Remote Exploitation
◾
191
Just click on the “Connect” button, and it will ask you if you would like to start msfrpc service.
If it’s already started, it won’t ask.
In a minute or so, Armitage would start.
Compromising Your First Target from Armitage
We have already learned to use Metasploit to exploit Windows SMB service with
ms08 _ 067 _
netapi
service. Let’s perform the same task using armitage.
Enumerating and Fingerprinting the Target
The first step is of course gathering information about the target. Click on the “HOSTS” tab;
under the “Nmap Scan,” you will see a bunch of available scans. You might
be familiar with these
scans as they are taken from the GUI version of nmap, that is, zenmap.
In this case,
we choose the first one, which is “intense scan.” Next, a box would prompt asking
us to choose targets that we would like to perform the scan against. In this case,
I have chosen to
scan the whole network, that is, 172.16.222.1–255.
192
◾
Ethical Hacking and Penetration Testing Guide
Once
the scan is complete, it would look like this:
From the “targets” tab, we can see the icons representing the OS that we have found using
Armitage.
MSF Scans
MSF scans are an alternative method we can use in Armitage to enumerate and fingerprint the
target. MSF scans utilize metasploit’s auxiliary modules to perform
target enumeration and fin-
gerprinting tasks.
Importing Hosts
We can also import hosts from Nessus, Nmap, and various other scanners. There is a decent list of
scanners that we can
import hosts from such as Nmap, Nessus, netxpose etc. To import hosts from
your favorite scanners, click on the “host” tab at the top and then click on “import host”
and finally
select the appropriate file and click “Open”.
