What is the password for Armitage? What is Armitage hacking? What is Armitage tool?

How to Use Armitage

Armitage is a scripting tool that works with Metasploit, which is one of the major tools in a penetration tester’s toolbox. Metasploit is essentially a framework that has modular code libraries, used to design custom payloads and attacks. It’s used for discovering weaknesses and exploiting vulnerabilities. Armitage fits in as a graphical user interface (GUI) that plugs in to Metasploit. It allows penetration testers to have a visual representation of the textual information that’s presented through Metasploit. But, it’s more than just that.

Armitage also allows users to share the same session (and instance information) in Metasploit, making it possible to help more than one user carry out a test or attack. Being able to share sessions allows for teamwork during pentesting exercises. Additionally, Armitage has many features that are useful to all penetration testers and information security professionals. You'll learn about many of these in this Armitage tutorial.

Why Use Armitage?

Armitage for Metasploit is beneficial to users in many ways. It offers features that make penetration testing much easier. This tool not only makes testing easier, it also helps save time, as well as making managing targets more effectively.

There are many advantages to using Armitage, including the following:

  • It recommends the exploits, offers post-exploitation features, and also offers a very useful visualization of targets.
  • It allows users to share sessions, captured information, downloaded files, and control of captured hosts.
  • It provides a shared event log that updates and informs all team members on the status of the test or attack.
  • It contains additional tools including bots that aid in automating tasks. It assists users to capture, combine, and organize Metasploit tools into a user-friendly interface with more accessibility.
  • It offers tools that help better target management, which helps manage attacks and recon operations for many hosts.
  • It is able to import data sets from other sources (like scanners).

Armitage is a GUI that makes use of the concept of dynamic workspaces. It’s an environment that allows users to quickly change targets in attacks, the type of attacks being carried out, as well as other parameters.

For more information about the Armitage tool, and to learn to use it, check out this Armitage tutorial. The class provides you with a comprehensive overview of Armitage and how it works.

DON’T FORGET:- Hack a Windows Computer By Using a Simple Payload

This tool is developed by Raphael Mudge which is released in November 2013. Its main motive is to teach hacking more accurately to security experts and also shows the strength of Metasploit. This tool is by default present on the Kali Linux.

Getting Started with Armitage and the Metasploit Framework (2013)

  • Starting Kali Linux. The best way to start playing with Armitage is to download Kali Linux and run it in a virtual...
  • Use Java 1.7. Kali Linux ships with Java 1.6 and Java 1.7. Java 1.6 is the default though and for some people–this...
  • Installing Armitage. Your version of Kali Linux may not include Armitage. ... Next, you need to start the Metasploit...
  • Updating the Metasploit Framework. Use the msfupdate command to update the Metasploit Framework to..

Let’s Start The Hacking :-

Open Your Armitage tool which is present on the right side menu and you can also start this tool via typing Armitage on your terminal. Now, this tool will ask you for configuring any setting.

Make sure you start your postgresql server by typing service postgresql start

Don’t do any changes click on Connect. after clicking on Connect, Click on Yes. Now, this will start opening your Armitage tool.

configuring armitage

connect to metasploit

This is the interface of Armitage tool. On the Left Side, There are so many payloads present as you can use. It’s a very huge list of payloads. You can try each payload one by one.

armitage interface

Now, you have to scan your Network for different devices which are connected to your network. To scan a network, Just go to Host => Nmap Scan => Quick Scan With OS detection.

Now, type your Network Range to scan. For ex:- My range is 192.168.0.0/24. Here, /24 is used because We use Class C IP address and In class C IP address Network bit is present 3 times. Each bit’s size is 8. So, the total of Network bit is 24. That’s why I type here /24.

scan network

Now, I completed my scan and Armitage scanned 4 systems here. First is Router and other three are Mobile Phones. I will hack 192.168.0.103 IP device.

scan complete

Now, you have to make a msfvenom and also send this venom to the victim’s device. Once you make the payload setup your Armitage tool to perform the attack. Go To Exploit => Payloads => Android => meterpreter/reverse_tcp  When you click on meterpreter/reverse_tcp it will ask for the local IP and port. Insert your IP address and port here and click on Launch.

configuring setup

Now, you are ready to perform the hack. Just send your payload to your victim. Once the victim clicks on your payload then you got your meterpreter session here. You can see here all the commands which you type on Metasploit are automatically typed.

all settings are done

Once you got the meterpreter session the device seems that it is trapped by someone. You can see here I got the meterpreter session here.

device hack

Right Click on the hack device. you can see there are so Armitage is a very good tool for beginners. This helps you a lot. Armitage makes the learning of Metasploit so easier and less painful.

# How Armitage adds extra functions and makes it more powerful and user friendly ? → One of the best and important feature is that it recommends and run active checks to all the exploits which will work. Every pen tester/hacker needs to follow certain protocols to get as much possible information of the system the system/networks/targets/victims. The correct method of conducting a pen test is by following the rules : a) Reconnaissance b) Social Engineering and site/target reconnaissance c) IP and Network Reconnaissance d) DNS Reconnaissance e) Mapping Targets f) Network Mapping (ICMP) g) Port Scanning h) Vulnerability - both Network based OS and application interrogation. i) Researching and probing vulnerabilities. 

And in the most simple way we can just say that we have only 3 options a) Footprinting b) Scanning c) Enumeration To perform all these tasks we have to use different tools and it will consume a lot of time too. This is where Armitage come handy to solve all the problems under one framework. Although Metasploit is also capable of performing almost all of these tasks but the basic difference that Armitage has a user friendly GUI almost like point and click. 


NOTE : I will be using Armitage over BT5, so all the descriptions will be similar to *nix distros. Starting up Armitage : As I will be using Armitage on BT5 so it is by default installed on it, those who are running different OS can check the site for downloading and installing Armitage according to there OS. The very first screen you will see will look like this above one which is the path to start up Armitage.

 Now when we click over the Armitage option we will move on to the second stage 

Once you click the connect option, you will be greeted with this second windows. As seen in this screen-shot Armitage is asking to connect itself with the Metasploit RPC server which is not running as of now.

So here we can see the main Armitage window has three main panels : Modules, Targets and Tabs. We can click on the individual panels to resize them according to our needs. The different machines which we can see in the Targets panel are there because my old sees ion are open there, but otherwise it will be blank. 

Let us have a look about the different panels and some brief description about them. Let us start with “Modules” – The Module browser gives us the options to launch Metasploit auxilary modules, throw an exploit, generate a payload and run a post-exploitation module. By clicking on the individual modules we can see the tree to lauch desired module. Double click a module to open a module launch.

dialog. Now let's come to the “Target Window”, here we have two options to arrange/view the targets. 1. Graph View 2. Table View In the following screens shot the targets are already selected as “Graph View” so this is what your screen will look like when you select the targets to be viewed as “Graph View”  

Now the question comes that which exploit to use which comes with experience or otherwise there is always Google to help you if you get stuck somewhere. Some exploit in Metasploit implement a check function. What these check functions do is connect to the host and check if the exploit applies there or not. This is where Armitage is helpful to use these check exploits to help to choose the right exploit when there are many options. Like targets listening on port 80, like in our target also will show several web application after we Find Attacks. Click on Check exploits... menu to run the check command. Once all the checks are complete we can use Ctrl F and search for vulnerable.

 This will lead us to the right exploit. Ok so we got our exploit, what now ?? Well the next step is Launching Exploits. So here we go : Here the exploit launch dialogue box lets us configure options for a module and choose whether to use a reverse connect payload. Once we click the launch option the exploit will execute itself to pwn the target and the result can be seen on the exploit tab. Here we can easily see that what's going on while our exploit is running and whether it is successful or not. 

Armitage will make the host red and surround it with lightning bolts. Metasploit will also print a message to any open console. Armitage has one more method of exploiting the target which is otherwise called as “Automatic Exploitation”. Automatic Exploitation In case our manual exploitation fails we have one more option to do it in an automatic manner which is also refereed as “Haile Marry.

Frequently Asked Questions

People are also reading: