Armitage is basically an easy way to use Metasploit with a fancy GUI that makes your work much easier
In this tutorial you will learn how to use Armitage in order to try to gain access to machines in your network
Color codes:
● Red - Important
● Blue - Steps
● Yellow- Link
Requirements:
[Optional] ● Backtrack 5 - Download it here
● Armitage - Download it here
Important Information:
▸ This guide is VERY detailed, so anyone can follow it
▸ The tutorial was done using Backtrack 5 R2
▸ This will cover the basic "Hail Mary" attack
▸ Hail Mary: to run on each machine all it's possible exploits
Step 1:
Open Armitage
![[Image: KNfyH.png]](http://i.imgur.com/KNfyH.png)
Step 2:
Click "Connect" (image 1) and then "Yes" (image 2)
![[Image: jyxPt.png]](http://i.imgur.com/jyxPt.png)
![[Image: Uz8ms.png]](http://i.imgur.com/Uz8ms.png)
Step 3:
Select "Quick Scan (OS Detect)"
Note: You can perform any scan you want.
I recommend this one because it's fast and effective
I'm working with only a few machines here. With 20+ machines, Intensive or Comprehensive Scans will be a lot slower
But remember: the more information you have on a machine, the better will Armitage decide what exploits you can and cannot use on it
![[Image: yMARv.png]](http://i.imgur.com/yMARv.png)
Step 4:
Enter the IP address range
172.16.2.1-6 means: from 172.16.2.1 to 172.16.2.6
![[Image: 1PZC0.png]](http://i.imgur.com/1PZC0.png)
Step 5:
This is what you will have once you have finished your scan
Note: OS Detection won't always find the OS of the machine. If you know it, you can right click it and define it under the "Host" menu
![[Image: C9OjL.png]](http://i.imgur.com/C9OjL.png)
Step 6:
IMPORTANT: I'm only adding that machine because I know it's vulnerable. Ignore it for now
![[Image: ALtST.png]](http://i.imgur.com/ALtST.png)
Step 7:
Select all the machines (Drag or Ctrl + Left-click)
Right-click any machine and select "Scan"
![[Image: 07Y3v.png]](http://i.imgur.com/07Y3v.png)
Step 8:
Wait until you see this on the console part of the screen
Note: This is only to be sure you have the information you need about the machines
Or in some cases, to get a little more information about the machines
I recommend you always do it
![[Image: Wu7oV.png]](http://i.imgur.com/Wu7oV.png)
Step 9:
Select "Find Attacks" from the "Attacks" menu (image 1) and then "OK" once it has finished
![[Image: JhU2I.png]](http://i.imgur.com/JhU2I.png)
Step 10:
Select "Hail Mary" from the "Attacks" menu
Note: You can Right-click each machine and manually run any exploits you want from the "Attack" menu
The Hail Mary is described in the Important Information section in the beginning
![[Image: IjlXP.png]](http://i.imgur.com/IjlXP.png)
Step 11:
Wait while the attack is finished
IMPORTANT: As you can see, the machine in red has been infected
I now have full access to it. (It's the one I added later, just to show you how it looks like)
![[Image: liRD9.png]](http://i.imgur.com/liRD9.png)
Step 12:
Right-click any infected machines and select what you want from the "Shell #" menu
VERY IMPORTANT: The machine in my example is running UNIX. In the end of the tutorial you can see what it would look like if it was a Windows machine
![[Image: SNyOY.png]](http://i.imgur.com/SNyOY.png)
Step 13:
After selecting "Interact" I issued the "ls" command on the console just to show you the basic of what you can do
The sky is the limit
![[Image: BQuNp.png]](http://i.imgur.com/BQuNp.png)
Extra:
Here is what it would look like if the infected machine was running Windows
Instead of the "Shell #" you have "Meterpreter #"
You have many more options, including "Screenshot" and "Capture all keyboard input"
![[Image: 7RxhP.png]](http://i.imgur.com/7RxhP.png)
As far as I know, this only works on a Lan.Than
I've tried to do this over the internet with no success, but it might be possible.
Mag-post ng isang Komento