Thursday, December 16, 2010

HOWTO : No skill hacking with Armitage on Back|Track 4 R2

*** WARNING : This tutorial is for education purpose only. It alert you to update your system once there is any patch or update available. Please do not hack any website, computer and/or network without authorization. Otherwise, you will be put into the jail. ***

Prerequisites

In order to complete this tutorial, you should have an Ubuntu or Windows system as host. Back|Track 4 R2 and Metasploitable as clients on VirtualBox 3.2.

You can download Back|Track 4 R2 at here and Metasploitable at here. Metasploitable is an Ubuntu Server 8.04 that installed some applications with flaws that can be exploited.

The installation of Back|Track 4 R2 is here.

The network interfaces of Back|Track 4 R2 on VirtualBox 3.2 are "NAT and "Host Only (vboxnet0)". The network interface of Metasploitable is "Host Only (vboxnet0)".

The Armitage should be installed on Back|Track 4 R2 and the tutorial is here.

Step 0 :

Run the Metasploitable on VirtualBox first. The IP address should be 192.168.56.101. The run Back|Track 4 R2 on VirtualBox the next and the IP address should be 10.x.x.x of eth0.

Step 1 :

On the Back|Track 4 R2, run the following command to make sure eth0 and eth1 are up and have their IPs.

/etc/init.d/networking restart

Step 2 :

Run the following commands to launch Armitage.

/etc/init.d/mysql start
cd /pentest/exploits/armitage
./armitage.sh


Step 3 :

Select "Use SSL" and click "Start MSF".

Then, "Using database driver mysql" message box will be displayed. Click "OK".

Step 4 :

Select "Host" -- "Nmap Scan" -- "Intense Scan, all TCP ports"

Wait for the scanning complete.

Step 5 :

Select "Attacks" -- "Find Attacks" -- "by port".

Wait for the scanning complete.

Step 6 :

Select "Attacks" -- "Hail Mary" -- "by port".

Wait for the "Monitor" image to change to red colour. If so, the target is exploited. Then, right click on the "Monitor" image and select "Shell". To check if the target is privilege escalated by issuing "whoami" on the Shell. If it shows "root", you are successfully owned the target.



That's all! See you.