Type : Tutorial (How to Use Armitage on Backtrack 5 R2 to Hack Windows)
Level : Medium
Target O.S : Windows XP SP0
Attacker O.S : Backtrack 5 R2
Long time I didn't wrote a tutorials about how to use Armitage…actually yesterday I have already wrote about How to Set Up Armitage on Backtrack 5 R2 and now I'm try to wrote a simple tutorial about step by step how to use Armitage to perform an attack.
In this tutorial I will scan the whole network of my lab PC(my own PC's) and mapping it using Armitage, and then set up a VNC viewer as my payload to view victim computer screen.
Once again I told you that this tutorial maybe didn't work if you have some antivirus in your victim PC, but the point I want to deliver here was the logic how to perform the attack by using this Armitage automatic exploitation tools.
1. Armitage 052112 I'm use this version (If you use Backtrack 5 R2 this package already there)
if you have problem to start using your Armitage, you can view the set up tutorial in this page(setup armitage in backtrack 5 R2).
1. For the first step, of course you need to start your Armitage. You can view the tutorial here about setup armitage on backtrack 5 r2
2. Choose Host → MSF Scans (You also can use Nmap scans)
and then enter your scan range address. You can use single IP address, or CIDR notation, or IP address range(e.g 192.168.1.100 – 192.168.1.110)
If there's other PC's on your network you also can view in this window as the result.
3. Armitage has automatic exploitation feature called Hail Mary. According to Armitage website :
If manual exploitation fails, you have the hail mary option. Attacks -> Hail Mary launches this feature. Armitage's Hail Mary feature is a smart db_autopwn. It finds exploits relevant to your targets, filters the exploits using known information, and then sorts them into an optimal order.
In this case I will use Hail Mary feature, even though you also can use manual exploitation for more specific targets.
4. After Hail Mary finish scans the hosts and found a vulnerable host on your network, it will show a red color PC image, but if you found nothing, then maybe you can try using a manual exploitation to exploit the target.