Category: Hacking Tools

Posted on by

Beginners guide to armitage

Hello, aspiring ethical hackers. In this blogpost, you will learn about Armitage. Armitage is the GUI (graphical user interface) version of the fantastic pen testing tool Metasploit. We all know Metasploit is an awesome tool for pen testing. However awesome it is, we need to type each and every command to run the exploit. What if we all can do the same pen testing with clicks and right clicks. There you have your answer, Armitage.

Armitage is installed by default in Kali Linux and it can be started using command “Armitage”. If it is not installed, ask itself to install it while the system prompts you to.

Armitage 1
Armitage 2

Armitage uses PostgreSQL database. So, we need to start the PostgreSQL service as shown below.

Armitage 2a

We also need to start the msfdb service.

Armitage 2b

Now, you are all ready to start Armitage, Type the same command you typed at the beginning “armitage” and you should see this. Armitage needs to connect to the Metasploit RPC server to work. Click on “Connect”.

Armitage 3

If you get the message shown below. Click on “yes”.

Armitage 4

If you get the message shown below, just hang on. Things may change soon.

Armitage 5

As shown below.

Armitage 6

If everything went right, you should see the window shown below.

Armitage 8

Welcome to Armitage, If you can see, Armitage has three sections. Section 1 should be familiar to you. The names should remind you of Metasploit. That’s because, that is exactly that but in graphical format. Section 2 is where you can see the visual display of Armitage, The visual representation of the network you are trying to pen test or hack is shown here. Section 3 named “console” is “metsaploit” itself. Now that you are familiar with all the sections of Armitage, let’s see the menus of Armitage.

Armitage 9
Armitage 10
Armitage 11
Armitage 12
Armitage 13

To start with Armitage, let’s first add our own attack machine to the display. To do this, we need to go to “Host” menu and click on “Add Host”.

Armitage 14

In the small window that is opened, add the IP address of the attacker machine and click on “Add”.

Armitage 15

Now, Armitage looks like this with our attacker machine shown on display. Now, let’s add the OS and give a name to our Attacker system so that we can easily detect it.

Armitage 16

Right click on the attacker system. Go to Host>Operating system>Linux as shown below.

Armitage 17

Similarly, to give name to your attacker systems, go to Host>set label. I named it Kali.

Armitage 18
Armitage 19

Since the attacker system is ready, we now need target system. For this tutorial, we will be using Windows XP SP2 as target. To get the target on armitage, all we need to do is perform a ping scan to detect the LIVE systems on the target network. To do this, go to Host menu> Nmap scan>Ping scan as shown below.

Armitage 20

Enter the IP address range to scan. This information is usually obtained during footprinting. You want to scan for LIVE systems.

Armitage 21

As soon as the scan is complete, the LIVE targets are displayed on the display of Armitage and you will be prompted with a message as shown below.

Armitage 22

As you can see here, the Ping scan as usual failed to detect the operating system of the target and even open ports too. Next, let’s scan for open ports on the target. To do this, go to Hosts>Nmap> Quick Scan.

Armitage 23

All the actions you perform are shown in console section. From the same menu, lets perform a comprehensive scan to detect the operating system of the target.

Armitage 24
Armitage 25

This time the operating system of target system id detected as Windows Next stage is to find some attacks related to it. To do this, go to Attacks menu>Find attacks.

Armitage 26
Armitage 27

As the message in the above image says, you will find a new menu named “Attack” on the target system now. If you don’t find the “Attack menu” on the target system, go to Armitage menu >Set Exploit rank. Set it to “poor” as shown below.

Armitage 28
Armitage 29

Find attacks again. This time you will see an Attack menu on the target system.

Armitage 30

Go to Attack menu and you will see all the exploits we can use on the target.

Armitage 31

I select the infamous ms08_067 vulnerability.

Armitage 32

A new window opens. This is just like the options on Metasploit whenever you load an exploit. The only difference is, here it is in graphical mode and you don’t have to change anything.

Armitage 33

Just click on “Launch”. If the target system is compromised, then the look of the target system changes as shown below.

Armitage 34 1
Posted on by 2 Comments

Complete guide to Nmap port scanner

Hello, aspiring ethical hackers. This blogpost is a complete guide for using Nmap (Network Mapper). It is a popular and open source utility used for port scanning and network discovery by network administrators and pen testers. It uses real IP packets in novel ways to determine the LIVE hosts on the networks, open ports, the services they are running, type of firewalls in use etc. It is available for all major operating systems like Linux, Windows and Mac OSX.

We are using it on Kali Linux where it is installed by default. Let’s begin with how to specify targets while scanning.

Target specification

1. Provide input through a list:

nmap -iL <input filename>

This option reads targets from a specific file. Let’s create a file named alpha with a few newline separated or tab-limited or space separated IP addresses using vi on Desktop.

Nt1

Then, move to Desktop directory and type the command as shown below. It scans the four IP addresses listed in our file.

Nts2

2. Specify random hosts to scan:

nmap -iR <number of hosts>

This option is used to specify random hosts to scan. Nmap generates its own targets to scan. The <number of hosts>argument tells nmap the number of IP’s to generate. Let’s type command as shown below.We can see that it generated five random targets to scan. The scan failed to determine route to the generated IP addresses because my system is not connected to Internet. Why didn’t it generate any internal IP addresses? Because in this scan private, multicast and unallocated address ranges are automatically skipped.

Nts3

3. Scan the entire subnet:

nmap <IP address/dir>

This option is used to scan the entire subnet. Assuming you know CIDR let’s type the command as shown below to scan eight IP addresses from 10.10.10.1 to 10.10.10.8 and see the result below.

Nts4

4. Exclude some hosts and networks:

nmap [targets] -exclude [targets]

This option specifies a comma separated list of targets to be excluded from the scan even if they are part of overall network range we specify. For example, in our previous scan we saw that one host 10.10.10.2( which is the system I am working on) is alive. Now I decided to exclude that host and another host from the scan. So I type the command as shown in the image given below and press “Enter”. We can see that nmap has only scanned six IP addresses.

Nts5

5. Take the exclusion list from a file:

nmap [targets] -excludefile [file name]

Now what if the subnet was very big and there are more number of hosts to be excluded from the scan. The above option helps us to achieve this. Remember the file “alpha”( with four IP addresses) we created. Now let’s specify nmap to quit scanning the hosts listed in the file. Type the command as shown below. We can see that it scanned only four hosts in the subnet.

Nts6

6. Scan specific targets:

nmap [target1 target2 target3]

This option specifies nmap to scan multiple targets separated by space. Type the command shown below . We can see the result below.

Nts7

Scan types

Nmap is equipped with a variety of scans to detect open ports and services on the target system. Learn about Nmap’s various port scan techniques here.

Scan results

Nmap classifies the ports it scans into six categories. They are open, closed, filtered, unfiltered, open/filtered and closed/unfiltered. In which cases does Nmap classify a port as one of the above. Learn in port scan results of Nmap.