Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.

Published byCecilia Cross Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida."— Presentation transcript:

1 Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida

2 Acknowledgement Some contents are from the book:
“The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy”, Second Edition

3 Metasploit Attack Style and Limitation
From what we learnt so far, we know that Metasploit has the following features: You need to know what vulnerability to exploit to use metasploit (attack after scanning/gathering stage) It is a pin-point attack to a specific target (like a sniper style attack) It is command-line based attack Advantages: Stealthy: little attack traffic generated Enable stepping stone attack initiated from multiple compromised hosts Disadvantages: Need to know vulnerability beforehand Command line operation requires experiences

4 Armitage: User-friendly Attacking Tool
Pre-installed in Kali Linux GUI front-end for metasploit for easy to use Machine-gun style metasploit attack No need to specify a detected vulnerability in target After specifying a target, Armitage will: Conduct port scanning to the target Throw all known exploit modules to the target based on scanning results! Attacker can relax and wait for successful compromise

5 Armitage: User-friendly Attacking Tool
Disadvantages: Noisy attack, easy to be detected Hard to do stepping stone style attack

6 Starting Armitage in Kali Linux
Click “Connect” when a pop-up window shows Select “Yes” when asking to start metasploit RPC server

7 Starting Armitage in Kali Linux
If the following Message shows up, you need to run ‘msfdb init’ and then start the SQL service by “service postgresql start’

8 Use Armitage to Attack Vulnerable VMs
Network scenario (all VMs runs in ‘NAT network’ network mode): Kali Linux attack VM: Vulnerable WinXP VM: Metasploitable Linux VM:

9 Use Armitage to Attack Vulnerable VMs
First, scan local subnet to find local targets Select menu “Hosts” “Nmap Scan”  “Quick Scan (OS Detect)” Let it scan /24 subnet The 2 target VMs will show up with their OS information You can remove uninterested target from the target list to reduce attack noise

10 Use Armitage to Attack Vulnerable VMs
Then, build attack module lists Select menu “Attacks” “Find Attacks” Only scannerble vulnerabilities found, not those ‘Drive-by Download’ browser bugs Generate a lot of scanning traffic! All possible attacks are added to each target machine

11 Use Armitage to Attack Vulnerable VMs
Individual target attack Select a target, right click to show pop-up menu You can choose one available attack module to attack The figure shows possible attack to SMB on the vulnerable WinXP

12 Use Armitage to Attack Vulnerable VMs
Successful Exploit When selecting MS08-067_netapi bug, the vulnerable WinXP is successfully compromised The WinXP becomes outlined in red lightning bolts! Yay!

13 Use Armitage to Attack Vulnerable VMs
Now you can choose any available payloads Right click the compromised target, you can see available payload In this example, Meterpreter session is enabled

14 Use Armitage to Attack Vulnerable VMs
Easiest way: Hail Mary flooding attack Click menu “Attacks” “Hail Mary” Armitage will throw all available attacks to all targets Very noisy, lots of attack traffic!!! Both WinXP and Metasploitable VMs are compromised, 6 attack sessions have been created!

Download ppt "Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida."

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Presenter: Robbie Corley Organization: KCTCS

Presenter: Robbie Corley Organization: KCTCS
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.

© 2010 – MAD Security, LLC All rights reserved ArmitageArmitage A Power User’s Interface for Metasploit.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
bWAPP – Bee Bug – Installation

bWAPP – Bee Bug – Installation
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Penetration Testing 101 (Boot-camp)

Penetration Testing 101 (Boot-camp)
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.

1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.
Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.

Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.
JMU GenCyber Boot Camp Summer, 2015. “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

Similar presentations

Ads by Google