Hacking with Metasploit/Armitage

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.

Hacking with Metasploit/Armitage

Postby Legu » Thu Nov 15, 2012 10:07 am

x) 1 PC with Backtrack 5, or Ubuntu/Linux with metaploit,armitage configured correctly. For beginners i highly recommend Backtrack because it has already everything that you will need.
x) Internet connection...duh (Dont forget about proxy/vpn!)
x) Vulnerable Victim (You must oviously scan and make some ressearch)
Exploiting Webservers
Metasploit: A framework for exploits/payloads etc
Armitage: A developing environment for automatized exploitation. Scan--Exploit
Backtrack: Operating system

First of all, update everything on your backtrack system. For that a lot of topics already exist, search a bit.
If everything is set up, open cmd and do the following.
1.) msfconsole

If you do this the first time, it will take a while. It will load the metasploit framework. (This framework contains tons of exploits,payloads,enconders,...) (Picture 1)
2.) armitage

It will eventually ask "to connect", just hit continue and then "yes" for the rmc server. (Picture 2)

By now, u should have the following things achived.
.) Have the ip of the victim.
.) Having a working armitage interface open. (Picture 3)

Now, you need to gather more information about ur victim. For that you will have to scan for open ports.
If you want to attack someone from you own LOCAL network, u can use "quick os detect", or just a nmap scan.
If you want to attack webservers, u probaly should use MSF SCAN.
HOSTS --> MSF SCANS --> IP[Example:, Important: "/24"] (In this example, we will exploit some random webservers from china.

If you have enough open tcp ports, you can start exploiting.
Launch a HAIL MARY ATTACK. This will attack the victim/s with every possible exploit you have. This can take long!

Once you did this, you should have succeeded [Victims marked with red lightning means that the exploit succesfully triggered the weak spot of the system].
If not, the site is not vulnarable against your exploits [NOTE: You can get new ones, from different sites, 0day exploits etc. and simply add them to your framework], or you simply fucked up smt somewhere.

Now, you have exploited the vulnerability and now you can do a lot of stuff. If you have used this against windows machines, you probaly have the meterpreter, which will allow you to use the "cmd" from your victim, take screenshots, etc etc.
If you have used this against a website, you probaly have the shell20, which allows you to modify options, upload/download etc.
Good to know:
x) You will need new exploits to be successful. So always update msfconsole (metasploit) for new exploits. You can download exploits from different sites, if needed i can make a tutorial how to implement them aswell.
x) You can run backtrack on live cd, virtual box or native. I highly recommend virtual box or native. Livecd might fuck it up with priviliges/admin rights.
If someone wants to know more about how "this" all works. how the code gets compiled,executed etc. I can make a tutorial for it too. But for beginners it is not needed and might become confusing aswell. One thing that u should know is that metasploit only accepts ruby. So if you have ur exploit written in "c" u will have to rewrite it into ruby and then u can implement it. Also, not that this is the easiest way. Sometimes it is better to execute only one exploit with metasploit (set LHOSt, RHOST, ports, art of execution, etc etc) correctly, instead of tryin everything with brute force.

INFORMATION: This tutorial is only for educational purposes. It is not legal, to attack websites, pc's etc. unathorized.
picture 3.PNG
picture 4.PNG
picture 5.PNG
User avatar
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: Hacking with Metasploit/Armitage

Postby Sethioz » Thu Nov 15, 2012 11:04 am

this looks quite good, however i have MOVED the topic, basically it is tutorials (where you put it), but mostly it is hacking / exploiting, so its better off being in Darkside.

i might take a look into this and write wiki article out of this.
User avatar
Posts: 4764
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Return to PC / Website / Console / Others > Hacking / Cracking / Exploits / Research

Who is online

Users browsing this forum: No registered users