Chapter 3 Armitage: Easily Identify and Exploit Vulnerabilities

Technology is nothing. What’s important is that you have a faith in
people, that they’re basically good and smart, and if you give them
tools, they’ll do wonderful things with them . - Steve Jobs

3.1 Background

Great so we can use netdiscover to find machines. But how do we know what vulnerabilities exist on these machines? In the previous lab we told you what vulnerabilities existed, but how do you discover and exploit these on your own. This is where Armitage comes in, Armitage is a GUI interface for Metasploit (a tool we will look at in a later lab). Armitage allows you easily scan hosts for vulnerabilities and exploit these vulnerabilities with only a few clicks.

3.2 Vulnerability Scanning Using Armitage

Goal:Scan the Metasploitable host for vulnerabilities and exploit one
these vulnerabilities to gain access to the machine.

Step 1: Start the metasploitable server by clicking on the virtual box icon and select. Select the Metapsloitable virtual machine and press the play button.

Step 2: Click on the Armitage icon.

Step 3: You should see the setup screen show below. Click connect.

Armitage Setup Screen

FIGURE 3.1: Armitage Setup Screen

Step 4: If you get a pop up asking you start Metasploit RPC server. Click Yes. (Armitage communicates with Metasploit using the RPC server). If everything is working, well you should get the following screen.

Armitage Screen Starting Screen

FIGURE 3.2: Armitage Screen Starting Screen

Step 5: Once you have successfully setup Armitage, you will need to discover the machines that you would like scan for vulnerabilities. You can do this using the netdiscover tool from lab one. Or you can use armitage discovery tool. Click on Hosts→Scan→Quick Scan OS Detect.

The figure show an example of running the quick scan

FIGURE 3.3: The figure show an example of running the quick scan

Step 6 To ensure that we don’t attack unintented machines on our network we will manual add the ip-address our metasploitable machine to our armitage workspace.

Step A: You will get a pop up that asks you for the range of IP Addresses that you want scan. This takes IP Address in Cidar notation, for example 192.168.1.0/24. IP Version 4 Address are 32 bit address. This notation means that you should keep the first 24 bits static and vary the remaining 8 bits to search for hosts. Enter the following IP Address range in the box.[Your-Ipddress]/24. Remember from the first lab that it possible to get your IP-address by running the Ipconfig command.

Step B: Once your scan has completed you notice that Armitage has discovered the metasploitable host.
The figure above shows the results of the Armitage scan

FIGURE 3.4: The figure above shows the results of the Armitage scan

Step 7 You will notice that one of the machines as the same address and the metasploitable host from the first lab. Write click on this machine and select scan. Once you have completed the scan you will see a list of open ports on the machine.

Step 8: Now that we have discovered some hosts and some open ports the ports. Let’s scan them for vulnerabilities. Click on the host that you want to scan. It will be highlighted by a green box. The click on Attacks→find Attacks.

A Hail Mary Attack tries every attack in an attempt to break into to
the system.

Step 9: Once vulnerabilities scan has completed you will see the exploitable vulnerabilities by right clicking on the host and selecting Attacks. The image below shows the ftp attack from our first lab.

The figure above shows how to execute the vftpd vulnerability

FIGURE 3.5: The figure above shows how to execute the vftpd vulnerability

3.3 Exploiting a host using Armitage

Step 1: Click on the ftp attack. This will show you a description of the attack.

When Armitage attacks a host it uploads a play-load that allow you
to control the host. This payload needs to be configured so that it can
connect to your machine so you can control it and in turn control the
infected host.
The figure above shows the description of the attack

FIGURE 3.6: The figure above shows the description of the attack

Each parameter in the table shown in the figure above is explained below

  • LHOST : The IP Address of the controlling machine
  • LPORT : The port on the controlling machine.
  • RHOST : The IP Address of the host being attacked.
  • RPORT : The port used by the payload

In a Reverse Connection The attacked host will start the connection

Step 2: Click launch to launch the attack. Once you host is comprised the host icon will change to

Step 3: You can now get shell access on the machine by right clicking on the host and selecting shell1→interact. A Linux shell will appear in the bottom section of Armitage.

The figure above shows how to get shell access.

FIGURE 3.7: The figure above shows how to get shell access.

Step 4 You should terminal open up at the bottom on the window. Type the ls command in this window.

Step 5: We have hidden a file in Metasploitable server called level002.txt. See if you can read the contents of file. It you are able to find this post the content to our Facebook wall.

Fix:Patch, Patch, Patch. The way to prevent attacks like the one above
is ensure that your software is always update. So that the system does
not contain any known vulnerabilities.