Part 5 - Armitage
Video Activity
This lesson covers the Armitage GUI. This GUI is a command line for metasploit. This lesson shows Armitage service capabilities. Participants learn how to do a scan to discover hosts on the current network. Also covered is the NMAP scan which shows the capabilities of the VMs on the network.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson covers the Armitage GUI. This GUI is a command line for metasploit. This lesson shows Armitage service capabilities. Participants learn how to do a scan to discover hosts on the current network. Also covered is the NMAP scan which shows the capabilities of the VMs on the network.
Video Transcription
00:04
>> Welcome to the last module of the course,
00:04
where we're going to have a look at the Armitage GUI.
00:04
This is another graphical front end for Metasploit.
00:04
I personally like the command line
00:04
best as I've said on a few occasions.
00:04
If I do have to use a GUI,
00:04
I think the community edition
00:04
is probably the better choice.
00:04
It's more modern.
00:04
It's being maintained and
00:04
there's a lot more bug fixes and so on.
00:04
If you're really interested in
00:04
a true production environment
00:04
where you're going to be using the tools a lot,
00:04
the community edition through the book,
00:04
web browser is probably the best choice.
00:04
That being said, let's have a look around
00:04
at Armitage and explore some of its capabilities.
00:04
If you recall, we did poke around a little bit with
00:04
this GUI at the beginning of the course.
00:04
But if you haven't followed through all the lessons,
00:04
then this is a nice little refresher.
00:04
Armitage can be launched from
00:04
the icon on your quick launch bar,
00:04
or you can just type Armitage from the command line.
00:04
The default settings are fine to use.
00:04
Frequently, you'll get a Metasploit RPC server
00:04
is not running message.
00:04
You can script this
00:04
so that this starts every time you boot.
00:04
But if not, then go ahead and click "Yes".
00:04
Usually takes a few seconds for the connection to happen.
00:04
There we go. That's strange,
00:04
doesn't know my IP address.
00:04
Okay, I can type that in. [NOISE]
00:04
It started up full-screen mode,
00:04
I guess we'll just keep it there,
00:04
we have a lot of room to poke around.
00:04
One of the first things that you might want to do
00:04
is add some hosts,
00:04
do a scan and
00:04
discover the hosts that are on your current network.
00:04
I need to resume this VM.
00:04
One thing I didn't point out in
00:04
a previous section is one of the VMS that
00:04
I've been using for this class is from Microsoft.
00:04
If you go to TechNet,
00:04
you can download Virtual Machines for testing browsers.
00:04
For browser developers or for website developers,
00:04
you can download these VMS from Microsoft.
00:04
They're free, they work for 90 days,
00:04
and [NOISE] you can
00:04
see I've got 86 days left on my license.
00:04
The downside though, is that
00:04
the VM will pause itself after,
00:04
I think it might only be a 30-minute window.
00:04
Unless you're using it continuously, it'll pause itself.
00:04
You have to remember that when you're working with these.
00:04
But it is a licensed version of Windows 7,
00:04
you can also get Windows 8 and I think
00:04
>> Windows 10 as well.
00:04
>> A good thing to look at, just do
00:04
a search for free Microsoft VMS,
00:04
or go to the TechNet website
00:04
you'll figure it out from there.
00:04
Anyway, it makes a good target because you can turn off
00:04
patching and make the VM worthwhile,
00:04
that was the VM that was being
00:04
compromised through most of
00:04
the previous modules that we covered.
00:04
Back to our initial task.
00:04
One thing we can do is a quick NMAP scan.
00:04
We can just do a scan to detect
00:04
the operating systems of
00:04
whatever VMs we can find on the network.
00:04
I'm going to go ahead and do a full network scan.
00:04
It will take a few moments,
00:04
but on the subnet that I'm on,
00:04
it should at least discover
00:04
the two VMs that I've been working
00:04
with for the majority of this course,
00:04
Metasploitable and a Windows VM.
00:04
Actually, I have two Windows VMs.
00:04
Now, just one. That's fine.
00:04
A scan takes a little bit to run.
00:04
Here we go, we're getting some results.
00:04
Once that happens,
00:04
my host window should populate
00:04
with icons showing me
00:04
the operating system that it thinks it discovered.
00:04
I can see I've got a Windows VM here, Linux VM,
00:04
and we get hopeful message saying that we
00:04
can use find attacks
00:04
to see if there are
00:04
suitable attacks for these particular targets.
00:04
We can just right-click, I'm sorry,
00:04
not right-click, single click to select "find attacks".
00:04
As well as doing this as just to see what comes up.
00:04
It checks against the exploits database,
00:04
and now I should see an attacks menu here, which I do.
00:04
It found quite a few.
00:04
One hundred and thirty-four
00:04
should be metasploitable, it is.
00:04
Oops.
00:04
One hundred and thirty-one,
00:04
it also have discovered attacks for this.
00:04
Not quite as many because
00:04
it's not really an intentionally vulnerable system,
00:04
it's just a VM that,
00:04
as I was saying, came right from Microsoft.
00:04
But I haven't patched it to anything
00:04
so most likely there are
00:04
some attacks here that are still viable.
00:04
We've got a couple of host to work with now.
00:04
With the attacks menu built-in,
00:04
there are certainly lots of things to explore.
00:04
Just scrolling through a bunch of these here.
00:04
This is a huge time-saver since you don't have to go
00:04
through and manually discover
00:04
all this information on your own.
00:04
Another thing that we can look at
00:04
for these different systems that
00:04
were discovered is we can view the services.
00:04
I've only found a couple of services running
00:04
on the Windows 7 VM,
00:04
and I want to remove
00:04
this host because this is my gateway.
00:04
I don't need to see this one.
00:04
Quite a few services were discovered
00:04
on the Metasploitable system.
00:04
We get the usual information you'd expect to see.
00:04
Again just from a simple NMAP scan,
00:04
it's more or less what you're looking at.
Up Next
Similar Content
