upper-left column, you will see a list of categories. You can drill through them, just as
you would with any set of folders. You can also use the search edit box to perform the
same search of modules that we did previously.
Using exploits in Armitage is easy. Once you have found the exploit you want to use,
such as the RMI exploit used in the preceding example, you drag the entry from the
list on the left side onto one of the icons on the right. I took the
multi/misc/
java_rmi_server
exploit and dropped it onto 192.168.86.147, which is my Metasploit‐
able 2 system. You’ll be presented with a dialog box of options. Rather than having to
fill in the
LHOST
variable as we had to earlier, Armitage takes care of that for us.
Figure 5-2
shows the dialog box with the variables necessary to run the exploit. You’ll
also see a check box for a reverse connection. If the target system is exposed to exter‐
nal networks, you may be able to do a forward connection. This depends on whether
you can connect to the payload after it launches.
Firewalls, network address translation, and other security measures
can make this part challenging. If you attempt a forward connec‐
tion, your target needs to be open on the service port that you are
exploiting. The port associated with the payload also needs to be
accessible. If you use a reverse connection, the problem switches to
your end. Your host and the port you will be listening on need to be
accessible from your target.
Figure 5-2. Exploit launch in Armitage