Armitage UI for Metasploit v03.10.11 Released
Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and manuver. This section describes these features at a high-level, the rest of this manual covers these capabilities in detail.
For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.
Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.
For those of you who are hacking post-2003, Armitage exposes the client-side features of Metasploit. You can launch browser exploits, generate malicious files, and create Meterpreter executables.
Once you’re in, Armitage provides several post-exploitation tools built on the capabilities of the Meterpreter agent. With the click of a menu you will escalate your privileges, dump password hashes to a local credentials database, browse the file system like you’re local, and launch command shells.
Finally, Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attacking other hosts and further investigating the target network. Armitage also exposes Metasploit’s SOCKS proxy module which allows external tools to take advantage of these pivots. With these tools, you can further explore and maneuver through the network.
Changelog
- Fixed race condition importing manual list of hosts (sometimes the file would get deleted). Grr.
- Added a lock to prevent multiple Armitage clients from trying to determine what OS a box has. This should help in CTF situations.
- Armitage YAML parser now accepts quoted strings in the YAML fields
- Added caching of sessions.list, db.hosts, and db.services to Armitage collaboration server. This should help prevent msfrpcd from overloading when many clients are connected and owning boxen at one time.
- Improved GUI responsiveness by making several parts of the Armitage GUI spawn a new thread to avoid blocking while communicating with Metasploit
- Added a tooltip to the “Start MSF” and “Connect” buttons to clarify use
- Export credentials button now prompts for a remote file when connected to a remote Metasploit instance.
- Export credentials and payload generate output now transparently downloads to your local host when connected to Armitage’s collab server.
- Armitage now loads stdapi in Meterpreter if it finds it’s not loaded. Armitage also prompts you to rerun the failed command when this happens.
- Right-click in services now shows popup for taking actions against selected hosts. Now you can do mass actions against hosts sorted by port.
- Added Access -> Persist to Meterpreter menu. This will run Meterpreter’s persistence script using the default Armitage handler. Meterpreter will start at boot and at login.
- Added an Armitage.app file for MacOS X. Use Armitage from OS X as a client to connect to Metasploit hosted in other places.
- Added a check for whether current working directory is writeable or not. If it’s not, Armitage does all of its read/write operations in home dir.