit module, payloads, post.
Step 5: Once you have successfully set up Armitage, you will need to discover the machines that you would like to scan for vulnerabilities. You can do this using the netdiscover tool from lab one. Or you can use the Armitage discovery tool. Click on Hosts→Scan→Quick Scan.
Step 6: To ensure that we don’t attack uninterrupted machines on our network we will manually add the IP address of our Metasploitable machine to our Armitage workspace.
You will get a pop-up that asks you for the range of IP Addresses that you want to scan. This takes IP Address in Cedar notation, for example, 192.168.56.100/24 IP Version 4 Address is a 32-bit address. This notation means that you should keep the first 24 bits static and vary the remaining 8 bits to search for hosts.
Enter the following IP Address range in the box. [Your-IP address]/24. Remember from the first lab that it is possible to get your IP address by running the ifconfig command.
Once your scan has been completed you notice that too many target icons will appear with their IP address.
Now I don’t want all these targets, so I want to clear the targets, so click on hosts and clear the database. We have already know our IP address, I want to check the Operating System used in that target machine. So click on Host → Scan→Quick Scan (OS detect).
Once your scan has been completed you notice that Armitage has discovered the Metasploitable host.
Step 7: You will notice that one of the machines has the same address and the Metasploitable host from the first lab. Write click on this machine and select scan. Once you have completed the scan you will see a list of open ports on the machine.
Step 8: Now that we have discovered some hosts and some open ports the ports. Let’s scan them for vulnerabilities. Click on the host that you want to scan. It will be highlighted by a green box. Then click on Attacks→find Attacks.
Step 9: Once the vulnerabilities scan has been completed you will see the exploitable vulnerabilities by right-clicking on the host and selecting Attacks. You can try any of these attacks.
Exploiting a host using Armitage
Step 1: Click on the FTP attack. This will show you a description of the attack.
When Armitage attacks a host it uploads a payload that allows you to control the host. This payload needs to be configured so that it can connect to your machine so you can control it and in turn control the infected host.
Each parameter in the table is explained as:
- LHOST: The IP Address of the controlling machine
- LPORT: The port on the controlling machine.
- RHOST: The IP Address of the host being attacked.
- RPORT: The port used by the payload In a Reverse Connection.
The attacked host will start the connection.
Step 2: Click launch to launch the attack. Once your host is comprised the host icon will change to like this.
Step 3: You can now get shell access on the machine by right-clicking on the host and selecting shell1 → interact. A Linux shell will appear in the bottom section of Armitage.