Description: This video shows some of the new features in Armitage for Metasploit 4.1. You'll see improved tab management features, more exploit feedback, VNC, brute forcing, token stealing, and an export data feature to aid reporting. You can learn more about Armitage at http://www.fastandeasyhacking.com/
Tags: armitage , metasploit , gui , metasploit 4.1 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Nice work. One of the things that might be interesting is an automated task to run a pass the hash with all hashes in memory against another host to determine if any of them are > 15 characters and wouldn't work. It's a little noisy, but it is something you could run towards the end.
Another interesting thing -- I agree on don't spit out reports -- but dumping a list of all hashes verified working, those that are verified longer than 15 characters or signed in XML or whatever might be nice. Just a way to easily dump "list of compromised" for an appendix in a report.
This way in an executive summary you can say something like "X hosts were compromised. Y user credentials were compromised. Z credentials were verified resistant to a pass-the-hash attack. Details of which hosts and user credentials available in appendix A. This allowed access to (list pain points)."
Good ideas:
WRT the automatic hash passing to check a set of dumped hashes--Armitage doesn't do anything to a compromised host automatically. I believe the user should be in control of the tool. I added the "try all credentials" option to make this type of thing easy to do manually though.
@ArmitageHacker -- I hadn't used the tool recently. I've been focused on other projects. The "try all credentials" options is exactly what I thought might be useful.
@ArmitageHacker: Can i post this video on my blog
www.insecurestuff.in
@Insecurestuff go for it. Anyone is welcome to repost any of my videos.
@ArmitageHacker Nice work thank you!
I've installed Metasploit 4.1 + Armitage on my MacBook (Lion), but when i click on a tab there is no submenu. Also I haven't a "event log" tab.... Whats wrong?
@Cyba3r The "event log" tab only exists when you're connect to Metasploit with Armitage teaming set up. It requires running a second program that connects to Metasploit. Take a look at: http://www.fastandeasyhacking.com/manual#multi
As for the tab: make sure you have a two-button mouse and that you right-click on the X. The tab itself doesn't have the mouse listener, just the X.
The "X" solve the problem ;-) Many thanks to you!
Hi
need ur help
I can't start armitage on Ubuntu 11.10
I've installed Metasploit 4.2.0 (/opt/metasploit-4.1.4/msf3/) using metasploit-latest-linux-installer.run msfupdate.
Terminal :
1. armitage
2. connect
3. yes
4. wait ...
5. Could not connect to database: Connection Refused
6. hit help
7./etc/init.d/framework-postgres start
bash: /etc/init.d/framework-postgres: No such file or directory
Please help and thx for the tool
keep going
@boomscud I have a pet peeve. I really dislike it when people ask for technical support in an unrelated comment thread. I usually ignore queries posted in places like this. It's not the place. I support Armitage and my email address is extremely easy to find (click Contact on the Armitage homepage). That said, someone else had the same issue. I looked into it and I reproduced the problem. It looks like the Metasploit installer was updated and the new one doesn't create this file. I've updated the troubleshooting guide (the Help button) with the solution to this problem. Next time, email me, post to the facebook group, or take some other appropriate action.
Sorry man I tried to contact people using IRC no one answers me. Thanks for your help
You are the best