Published on August 2nd, 2012 | by NJ Ouchn


Blackhat Arsenal 2012 Releases : Armitage Cyber Attack Management for Metasploit v07.27.12 with Cortana

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and manuver. This section describes these features at a high-level, the rest of this manual covers these capabilities in detail.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

For those of you who are hacking post-2003, Armitage exposes the client-side features of Metasploit. You can launch browser exploits, generate malicious files, and create Meterpreter executables.

Once you’re in, Armitage provides several post-exploitation tools built on the capabilities of the Meterpreter agent. With the click of a menu you will escalate your privileges, dump password hashes to a local credentials database, browse the file system like you’re local, and launch command shells.

Finally, Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attacking other hosts and further investigating the target network. Armitage also exposes Metasploit’s SOCKS proxy module which allows external tools to take advantage of these pivots. With these tools, you can further explore and maneuver through the network.

With Raphael Mudge during Blackhat Arsenal

Raphael hypnotizing the crowd at the Arsenal US 2012

The Blackhat New Release

It was a big fun to meet again Raphael Mudge and noticed how Armitage has been improved since last year. This piece of software now becomes a major toolkit for any pentester. I had wonderful discussion with him and realized how much he was passionate and extremely smart guy. I will have opportunity to introduce the newest commercial software CobaltStrike, the R’ newest venture, in another Review Post.

Raphael introduces the new Armitage release with the support of Cortana. An awesome Scripting Language to add tons of fun into Armitage & Metasploit.

Cortana  is  a  penetration  tester’s  scripting  language  inspired  by  scriptable  IRC  clients   and  bots.  Its  purpose  is  two-­‐fold.  You  may  create  long  running  bots  that  simulate   virtual  red  team  members,  hacking  side-­‐by-­‐side  with  you.  You  may  also  use  it  to  extend  the  Armitage  GUI  for  the  Metasploit  Framework.  To  prevent  self-­‐aware  bots from  taking  over  the  world,  Cortana  has  blanket  safety  features  to  provide  positive control  when  enabled.
Cortana Features
  • Cortana  provides  the  logic  necessary  to  connect  to  and  interact  with  an Armitage  and  Metasploit  team  server.
  • Cortana  scripts  transparently  coexist  with  human  operators  and  other  Cortana  scripts.  Deconfliction  of  multiple  actor is built  into  the  product.
  •  Cortana  features  an  interactive  console  to  trace  functions,  gather  performance  statistics,  and  manage  scripts.
  • Cortana  includes  an  intuitive  abstraction  to  control  Metasploit,  interact  with  Meterpreter,  and  interact  with  a  shell session.
  • Cortana  automatically  synchronizes  with  the  database  used  by  Metasploit  using  an  efficient  scheme.  Your  scripts  have  immediate  access  to  the engagement  dataset.  Your  scripts  may  also  subscribe  to  changes  in  the  database
  • Cortana  provides  simple  tools  to  extend  the  Armitage  software  and  provide  a  capable  user  interface  for  your  features.

Here a good documentation about Cortana and how to use with Armitage

Here is a sample of autopwing a vulnerable MS08-067 Winboxes

# auto exploit any Windows boxes
on service_add_445 {
    println("Exploiting $1 (" . host_os($1) . ")");
    if (host_os($1) eq "Microsoft Windows") {
        exploit("windows/smb/ms08_067_netapi", $1);
    else {
        exploit("multi/samba/usermap_script", $1, $null, $null, 1);
on session_open {
    println("Session $1 opened. I got " . session_host($1) . " with " . session_exploit($1));
Next ToolsTube with Raphael Mudge talking about Armitage and Introducing CobaltStrike, The Armitage’s big brother.

Tags: , , , , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑