1 / 26

Armitage

Armitage. A Power User’s Interface for Metasploit. Overview. What is Armitage? User Interface Reconnaissance and Host Management Attack Post-Exploitation Maneuver Reporting. What is Armitage?. User interface for Metasploit Red Team collaboration Advanced Post-exploitation

tucker
Download Presentation

Armitage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Armitage A Power User’s Interface for Metasploit

  2. Overview • What is Armitage? • User Interface • Reconnaissance and Host Management • Attack • Post-Exploitation • Maneuver • Reporting

  3. What is Armitage? • User interface for Metasploit • Red Team collaboration • Advanced Post-exploitation • Time Saving Automation • Fast moving: 30+ Updates in 2011 • Distributed with Metasploit • BackTrack Linux Recommended

  4. User Interface • Visualize targets • Find the right module • Work on multiple things

  5. User Interface

  6. Reconnaissance • Launch NMap • db_nmap • Hosts -> NMap Scans • Not pivot friendly!

  7. Reconnaissance • MSF Scans • Launches 20+ Metasploit Auxiliary Modules • Works through a pivot

  8. Reconnaissance • NetSparker • NeXpose • Nmap • OpenVA • Qualys • Retina • Import Hosts • Acunetix • Amap • Appscan • Burp Session • Foundstone • IP360 • Microsoft Baseline Security Analyzer • Nessus

  9. Host Management • Table View • Displays hundreds of hosts • Same information as graph view

  10. Host Management • For large networks, use dynamic workspaces • Group hosts by: • Network • Open services • Operating system • Session status • Use Workspaces menu to switch

  11. Attack: Remote Exploits • Search for exploits • Use module browser • Exploit recommendations • Attacks -> Find Attacks • “Hail Mary” • Smarter db_autopwn

  12. Attack: Remote Exploits

  13. Attack: Client-side • Search for module • Optional: configure payload • Launch module

  14. Attack: Client-side • Search for module • Optional: configure payload • Launch module

  15. Attack: Client-side • Search for module • Optional: configure payload • Launch module

  16. Attack: Client-side • Search for module • Optional: configure payload • Launch module

  17. Post Exploitation • Spy on the user • Screenshots, webcam, key logging • Access the file system • Upload, download, TIMESTOMP • Escalate your privileges • Token stealing, local exploits

  18. Post Exploitation

  19. Maneuver • Host Discovery: ARP Scan • Pivoting Setup • Metasploit Scans

  20. Maneuver • Host Discovery: ARP Scan • Pivoting Setup • Metasploit Scans

  21. Maneuver • Host Discovery: ARP Scan • Pivoting Setup • Metasploit Scans

  22. Maneuver: Pass the Hash • Use password hashes to authenticate as a user • Requires an Active Directory domain

  23. Maneuver: Pass the Hash • Use password hashes to authenticate as a user • Requires an Active Directory domain

  24. Reporting • Activity Logs • All console tabs logged • Organized by host/date • Export Data • TSV and XML output of most data • Quick Screenshot • Grab a screenshot of any tab

  25. Summary • What is Armitage? • User Interface • Reconnaissance and Host Management • Attack • Post-Exploitation • Maneuver • Reporting

  26. Where to next? • Armitage Homepage • http://www.fastandeasyhacking.com/ • Twitter • @armitagehacker

More Related