Another advantage to Armitage is that you will get a new
tab at the bottom if you get
shells open on remote systems. You will still have your
msfconsole
session open to still
work in it without it being taken over by the shell you get.
Figure 5-3
shows a differ‐
ent way of interacting with your exploited system. If you look at the icon for the sys‐
tem with the context menu, you will see it is now wrapped in red lines, indicating the
system has been compromised. The context menu shows different
ways of interacting
with the compromised system. As an example, you can open a shell or upload files
using the Shell menu selection. At the bottom of the Armitage window, you can see a
tab labeled Shell 1. This provides command-line access to the system.
Figure 5-3. msfconsole in Armitage
The exploit we used was for a service that was running as the user daemon. There‐
fore, we are now connected to the system as that user.
We have only the permissions
the daemon user has. To gain additional privileges, we would have to run a privilege
escalation exploit. You may be able to use a post-exploitation module, which you can
access from the same context menu seen in
Figure 5-3
.
You may also need to stage
something yourself. This may require creating an executable on another system and
uploading it to your target system.
Social Engineering
Metasploit also sits underneath another program that provides useful functionality if
you want to attempt social engineering attacks. A common avenue of attacks is
phish‐
170 | Chapter 5: Automated Exploits
ing
: getting a user inside your target network to click a link they shouldn’t click, or
maybe open an infected attachment. We can use the social engineer’s toolkit (
setool‐
kit
) to help us automate these social engineering attacks.
setoolkit
takes most of the
work out of this. It will create emails with attachments
or clone a known website,
adding in infected content that will provide you access to the system of a targeted
user.
setoolkit
is menu driven, rather than having to type commands and load modules as
you have to in
msfconsole
. It also has a lot of attack functionality built into it. We’re
going to focus on just the social engineering menu.
Example 5-19
is the social engi‐
neering menu, and from this,
we can select phishing attacks, website generation
attacks, and even creation of a rogue access point.
Example 5-19. Social engineer toolkit
The Social-Engineer Toolkit is a product of TrustedSec.
Visit: https://www.trustedsec.com
It
'
s easy to update using the PenTesters Framework!
(
PTF
)
Visit https://github.com/trustedsec/ptf to update all your tools!
Select from the menu:
1
)
Spear-Phishing Attack Vectors
2
)
Website Attack Vectors
3
)
Infectious Media Generator
4
)
Create
a Payload and Listener
5
)
Mass Mailer Attack
6
)
Arduino-Based Attack Vector
7
)
Wireless Access Point Attack Vector
8
)
QRCode Generator Attack Vector
9
)
Powershell Attack Vectors
10
)
SMS
Spoofing Attack Vector
11
)
Third Party Modules
99
)
Return back to the main menu.
set
>
setoolkit
walks you through the entire process, asking questions along the way to help
you craft a successful attack. Because of the number of modules that are available
from Metasploit, creating attacks can be overwhelming because you will have many
options.
Example 5-20
shows the list of file formats that are possible from selecting a
spear-phishing attack and then selecting a mass mailing.
