21.Hacking With Armitage

I think that Kali or Backtrack Users may came to hear the name of ARMITAGE.
Yeah it's a cool Attack Kit included in both kali and backtrack.To be quick It's a Simple Attack Management Interface for Metasploit and it's more ease of use for newbies.Today I'll cover a Step by Step tutorial on attacking live host machine.

 Requirements:

1.Backtrack or Kali Linux Distributions
2.Armitage

Step 1:(Opening armitage)

[Image: KNfyH.png]


Step 2:(Connecting through Armitage)

[Image: jyxPt.png]















 [Image: Uz8ms.png]

 Step 3:(Making a Quick Scan to OS detect Hosts)

Here i just used Quick Scan(OS Detect) method of nmap scan.But You can too Use all other methods for your Convinience.


 [Image: yMARv.png]


Step 4:(Enter The Host IP address)
  
Here Enter the Host IP Address or IP address range for nmap to Scan 
 
 [Image: 1PZC0.png]


 Step 5:(OS Detection Finished)
This is how it looks when Armitage Finds out OS of The Target host.

 
 [Image: C9OjL.png]


Step 6:(Scanning the machine)

once the OS Detection has been finished.Right Click on the Target machine and choose the Scan option attached to it.
  
 [Image: 07Y3v.png]


 And wait untill you see this on console at bottom.
[Image: Wu7oV.png]


 Step 7:(Finding Attacks)

Once the Scan is completed.Do this Attacks-->Find Attacks

[Image: JhU2I.png]

And After Finding Attacks has finished Do Attacks-->Hail Marry

[Image: IjlXP.png]

Step 8:(Making Interaction with Target Machine)

And Once The Launching Exploits tab disappears right click on Red Colored machine and choose Interact option(If target is Linux machine) & Meterpreter (If target is windows machine)
[Image: SNyOY.png]

You will see a shell session is opened at bottom CLI.That's it !! BOOM !!
Play Around Little Providing Commands.Here i used "ls" command.

[Image: BQuNp.png]
Thanks Firends..Happy Hunting .. :)

Comments

Post a Comment

Popular posts from this blog

Image
9. SQL Injection: A Step-by-Step Tutorial   SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. Step-by-Step tutorial for SQL Injection Step 1:  Find a website that is vulnerable to the attack. This is the first step in SQLi and like every other hack attack is the most time consuming, and is the only time consuming step. Once you get through this, rest is a cake-walk. Now, let us all know what kind of pages are vulnerable to this attack. We are providin...
Read more
Image
10.XSS ATTACKS What is XSS? Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users. In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the infected or a specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.  Example : Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password. It will be helpful for understanding XSS , if you have the following prerequisit...
Read more
Image
18.Automated Padding Oracle Attacks with PadBuster      There’s been a lot of buzz recently about Padding Oracle Attacks, an attack vector demonstrated by Juliano Rizzo and Thai Duong during their presentation at BlackHat Europe earlier this summer. While padding oracles are relatively easy to exploit, the act of exploiting them can be time consuming if you don’t have a good way of automating the attack. The lack of good tools for identifying and exploiting padding oracles led us to develop our own internal padding oracle exploit script, PadBuster, which we’ve decided to share with the community . The tool can be downloaded here , here I’ll spend a little bit of time discussing how the tool works and the various use cases it supports. Some Background : Before we discuss using PadBuster, let’s briefly discuss the fundamentals of a classic padding oracle attack. As the term implies, a critical concept behind a padding oracle attack is the n...
Read more