The target
of the attack shown in
Example 5-18
is Metasploitable 2.
This is a Linux system that is deliberately vulnerable. Several vul‐
nerabilities can be targeted using Metasploit, so it makes an ideal
system to play with. You can download it as a VM image in
VMware’s format, which can be imported into other hypervisors if
needed.
Armitage
If you prefer GUI applications because your fingers
get tired of all the typing, fear
not. A GUI-based application sits on top of
msfconsole
. You will get all the functional‐
ity that you would with
msfconsole
except you will be performing some of the actions
using the graphical elements of Armitage. You can see the main window of Armitage
in
Figure 5-1
. You will notice icons at the top right of the window.
These represent the
hosts that Metasploit knows about as a result of doing the
db_nmap
scan as well as
the vulnerability scan. Either of these activities would result in the target being in the
database, and as a result, it would show up in Armitage.
Figure 5-1. Main Armitage window
You’ll also notice that at the bottom of the window is a text box with the
msf>
prompt. This is the same prompt that you would see if you were running
msfconsole
from the command line, because you are really in
msfconsole
.
You can type the same
commands that we have been talking about. Additionally, you can use the GUI. In the
168 | Chapter 5: Automated Exploits
upper-left column, you will see a list of categories. You can drill through them, just as
you would with any set of folders. You can also use the search
edit box to perform the
same search of modules that we did previously.
Using exploits in Armitage is easy. Once you have found the exploit you want to use,
such as the RMI exploit used in the preceding example, you drag the entry from the
list on the left side onto one of the icons on the right. I took the
multi/misc/
java_rmi_server
exploit and dropped it onto 192.168.86.147, which is my Metasploit‐
able 2 system. You’ll be presented with a dialog box of options. Rather than having to
fill in the
LHOST
variable
as we had to earlier, Armitage takes care of that for us.
Figure 5-2
shows the dialog box with the variables necessary to run the exploit. You’ll
also see a check box for a reverse connection. If the target system is exposed to exter‐
nal networks, you may be able to do a forward connection. This depends on whether
you can connect to the payload after it launches.
Firewalls, network address translation, and other security measures
can make this part challenging. If you attempt a forward connec‐
tion, your target needs to be open on the
service port that you are
exploiting. The port associated with the payload also needs to be
accessible. If you use a reverse connection, the problem switches to
your end. Your host and the port you will be listening on need to be
accessible from your target.
Figure 5-2. Exploit launch in Armitage
