Make Metasploit Easy With Armitage - Page 2
Populating the Targets panel.
The first job in any penetration test is to do some reconnaissance and establish what hosts are present on the network, along with which operating systems they are running. Armitage makes this simple by enabling you to launch an Nmap scan directly from within Armitage itself.
To launch a scan:
- Select Nmap Scan from the Hosts menu, and then select the type of scan you wish to perform. Choices include Intense Scan, Quick Scan (OS detect) and Comprehensive.
- Select a range of IP addresses to scan
A few seconds after the scan is complete, Armitage will populate the Targets panel with icons representing any hosts that it finds, and the operating systems they are running (if it is able to identify them.) Further Nmap scans, or MSF scans (which can also be launched from the host menu) may be able to determine the operating systems of hosts that can't immediately be ascertained.
Choosing an attack
Once you have a list of hosts on your network, the tricky bit is knowing which attacks to attempt to test if any of these hosts are vulnerable. Armitage simplifies this by matching available Metasploit exploits to open ports (or vulnerabilities if a vulnerability scan has been imported.)
To find suitable attacks for a given host:
- Click on your chosen host to select it, then select "Find Attacks - by port" from the Attacks menu
- After a few seconds, an Attack Analysis Complete message will appear:
- An Attack option will appear when you right click on your chosen host, displaying suitable attacks organized into categories (such as http, iis, smb) that may be able to compromise the host, if the attacks are run.
Launch an attack:
- To launch an attack, simply click on it.
- Armitage will present an attack dialog box with the name of the attack, and with all the variables needed for the attack automatically filled in. Clicking Launch will start the attack.
Running "check exploit"
If a large number of possible attacks are presented to you for a given category (such as http,) you can also choose "check exploit" - the final entry in the Attack menu. This will check each attack - if it can - and report back either "The target is not exploitable", "This exploit does not support check", or "The target is vulnerable" with the name of the exploit in question.
Once you have run "check exploit" you can easily find any individual attacks that Armitage has determined will work by typing Ctrl F and searching for the word "vulnerable".