Some contents are from the book: “The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”, Second Edition.

Armitage is a GUI-driven front-end which sits on top of Metasploit and gives us the ability to “hack like the movies”. Armitage is available for free and built into Kali. Official site for Armitage is http://www.fastandeasyhacking.com/.

Machine-gun style metasploit attack. No need to specify a detected vulnerability in target. After specifying a target, Armitage will: conduct port scanning to the target. Throw all known exploit modules to the target based on scanning results! Attacker can relax and wait for successful compromise.

How Armitage adds extra functions and makes it more powerful and user friendly?

It integrates nmap scan and allows us to scan network to identify live targets. One of the best and important feature is that it recommends and run active checks to all the exploits which will work.

Every pen tester/hacker needs to follow certain protocols to get as much possible information of the system the system/networks/targets/victims.

Starting Armitage in Kali Linux

Click “Connect” when a pop-up window shows after typing Armitage in cli or launch via GUI – Applications > Exploitation Tools > armitage

Select “Yes” when asking to start metasploit RPC server.

If the following message shows up, you need to run ‘/etc/init.d/postgresql start’ and then armitage.

Use Armitage to Attack Vulnerable VMs

Network scenario (all VMs runs in ‘NAT network’ network mode):

Kali Linux attacker VM:  192.168.233.133

Vulnerable Win10 VM: 192.168.233.132

Metasploitable Linux VM: 192.168.233.131

Build attack module lists

Select menu “Attacks” -> “Find Attacks”. Only scannable vulnerabilities found, not those ‘Drive-by Download’ browser bugs. Armitage is the one-stop shop for exploitation phase. It generates lot of scanning traffic!

All possible attacks are added to each target machine.

Launch Exploit(s)

In this case, we’ll do a “Hail Mary” attack.  The Hail Mary is not very stealthy because it will try every attack that Armitage thinks may work against the target.  This is not very surgical, but often effective.

Click on “Yes” to the Armitage Really?!? warning.

If one of the many attacks the Hail Mary tried works, you may get a Meterpreter session, represented graphically by the lightning looking hands around the red target:

From here you can do whatever you want…  Play around with the Shell to interact, upload, pass session, etc., from the victim:

From the shell prompt find out if you are root by typing id command. If not root, look for privilege escalation tips from exploit-db. That’s it.