A most searched term amongst the popular Ethical hacking terms. You are probably wondering what Armitage is!
That’s funny because you are searching on the web to get the best tools to exploit systems but you are not exploring the tools that come with Kali Linux.
Armitage is nothing but the GUI version of Metasploit. It gives the user a much better idea about what’s going on instead of typing complicated codes and leave it to Metasploit.
The best thing about Armitage is, its exploitation process is automated. Choosing exploits to execute, setting up hosts, running vulnerability analysis is just a job of few clicks.
Start the Armitage
Armitage can be found in the ‘Applications> Exploitation tools‘. But by default, it comes pinned on the dock.
To start Armitage, just click on it and wait for a few seconds to prompt you to connect to the local host. In the prompt don’t change anything and click on the ‘connect‘.
Once you click on connect, another prompt will appear asking you to start the Metasploit RPC server, just click on ‘yes‘.
Now it will take some time to connect to the remote host and will open up the Armitage interface.
Okay, the interface is loaded. The interface is a little bit confusing if you are using Armitage for, the first time. The interface above is the GUI and the console is going to show you what codes are running during the automated exploitation process to give you the full idea what’s going on.
The first section shows the preconfigured modules. You can see the modules are sorted in the terms of the auxiliary, exploit, payload, and the post and at the left side in the black area, it shows the active targets. We will look at that later.
Gathering the Target Information
To perform the exploitation process we’re using the Metasploitable2 machine. The first step is we’re going to use the Nmap scan to detect the OS of the system to be exploited by going to the Hosts> Nmap Scan> Quick Scan (OS detect) at the toolbar.
Detecting the OS is important because we’re going to use the modules depending on the OS. When will go to the Hosts> Nmap Scan> Quick Scan, it will open up a prompt asking to enter your target IP address. Put the IP and run the Nmap scan. After a few seconds, it will complete the scan and you will get the required details as you are seeing below.
In our case, we used the Metasploitable 2 machine IP address. It prompts a message when you complete your scan successfully and now you should see a computer icon with a little penguin in it in the first section which represents Linux. That means the machine is running Linux.
Initiating the Exploitation Process
Automating finding Exploits process
Just give it a few seconds to complete. Once it completed, it will give you a list of all the compatible exploits you can run on the target machine.
Now, if you right-click on the computer icon, in the ‘Attack‘ section you can see a list of all the services running on the target machine that we can crack. Now you can decide what exploit you are gonna execute!