Part 6 - Armitage and Wrap Up
Video Activity
This lesson concludes the Armitage lesson and offers a brief summary of the entire module. Participants learn how to find vulnerabilities that can be exploited on the metasploit system using Armitage using the FTP backdoor command. This offers a small window with a description of the attack and is a relatively strong interface.
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This lesson concludes the Armitage lesson and offers a brief summary of the entire module. Participants learn how to find vulnerabilities that can be exploited on the metasploit system using Armitage using the FTP backdoor command. This offers a small window with a description of the attack and is a relatively strong interface.
Video Transcription
00:03
>> Let's go ahead and see if we can get Armitage
00:03
to exploit vulnerabilities that
00:03
we found on the most portable system.
00:03
Go to attack menu.
00:03
We can start with FTP to
00:03
VSFTPD backdoor, that's a good one to try.
00:03
Notice that it gives us a nice little window
00:03
with a description of your attack.
00:03
It's pretty decent interface.
00:03
This is a particular attack where you
00:03
can use the ability of the smiley face vulnerability.
00:03
This was built-in to
00:03
the FTP server and
00:03
it just happens to be this vulnerable version
00:03
is installed in Metasploitable.
00:03
You can double-click any of
00:03
the settings here if you want to change entities,
00:03
but because the tool already knows
00:03
my IP address and the IP address of the target,
00:03
it should just work.
00:03
It'll key in the required credentials
00:03
in order to activate the backdoor.
00:03
I'm going to check the reverse connection box.
00:03
I go to Advanced Options,
00:03
I don't think I need to mess with any of those.
00:03
Let's go ahead and launch it and see what happens.
00:03
Notice it opened up a new tab to
00:03
show the progress of the attack.
00:03
It found a shell
00:03
and it looks like it opened to a command shell.
00:03
What I can do now is go back to my console.
00:03
If I type the sessions command,
00:03
I've got session number 2,
00:03
that's the Unix shell.
00:03
Let's interact with that and see what we get.
00:03
I am root.
00:03
Look at that. Pretty great.
00:03
Notice a change in the icon
00:03
to show that the system has been
00:03
attacked [NOISE] We can
00:03
see that I'm on the Metasploitable system.
00:03
You can see my IP address. Pretty cool.
00:03
This is a lightweight GUI compared to
00:03
the web server or to the community edition,
00:03
but it is not as full-featured as I mentioned earlier.
00:03
But the basic idea here is it's just getting an idea
00:03
of how to use a tool and how to get in.
00:03
From the left side here,
00:03
we can browse our available payloads.
00:03
I know this is a Linux system for instance.
00:03
It might be a 64-bit.
00:03
We've got a few things there to peruse.
00:03
One thing I will say about this GUI is that being
00:03
able to browse all the payloads,
00:03
all of your other exploits and so on,
00:03
a per-platform basis,
00:03
it's a little bit easier to see things this way
00:03
instead of doing a search from
00:03
the command line and
00:03
scrolling around and looking through everything.
00:03
Pretty useful. Other things to think
00:03
about would be maybe trying to see
00:03
if there are some login vulnerabilities
00:03
that might be possible.
00:03
For instance, since I already know some credentials,
00:03
I should be able to get a login.
00:03
It's running as a background job.
00:03
I have command shell session number 3 open.
00:03
Now, I've got two and three,
00:03
[NOISE] now I'm logged
00:03
in as MSF admin,
00:03
but I can still use MSF admin again.
00:03
It didn't work exactly the way I wanted,
00:03
but I should be able to get
00:03
root privileges from this account.
00:03
In either case, you can see how it's fairly easy
00:03
to have the tool do a lot of the work for you.
00:03
Like the other command-line tool
00:03
or the Community Edition,
00:03
we can create workspaces.
00:03
This is handy because you might want to, for instance,
00:03
create one for your Metasploitable.
00:03
I can just add those because I already have sessions.
00:03
If you're doing a bunch of different projects
00:03
or working on several different systems,
00:03
it definitely makes sense to organize your work by
00:03
creating a workspace as we see here.
00:03
The rest of the work for this GUI,
00:03
I think you can poke around and
00:03
find a lot of the functionality,
00:03
it is pretty easy to deal with.
00:03
That basically concludes best my course.
00:03
We covered a lot of different things in this class.
00:03
We started out with discovering assets,
00:03
trying to do some scanning,
00:03
>> looking for vulnerabilities.
00:03
>> Then working our way through
00:03
a whole bunch of different techniques
00:03
for compromising the system with
00:03
the ultimate goal being getting
00:03
a Meterpreter shell as
00:03
a very flexible way to interact with the system,
00:03
basically keeping the shell and
00:03
the memory of the host that's been compromised.
00:03
We also explored in recent modules ways
00:03
to elevate your privileges as well.
00:03
If you're on a Unix system,
00:03
you want to become root, that can be possible to do.
00:03
Granted this an intentionally vulnerable system,
00:03
but with Windows VM
00:03
that we spent a lot of time working on,
00:03
we saw how you can go from
00:03
administrative account of Windows to
00:03
becoming a system-level account.
00:03
That gives a lot of flexibility for how
00:03
you're going to interact with that system.
00:03
I hope all of you enjoyed the class.
00:03
Hopefully, an advanced Metasploit class
00:03
will be coming out later this year.
00:03
See you then. Take care.
Similar Content
