Now we get a GUI about connecting to the database and our Metasploit XMLRPC instance:
Put in the correct information and off we go. Yay, a GUI:
Once started, we need some targets. How about some targets from Nessus? We can import Targets into Armitage from all sorts of inputs…
From a scan completed Nessus scan, I select only the high severity results, then downlaod the report.
I picked the .nessus (XML) v1. I tried the v2 but had a crash on import. this works repeatedly. (of course we can use nmap, even direct from Armitage.)
Oooh, look, targets! Ok, so what do we attack with? Let's have Armitage find attacks with Attacks, find attacks by port.
Once done we get this nice attack menu now when we right click. We can go through them methodically, which can be good…
or we can go for the Hail Mary, otherwise known as db_autopwn.
It works, for sure, but I'm not convinced. I thin the by port works better (more tries) than by vulnerability…by vulnerability, I've had it try stuff that didn't work across the board and have them be vulnerable to other items. I think this stems form the fact that we haven;t really discovered much about the targets. Either way, it will fire off a whole bunch of attacks:
Once an attack is successful, we can interact directly with a meterpreter session, or continue to navigate the menus:
So, it works, it works well, but there are some issues in how I like to use it for legitimate purposes. For example: