Time
9 minutes
Difficulty
Intermediate

Video Transcription

00:05
hello and welcome back to breaking stuff with Joe I, as always in Europe, on Imus host Joe Berry. And today we're talking about Armitage. Now Armitage is one of the coolest pen testing tools in the world. It's absolutely fantastic, ridiculously useful, And the reason for that is because it's built on
00:22
the pen testing cool that just about everyone knows and just about everyone loves,
00:25
which is the Medicis played framework. What Armitage actually is a gooey front end for the medicine framework that has just gone way, way off into space and done so much more to build onto that framework. So what's upon a time it was just an easy point and click menu for medicine.
00:41
Now what enables Collaborative Red Team's You can all use the same session for attacks and hacking. You're basically one pen tester working through one instance of MSF,
00:49
but you're doing it with multiple users. It allows you to create maps of your target network so that you could easily tracked what you've exploited, what you're targeting, what you're working on, and it actually provides guidance through the entire process of hacking all the way from work from re Kon all the way through. The post exploitation cover attracts all of it.
01:06
Every set, privilege escalation, password cracking, network mapping.
01:08
All of it can be covered and is guided with Armitage. This tool is obviously great for pen testers. It's great for Red Team's particularly large distributed Red team's where they've got a lot of members were working on the same general target and don't necessarily have the ability to all work on one machine or or the desire to work on one machine.
01:27
It provides that awesome, collaborative ability, and it's just such a phenomenal, useful tool for that.
01:33
So we're actually going to have a couple of videos on this subject. This one is just the intruder. Armitage, where we're gonna discuss what it is, how it works. Well, actually, just kind of walk through the menus and the gooey in the process of using it. Our next videos, we're gonna talk about actual host discovery and exploitation. We're gonna get to see a couple of specific use cases
01:52
off Armitage and the medicine it framework underneath it.
01:55
So please keep watching again. This video's could be right about eight minutes long, and we're going to learn exactly how to use Armitage to enable us to break stuff every day of our lives.
02:04
So here we are on our handy dandy Callie V. M. We're gonna go ahead and jump right into Armitage. Now Armitage is one of those tools that's included with Callie, and it's a kind of a core part of what makes Callie such a great tool itself. So it's very easy tool to find in the operating system. It's generally gonna be right here, right on that sidebar on a normal insult.
02:23
Failing that, you can find it very easily in your application. You just scroll down
02:28
exploitation tools you'll see right up there at the top
02:30
to run it. You just click on it, click on the icon
02:35
and give it a couple seconds to spin up. Now this does involve spinning up the Medicis plate framework, so if you don't already have that running, it can take some time to do that.
02:44
Here you can see it's got a user name and password already enabled,
02:46
and we can act.
02:50
You can see. Like I said, if the medicinally RPC server isn't already running, it starts that up for you,
02:57
and it shouldn't take terribly long.
03:04
All right, here we are. Now that we have our framework up and running, you can see this is sort of the general good. When you first log in, you have a council down here at the bottom. That is just your medicine from war Council. You can see it's got all of the standard sort of commands that you can run the same way that you can with medicinally council. Nothing terribly special happening there.
03:22
Appear at the top. You got your Armitage menu. New connections, preferences, target view, exploit, rank
03:28
your views, the different view options you have that hosts imports it. We'll talk about it later. Video your attacks, the Hail Mary, which I don't want to spoil. But I do want to say is my absolute favorite part of this tool and will address soon. And then, of course, your workspace is and you can't show all here. And of course, we only have the one works face up.
03:47
And then, of course, the help documentation
03:53
beneath that you've got your your various menus. So you've got your exploits, which you can see here are listed based on what type of target they involved. If you wanted to find Windows exploits, for example, you just click this window's field.
04:04
You can see you've got back doors built in. You could see that you've got email attacks,
04:09
all sorts of different attack types that we'll talk about a little bit. Once we get to the Armitage exploitation video,
04:15
we do
04:15
scroll back up and collapsed that folder for us. And again, you can see there's limits. There's UNIX. There's Firefox Targeting. There's Andrew targeting. There's not a ton of apple turning. I have to give them that credit.
04:27
But there are Apple targets, so or Apple exploits rather, so it's not completely a mute below that you've got your payload. Payload is gonna be what's actually attached to the exploit. So we talked about sort of the exploitation of the hacking process. With Armitage, you're gonna select not only the exploit they're going to use against it, you're gonna decide what payload you want to pass. What Palin want to send this part of it.
04:47
And then, of course, you've got your post. This is just for again post exploitation hacking. This is the last sort of stage of the process that's really managed by Armitage. Once you've broken into your system, this is where you'll see your If you want to capture key logs, for example, or if you want to create key logs if you want to escalate your privileges as options for that
05:08
reconnaissance, anything you want to do in sort of the post exploitation phase
05:12
against your given target and again we'll walk through that a little bit more in the exploit video.
05:19
So we want to do now is we just want to get a sense of how you can actually implement some of the different abilities in Armitage and how you can actually kind of work with this doing to get a little bit more information as you're working through it. So I'm gonna expand this window over here just so we can see it a little more easily, and you could see that we have different scripts that we can create. We can add a consul, a court on a council.
05:38
We have a base consul here that we have for the medicine framework
05:41
we're able to. If we actually open up one of these auxiliaries and we say analyze,
05:46
if we actually click on that, you can see that it's gonna pop up this information and what it's gonna what this does for each of these modules is it includes the help documentation here
05:55
that tells you what the actual module is,
05:58
is four. So in this case, this is a password cracker that we used based on John the Ripper, which have seen a previous breaking stuff with Joe Video. You know just how fantastically useful that particular tool is. Have you seen that specific video? I should say? It makes use of, you know, the John the Ripper methodology to crack post GREss password hash is
06:15
so after you have already gathered these passwords, which you can do as you can see here with this
06:19
hash dump model,
06:21
it will crack those passwords now,
06:26
as it mentions here. This is a slightly slow module that's not really terribly important, but it is you. It is worth noting that a lot of the help documentation does include sort of just general information like that to help you make decisions,
06:38
has different options that you can enable or disable that you can modify so you can see here that if you just have used host names one, you can change that. I'm not going to mess with it because this isn't something that I want to use or mess up. But you have advanced options well below that that are selected when the module has created,
06:54
so you can determine whether or not you actually want to get lots of readings. For with verbosity, you determine all sorts of different options
07:00
just by configuring them in this menu. These are all the sort of configurations that you would normally be doing at the command line with medicine. But Armitage is kind enough and useful enough that it gives you the ability to do that
07:12
without having to add any special you know, any command line options.
07:16
So that was an analyse example. We could look down here, for example, at buzzers, and you can see that we've got a bunch of different buzzer types, one of the ones that's really useful. One of my favorite targeting mechanism is always to target the M s.
07:29
There are a few reasons for that. One of the simplest is just that D. N s is going to be present against pretty much every system. Pretty much everyone has to make use of Deanna's for some purpose. And even if they aren't using external d. N s that you can man in the middle there, almost certainly using some sort of internal Deanna's server that you know is accessible there has access or contact access
07:49
to essentially every single device on their network. So
07:53
I love targeting D. N s. Whenever I'm doing a test. Whenever I'm trying to find week weaknesses in the system,
07:59
de NS is pretty much the first place that I look. So you can see here that Deanna's fuzzing is an option that both the D. N s and the D N a sec level.
08:05
And of course, this worth noting, this absolutely might crash your target server of all fathers have that potential because fundamentally, we're trying to do is find weaknesses by sending bad data. But again, you can see all the options sort of the way you can configure those, and it's pretty much the same throughout all of your different modules. You might potentially load
08:24
go back to these apples that I give an example of,
08:28
you know, medicine pack or interpreter. Payloads obviously have pretty short option lists, but you can still let it those.
08:35
So that's the basics of how you can run and sort of work through the gooey of Armitage. We see here we have the different processes that explain post explication phase as well as host management. We see up here, and host management will be the subject of our next Armitage video, which, which will is uploaded at the same time this one is. So it should be right below you on our list,
08:54
and you should be able to jump right into that one.
08:56
So thank you all for watching. I really appreciate it. I know this is just sort of the introduction to Armitage. We have a couple more videos. We're gonna dig into some specific functionality. But hopefully you feel comfortable with the gooey of Armitage. You understand a little bit better howto work through it and how that process is enabled. So join us again on our next breaking stuff with video breaking stuff with Joe Video
09:16
which were in which we're gonna tackle tackle Armitage is host management functionality.
09:20
I is always a finger host Joker course are watching breaking stuff here on cyber on

How to Use Armitage - Overview (BSWJ)

Armitage is best known as the world-renowned GUI frontend for Metasploit, but it's actually so much more.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor