Hacking with Metasploit/Armitage

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Legu
Allie
Allie
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Hacking with Metasploit/Armitage

Post by Legu »

Requirements:
x) 1 PC with Backtrack 5, or Ubuntu/Linux with metaploit,armitage configured correctly. For beginners i highly recommend Backtrack because it has already everything that you will need.
x) Internet connection...duh (Dont forget about proxy/vpn!)
x) Vulnerable Victim (You must oviously scan and make some ressearch)
Goal:
Exploiting Webservers
Definitons:
Metasploit: A framework for exploits/payloads etc
Armitage: A developing environment for automatized exploitation. Scan--Exploit
Backtrack: Operating system

First of all, update everything on your backtrack system. For that a lot of topics already exist, search a bit.
If everything is set up, open cmd and do the following.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1.) msfconsole

If you do this the first time, it will take a while. It will load the metasploit framework. (This framework contains tons of exploits,payloads,enconders,...) (Picture 1)
Image
2.) armitage

It will eventually ask "to connect", just hit continue and then "yes" for the rmc server. (Picture 2)
Image

2.1)
By now, u should have the following things achived.
.) Have the ip of the victim.
.) Having a working armitage interface open. (Picture 3)

Image
Now, you need to gather more information about ur victim. For that you will have to scan for open ports.
If you want to attack someone from you own LOCAL network, u can use "quick os detect", or just a nmap scan.
If you want to attack webservers, u probaly should use MSF SCAN.
HOSTS --> MSF SCANS --> IP[Example: 222.11.120.122/24, Important: "/24"] (In this example, we will exploit some random webservers from china.

2.2)
If you have enough open tcp ports, you can start exploiting.
Launch a HAIL MARY ATTACK. This will attack the victim/s with every possible exploit you have. This can take long!
Image

2.3)
Once you did this, you should have succeeded [Victims marked with red lightning means that the exploit succesfully triggered the weak spot of the system].
Image
If not, the site is not vulnarable against your exploits [NOTE: You can get new ones, from different sites, 0day exploits etc. and simply add them to your framework], or you simply fucked up smt somewhere.

2.4)
Now, you have exploited the vulnerability and now you can do a lot of stuff. If you have used this against windows machines, you probaly have the meterpreter, which will allow you to use the "cmd" from your victim, take screenshots, etc etc.
If you have used this against a website, you probaly have the shell20, which allows you to modify options, upload/download etc.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Good to know:
x) You will need new exploits to be successful. So always update msfconsole (metasploit) for new exploits. You can download exploits from different sites, if needed i can make a tutorial how to implement them aswell.
x) You can run backtrack on live cd, virtual box or native. I highly recommend virtual box or native. Livecd might fuck it up with priviliges/admin rights.
If someone wants to know more about how "this" all works. how the code gets compiled,executed etc. I can make a tutorial for it too. But for beginners it is not needed and might become confusing aswell. One thing that u should know is that metasploit only accepts ruby. So if you have ur exploit written in "c" u will have to rewrite it into ruby and then u can implement it. Also, not that this is the easiest way. Sometimes it is better to execute only one exploit with metasploit (set LHOSt, RHOST, ports, art of execution, etc etc) correctly, instead of tryin everything with brute force.

INFORMATION: This tutorial is only for educational purposes. It is not legal, to attack websites, pc's etc. unathorized.
Attachments
pic1.PNG
pic2.PNG
picture 3.PNG
picture 4.PNG
picture 5.PNG
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: Hacking with Metasploit/Armitage

Post by Sethioz »

this looks quite good, however i have MOVED the topic, basically it is tutorials (where you put it), but mostly it is hacking / exploiting, so its better off being in Darkside.

i might take a look into this and write wiki article out of this.
Post Reply